From 0610ae2d21d08a1e13d42e672362fdd05c72f33a Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 31 Jan 2017 13:16:36 +0100 Subject: Fixed issues caused by (invalid) protocol renumbering. The problem has been solved and now protocols are in sync with its previous values in the stable version --- src/include/ndpi_protocol_ids.h | 459 +++++++++++++------------- src/lib/ndpi_content_match.c.inc | 624 ++++++++++++++++++------------------ src/lib/ndpi_main.c | 30 +- src/lib/protocols/hangout.c | 16 +- src/lib/protocols/http.c | 10 +- src/lib/protocols/kakaotalk_voice.c | 10 +- src/lib/protocols/kxun.c | 12 +- src/lib/protocols/ssl.c | 4 +- 8 files changed, 596 insertions(+), 569 deletions(-) (limited to 'src') diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 0bc70ff5d..e278ea260 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -36,241 +36,246 @@ #define NDPI_PROTOCOL_NO_MASTER_PROTO NDPI_PROTOCOL_UNKNOWN -#define NDPI_PROTOCOL_IP_VRRP 73 -#define NDPI_PROTOCOL_IP_IPSEC 79 -#define NDPI_PROTOCOL_IP_GRE 80 -#define NDPI_PROTOCOL_IP_ICMP 81 -#define NDPI_PROTOCOL_IP_IGMP 82 -#define NDPI_PROTOCOL_IP_EGP 83 -#define NDPI_PROTOCOL_IP_SCTP 84 -#define NDPI_PROTOCOL_IP_OSPF 85 -#define NDPI_PROTOCOL_IP_IP_IN_IP 86 -#define NDPI_PROTOCOL_IP_ICMPV6 102 +#define NDPI_PROTOCOL_UNKNOWN 0 +#define NDPI_PROTOCOL_FTP_CONTROL 1 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_MAIL_POP 2 +#define NDPI_PROTOCOL_MAIL_SMTP 3 +#define NDPI_PROTOCOL_MAIL_IMAP 4 +#define NDPI_PROTOCOL_DNS 5 +#define NDPI_PROTOCOL_IPP 6 +#define NDPI_PROTOCOL_HTTP 7 +#define NDPI_PROTOCOL_MDNS 8 +#define NDPI_PROTOCOL_NTP 9 +#define NDPI_PROTOCOL_NETBIOS 10 +#define NDPI_PROTOCOL_NFS 11 +#define NDPI_PROTOCOL_SSDP 12 +#define NDPI_PROTOCOL_BGP 13 +#define NDPI_PROTOCOL_SNMP 14 +#define NDPI_PROTOCOL_XDMCP 15 +#define NDPI_PROTOCOL_SMB 16 +#define NDPI_PROTOCOL_SYSLOG 17 +#define NDPI_PROTOCOL_DHCP 18 +#define NDPI_PROTOCOL_POSTGRES 19 +#define NDPI_PROTOCOL_MYSQL 20 +#define NDPI_PROTOCOL_HOTMAIL 21 +#define NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK 22 +#define NDPI_PROTOCOL_MAIL_POPS 23 +#define NDPI_PROTOCOL_APPLEJUICE 24 +#define NDPI_PROTOCOL_DIRECTCONNECT 25 +#define NDPI_PROTOCOL_SOCRATES 26 +#define NDPI_PROTOCOL_COAP 27 +#define NDPI_PROTOCOL_VMWARE 28 +#define NDPI_PROTOCOL_MAIL_SMTPS 29 +#define NDPI_PROTOCOL_FILETOPIA 30 +#define NDPI_PROTOCOL_UBNTAC2 31 /* Ubiquity UBNT AirControl 2 - Thomas Fjellstrom */ +#define NDPI_PROTOCOL_KONTIKI 32 +#define NDPI_PROTOCOL_OPENFT 33 +#define NDPI_PROTOCOL_FASTTRACK 34 +#define NDPI_PROTOCOL_GNUTELLA 35 +#define NDPI_PROTOCOL_EDONKEY 36 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_BITTORRENT 37 +#define NDPI_PROTOCOL_EPP 38 +#define NDPI_CONTENT_AVI 39 +#define NDPI_CONTENT_FLASH 40 +#define NDPI_CONTENT_OGG 41 +#define NDPI_CONTENT_MPEG 42 +#define NDPI_CONTENT_QUICKTIME 43 +#define NDPI_CONTENT_REALMEDIA 44 +#define NDPI_CONTENT_WINDOWSMEDIA 45 +#define NDPI_CONTENT_MMS 46 +#define NDPI_PROTOCOL_XBOX 47 +#define NDPI_PROTOCOL_QQ 48 +#define NDPI_PROTOCOL_MOVE 49 +#define NDPI_PROTOCOL_RTSP 50 +#define NDPI_PROTOCOL_MAIL_IMAPS 51 +#define NDPI_PROTOCOL_ICECAST 52 +#define NDPI_PROTOCOL_PPLIVE 53 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_PPSTREAM 54 +#define NDPI_PROTOCOL_ZATTOO 55 +#define NDPI_PROTOCOL_SHOUTCAST 56 +#define NDPI_PROTOCOL_SOPCAST 57 +#define NDPI_PROTOCOL_TVANTS 58 +#define NDPI_PROTOCOL_TVUPLAYER 59 +#define NDPI_PROTOCOL_HTTP_DOWNLOAD 60 +#define NDPI_PROTOCOL_QQLIVE 61 +#define NDPI_PROTOCOL_THUNDER 62 +#define NDPI_PROTOCOL_SOULSEEK 63 +#define NDPI_PROTOCOL_SSL_NO_CERT 64 /* SSL without certificate (Skype Ultrasurf?) - ntop.org */ +#define NDPI_PROTOCOL_IRC 65 +#define NDPI_PROTOCOL_AYIYA 66 +#define NDPI_PROTOCOL_UNENCRYPED_JABBER 67 +#define NDPI_PROTOCOL_MSN 68 +#define NDPI_PROTOCOL_OSCAR 69 +#define NDPI_PROTOCOL_YAHOO 70 +#define NDPI_PROTOCOL_BATTLEFIELD 71 +#define NDPI_PROTOCOL_QUAKE 72 +#define NDPI_PROTOCOL_IP_VRRP 73 +#define NDPI_PROTOCOL_STEAM 74 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_HALFLIFE2 75 +#define NDPI_PROTOCOL_WORLDOFWARCRAFT 76 +#define NDPI_PROTOCOL_TELNET 77 +#define NDPI_PROTOCOL_STUN 78 +#define NDPI_PROTOCOL_IP_IPSEC 79 +#define NDPI_PROTOCOL_IP_GRE 80 +#define NDPI_PROTOCOL_IP_ICMP 81 +#define NDPI_PROTOCOL_IP_IGMP 82 +#define NDPI_PROTOCOL_IP_EGP 83 +#define NDPI_PROTOCOL_IP_SCTP 84 +#define NDPI_PROTOCOL_IP_OSPF 85 +#define NDPI_PROTOCOL_IP_IP_IN_IP 86 +#define NDPI_PROTOCOL_RTP 87 +#define NDPI_PROTOCOL_RDP 88 +#define NDPI_PROTOCOL_VNC 89 +#define NDPI_PROTOCOL_PCANYWHERE 90 +#define NDPI_PROTOCOL_SSL 91 +#define NDPI_PROTOCOL_SSH 92 +#define NDPI_PROTOCOL_USENET 93 +#define NDPI_PROTOCOL_MGCP 94 +#define NDPI_PROTOCOL_IAX 95 +#define NDPI_PROTOCOL_TFTP 96 +#define NDPI_PROTOCOL_AFP 97 +#define NDPI_PROTOCOL_STEALTHNET 98 +#define NDPI_PROTOCOL_AIMINI 99 +#define NDPI_PROTOCOL_SIP 100 +#define NDPI_PROTOCOL_TRUPHONE 101 +#define NDPI_PROTOCOL_IP_ICMPV6 102 +#define NDPI_PROTOCOL_DHCPV6 103 +#define NDPI_PROTOCOL_ARMAGETRON 104 +#define NDPI_PROTOCOL_CROSSFIRE 105 +#define NDPI_PROTOCOL_DOFUS 106 +#define NDPI_PROTOCOL_FIESTA 107 +#define NDPI_PROTOCOL_FLORENSIA 108 +#define NDPI_PROTOCOL_GUILDWARS 109 +#define NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC 110 +#define NDPI_PROTOCOL_KERBEROS 111 +#define NDPI_PROTOCOL_LDAP 112 +#define NDPI_PROTOCOL_MAPLESTORY 113 +#define NDPI_PROTOCOL_MSSQL_TDS 114 +#define NDPI_PROTOCOL_PPTP 115 +#define NDPI_PROTOCOL_WARCRAFT3 116 +#define NDPI_PROTOCOL_WORLD_OF_KUNG_FU 117 +#define NDPI_PROTOCOL_SLACK 118 +#define NDPI_PROTOCOL_FACEBOOK 119 +#define NDPI_PROTOCOL_TWITTER 120 +#define NDPI_PROTOCOL_DROPBOX 121 +#define NDPI_PROTOCOL_GMAIL 122 +#define NDPI_PROTOCOL_GOOGLE_MAPS 123 +#define NDPI_PROTOCOL_YOUTUBE 124 +#define NDPI_PROTOCOL_SKYPE 125 +#define NDPI_PROTOCOL_GOOGLE 126 +#define NDPI_PROTOCOL_DCERPC 127 +#define NDPI_PROTOCOL_NETFLOW 128 +#define NDPI_PROTOCOL_SFLOW 129 +#define NDPI_PROTOCOL_HTTP_CONNECT 130 +#define NDPI_PROTOCOL_HTTP_PROXY 131 +#define NDPI_PROTOCOL_CITRIX 132 +#define NDPI_PROTOCOL_NETFLIX 133 +#define NDPI_PROTOCOL_LASTFM 134 +#define NDPI_PROTOCOL_WAZE 135 +#define NDPI_PROTOCOL_SKYFILE_PREPAID 136 +#define NDPI_PROTOCOL_SKYFILE_RUDICS 137 +#define NDPI_PROTOCOL_SKYFILE_POSTPAID 138 +#define NDPI_PROTOCOL_CITRIX_ONLINE 139 +#define NDPI_PROTOCOL_APPLE 140 +#define NDPI_PROTOCOL_WEBEX 141 +#define NDPI_PROTOCOL_WHATSAPP 142 +#define NDPI_PROTOCOL_APPLE_ICLOUD 143 +#define NDPI_PROTOCOL_VIBER 144 +#define NDPI_PROTOCOL_APPLE_ITUNES 145 +#define NDPI_PROTOCOL_RADIUS 146 +#define NDPI_PROTOCOL_WINDOWS_UPDATE 147 +#define NDPI_PROTOCOL_TEAMVIEWER 148 /* xplico.org */ +#define NDPI_PROTOCOL_TUENTI 149 +#define NDPI_PROTOCOL_LOTUS_NOTES 150 +#define NDPI_PROTOCOL_SAP 151 +#define NDPI_PROTOCOL_GTP 152 +#define NDPI_PROTOCOL_UPNP 153 +#define NDPI_PROTOCOL_LLMNR 154 +#define NDPI_PROTOCOL_REMOTE_SCAN 155 +#define NDPI_PROTOCOL_SPOTIFY 156 +#define NDPI_CONTENT_WEBM 157 +#define NDPI_PROTOCOL_H323 158 /* Remy Mudingay */ +#define NDPI_PROTOCOL_OPENVPN 159 /* Remy Mudingay */ +#define NDPI_PROTOCOL_NOE 160 /* Remy Mudingay */ +#define NDPI_PROTOCOL_CISCOVPN 161 /* Remy Mudingay */ +#define NDPI_PROTOCOL_TEAMSPEAK 162 /* Remy Mudingay */ +#define NDPI_PROTOCOL_TOR 163 /* Remy Mudingay */ +#define NDPI_PROTOCOL_SKINNY 164 /* Remy Mudingay */ +#define NDPI_PROTOCOL_RTCP 165 /* Remy Mudingay */ +#define NDPI_PROTOCOL_RSYNC 166 /* Remy Mudingay */ +#define NDPI_PROTOCOL_ORACLE 167 /* Remy Mudingay */ +#define NDPI_PROTOCOL_CORBA 168 /* Remy Mudingay */ +#define NDPI_PROTOCOL_UBUNTUONE 169 /* Remy Mudingay */ +#define NDPI_PROTOCOL_WHOIS_DAS 170 +#define NDPI_PROTOCOL_COLLECTD 171 +#define NDPI_PROTOCOL_SOCKS 172 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_MS_LYNC 173 +#define NDPI_PROTOCOL_RTMP 174 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_FTP_DATA 175 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_WIKIPEDIA 176 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_ZMQ 177 +#define NDPI_PROTOCOL_AMAZON 178 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_EBAY 179 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_CNN 180 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_MEGACO 181 /* Gianluca Costa */ +#define NDPI_PROTOCOL_REDIS 182 +#define NDPI_PROTOCOL_PANDO 183 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_VHUA 184 +#define NDPI_PROTOCOL_TELEGRAM 185 /* Gianluca Costa */ +#define NDPI_PROTOCOL_VEVO 186 +#define NDPI_PROTOCOL_PANDORA 187 +#define NDPI_PROTOCOL_QUIC 188 /* Andrea Buscarinu - Michele Campus */ +#define NDPI_PROTOCOL_WHATSAPP_VOICE 189 +#define NDPI_PROTOCOL_EAQ 190 -#define NDPI_PROTOCOL_HTTP 7 -#define NDPI_PROTOCOL_HTTP_DOWNLOAD 60 -#define NDPI_PROTOCOL_SSL_NO_CERT 64 /* SSL without certificate (Skype, Ultrasurf?) - ntop.org */ -#define NDPI_PROTOCOL_SSL 91 -#define NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC 110 -#define NDPI_PROTOCOL_HTTP_CONNECT 130 -#define NDPI_PROTOCOL_HTTP_PROXY 131 +/* 191, 192 are free */ +#define NDPI_PROTOCOL_FREE_191 191 +#define NDPI_PROTOCOL_FREE_192 192 +#define NDPI_PROTOCOL_KAKAOTALK 193 /* KakaoTalk Chat (no voice call) */ +#define NDPI_PROTOCOL_KAKAOTALK_VOICE 194 /* KakaoTalk Voice */ +#define NDPI_PROTOCOL_TWITCH 195 /* Edoardo Dominici */ +#define NDPI_PROTOCOL_QUICKPLAY 196 /* Streaming service used by various services such as hooq.tv */ +#define NDPI_PROTOCOL_OPENDNS 197 +#define NDPI_PROTOCOL_MPEGTS 198 +#define NDPI_PROTOCOL_SNAPCHAT 199 +#define NDPI_PROTOCOL_SINA 200 +#define NDPI_PROTOCOL_HANGOUT 201 +#define NDPI_PROTOCOL_IFLIX 202 /* www.vizuamatix.com R&D team & M.Mallawaarachchie */ +#define NDPI_PROTOCOL_GITHUB 203 +#define NDPI_PROTOCOL_BJNP 204 +#define NDPI_PROTOCOL_1KXUN 205 +#define NDPI_PROTOCOL_IQIYI 206 +#define NDPI_PROTOCOL_SMPP 207 /* Damir Franusic */ +#define NDPI_PROTOCOL_MQTT 208 +#define NDPI_PROTOCOL_RX 209 +#define NDPI_PROTOCOL_DEEZER 210 +#define NDPI_PROTOCOL_INSTAGRAM 211 /* Andrea Buscarinu */ +#define NDPI_PROTOCOL_MICROSOFT 212 +#define NDPI_PROTOCOL_STARCRAFT 213 /* Matteo Bracci */ +#define NDPI_PROTOCOL_TEREDO 214 +#define NDPI_PROTOCOL_HOTSPOT_SHIELD 215 +#define NDPI_PROTOCOL_HEP 216 /* sipcapture.org QXIP BV */ -#define NDPI_PROTOCOL_FTP_CONTROL 1 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_MAIL_POP 2 -#define NDPI_PROTOCOL_MAIL_SMTP 3 -#define NDPI_PROTOCOL_MAIL_IMAP 4 -#define NDPI_PROTOCOL_DNS 5 -#define NDPI_PROTOCOL_IPP 6 -#define NDPI_PROTOCOL_MDNS 8 -#define NDPI_PROTOCOL_NTP 9 -#define NDPI_PROTOCOL_NETBIOS 10 -#define NDPI_PROTOCOL_NFS 11 -#define NDPI_PROTOCOL_SSDP 12 -#define NDPI_PROTOCOL_BGP 13 -#define NDPI_PROTOCOL_SNMP 14 -#define NDPI_PROTOCOL_XDMCP 15 -#define NDPI_PROTOCOL_SMB 16 -#define NDPI_PROTOCOL_SYSLOG 17 -#define NDPI_PROTOCOL_DHCP 18 -#define NDPI_PROTOCOL_POSTGRES 19 -#define NDPI_PROTOCOL_MYSQL 20 -#define NDPI_SERVICE_HOTMAIL 21 -#define NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK 22 -#define NDPI_PROTOCOL_MAIL_POPS 23 -#define NDPI_PROTOCOL_APPLEJUICE 24 -#define NDPI_PROTOCOL_DIRECTCONNECT 25 -#define NDPI_PROTOCOL_SOCRATES 26 -#define NDPI_PROTOCOL_COAP 27 -#define NDPI_PROTOCOL_VMWARE 28 -#define NDPI_PROTOCOL_MAIL_SMTPS 29 -#define NDPI_PROTOCOL_FILETOPIA 30 -#define NDPI_PROTOCOL_UBNTAC2 31 /* Ubiquity UBNT AirControl 2 - Thomas Fjellstrom */ -#define NDPI_PROTOCOL_KONTIKI 32 -#define NDPI_PROTOCOL_OPENFT 33 -#define NDPI_PROTOCOL_FASTTRACK 34 -#define NDPI_PROTOCOL_GNUTELLA 35 -#define NDPI_PROTOCOL_EDONKEY 36 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_BITTORRENT 37 -#define NDPI_PROTOCOL_EPP 38 -#define NDPI_PROTOCOL_XBOX 47 -#define NDPI_PROTOCOL_QQ 48 -#define NDPI_PROTOCOL_MOVE 49 -#define NDPI_PROTOCOL_RTSP 50 -#define NDPI_PROTOCOL_MAIL_IMAPS 51 -#define NDPI_PROTOCOL_ICECAST 52 -#define NDPI_PROTOCOL_PPLIVE 53 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_PPSTREAM 54 -#define NDPI_PROTOCOL_ZATTOO 55 -#define NDPI_PROTOCOL_SHOUTCAST 56 -#define NDPI_PROTOCOL_SOPCAST 57 -#define NDPI_PROTOCOL_TVANTS 58 -#define NDPI_PROTOCOL_TVUPLAYER 59 -#define NDPI_PROTOCOL_QQLIVE 61 -#define NDPI_PROTOCOL_THUNDER 62 -#define NDPI_PROTOCOL_SOULSEEK 63 -#define NDPI_PROTOCOL_IRC 65 -#define NDPI_PROTOCOL_AYIYA 66 -#define NDPI_PROTOCOL_UNENCRYPED_JABBER 67 -#define NDPI_PROTOCOL_MSN 68 -#define NDPI_PROTOCOL_OSCAR 69 -#define NDPI_PROTOCOL_YAHOO 70 -#define NDPI_PROTOCOL_BATTLEFIELD 71 -#define NDPI_PROTOCOL_QUAKE 72 -#define NDPI_PROTOCOL_STEAM 74 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_HALFLIFE2 75 -#define NDPI_PROTOCOL_WORLDOFWARCRAFT 76 -#define NDPI_PROTOCOL_TELNET 77 -#define NDPI_PROTOCOL_STUN 78 -#define NDPI_PROTOCOL_RTP 87 -#define NDPI_PROTOCOL_RDP 88 -#define NDPI_PROTOCOL_VNC 89 -#define NDPI_PROTOCOL_PCANYWHERE 90 -#define NDPI_PROTOCOL_SSH 92 -#define NDPI_PROTOCOL_USENET 93 -#define NDPI_PROTOCOL_MGCP 94 -#define NDPI_PROTOCOL_IAX 95 -#define NDPI_PROTOCOL_TFTP 96 -#define NDPI_PROTOCOL_AFP 97 -#define NDPI_PROTOCOL_STEALTHNET 98 -#define NDPI_PROTOCOL_AIMINI 99 -#define NDPI_PROTOCOL_SIP 100 -#define NDPI_PROTOCOL_TRUPHONE 101 -#define NDPI_PROTOCOL_DHCPV6 103 -#define NDPI_PROTOCOL_ARMAGETRON 104 -#define NDPI_PROTOCOL_CROSSFIRE 105 -#define NDPI_PROTOCOL_DOFUS 106 -#define NDPI_PROTOCOL_FIESTA 107 -#define NDPI_PROTOCOL_FLORENSIA 108 -#define NDPI_PROTOCOL_GUILDWARS 109 -#define NDPI_PROTOCOL_KERBEROS 111 -#define NDPI_PROTOCOL_LDAP 112 -#define NDPI_PROTOCOL_MAPLESTORY 113 -#define NDPI_PROTOCOL_MSSQL_TDS 114 -#define NDPI_PROTOCOL_PPTP 115 -#define NDPI_PROTOCOL_WARCRAFT3 116 -#define NDPI_PROTOCOL_WORLD_OF_KUNG_FU 117 -#define NDPI_SERVICE_SLACK 118 -#define NDPI_PROTOCOL_DROPBOX 121 -#define NDPI_PROTOCOL_SKYPE 125 -#define NDPI_PROTOCOL_DCERPC 127 -#define NDPI_PROTOCOL_NETFLOW 128 -#define NDPI_PROTOCOL_SFLOW 129 -#define NDPI_PROTOCOL_CITRIX 132 -#define NDPI_PROTOCOL_SKYFILE_PREPAID 136 -#define NDPI_PROTOCOL_SKYFILE_RUDICS 137 -#define NDPI_PROTOCOL_SKYFILE_POSTPAID 138 -#define NDPI_PROTOCOL_CITRIX_ONLINE 139 -#define NDPI_PROTOCOL_WEBEX 141 -#define NDPI_PROTOCOL_VIBER 144 -#define NDPI_PROTOCOL_RADIUS 146 -#define NDPI_SERVICE_WINDOWS_UPDATE 147 -#define NDPI_PROTOCOL_TEAMVIEWER 148 /* xplico.org */ -#define NDPI_PROTOCOL_LOTUS_NOTES 150 -#define NDPI_PROTOCOL_SAP 151 -#define NDPI_PROTOCOL_GTP 152 -#define NDPI_PROTOCOL_UPNP 153 -#define NDPI_PROTOCOL_LLMNR 154 -#define NDPI_PROTOCOL_REMOTE_SCAN 155 -#define NDPI_PROTOCOL_SPOTIFY 156 -#define NDPI_PROTOCOL_H323 158 /* Remy Mudingay */ -#define NDPI_PROTOCOL_OPENVPN 159 /* Remy Mudingay */ -#define NDPI_PROTOCOL_NOE 160 /* Remy Mudingay */ -#define NDPI_PROTOCOL_CISCOVPN 161 /* Remy Mudingay */ -#define NDPI_PROTOCOL_TEAMSPEAK 162 /* Remy Mudingay */ -#define NDPI_PROTOCOL_TOR 163 /* Remy Mudingay */ -#define NDPI_PROTOCOL_SKINNY 164 /* Remy Mudingay */ -#define NDPI_PROTOCOL_RTCP 165 /* Remy Mudingay */ -#define NDPI_PROTOCOL_RSYNC 166 /* Remy Mudingay */ -#define NDPI_PROTOCOL_ORACLE 167 /* Remy Mudingay */ -#define NDPI_PROTOCOL_CORBA 168 /* Remy Mudingay */ -#define NDPI_PROTOCOL_UBUNTUONE 169 /* Remy Mudingay */ -#define NDPI_PROTOCOL_WHOIS_DAS 170 -#define NDPI_PROTOCOL_COLLECTD 171 -#define NDPI_PROTOCOL_SOCKS 172 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_MS_LYNC 173 -#define NDPI_PROTOCOL_RTMP 174 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_FTP_DATA 175 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_ZMQ 177 -#define NDPI_PROTOCOL_MEGACO 181 /* Gianluca Costa */ -#define NDPI_PROTOCOL_REDIS 182 -#define NDPI_PROTOCOL_PANDO 183 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_VHUA 184 -#define NDPI_PROTOCOL_TELEGRAM 185 /* Gianluca Costa */ -#define NDPI_PROTOCOL_QUIC 188 /* Andrea Buscarinu - Michele Campus */ -#define NDPI_PROTOCOL_WHATSAPP_VOICE 189 +/* 217 is free */ +#define NDPI_PROTOCOL_FREE_217 217 +#define NDPI_PROTOCOL_OCS 218 +#define NDPI_PROTOCOL_OFFICE_365 219 +#define NDPI_PROTOCOL_CLOUDFLARE 220 +#define NDPI_PROTOCOL_MS_ONE_DRIVE 221 +/* 222 - 225 */ +#define NDPI_PROTOCOL_FREE_222 222 +#define NDPI_PROTOCOL_FREE_223 223 +#define NDPI_PROTOCOL_FREE_224 224 +#define NDPI_PROTOCOL_FREE_225 225 -#define NDPI_CONTENT_AVI 39 -#define NDPI_CONTENT_FLASH 40 -#define NDPI_CONTENT_OGG 41 -#define NDPI_CONTENT_MPEG 42 -#define NDPI_CONTENT_QUICKTIME 43 -#define NDPI_CONTENT_REALMEDIA 44 -#define NDPI_CONTENT_WINDOWSMEDIA 45 -#define NDPI_CONTENT_MMS 46 -#define NDPI_CONTENT_WEBM 157 - -#define NDPI_SERVICE_FACEBOOK 119 -#define NDPI_SERVICE_TWITTER 120 -#define NDPI_SERVICE_GMAIL 122 -#define NDPI_SERVICE_GOOGLE_MAPS 123 -#define NDPI_SERVICE_YOUTUBE 124 -#define NDPI_SERVICE_VEVO 186 -#define NDPI_SERVICE_GOOGLE 126 -#define NDPI_SERVICE_NETFLIX 133 -#define NDPI_SERVICE_LASTFM 134 -#define NDPI_SERVICE_WAZE 135 -#define NDPI_SERVICE_APPLE 140 -#define NDPI_SERVICE_WHATSAPP 142 -#define NDPI_SERVICE_APPLE_ICLOUD 143 -#define NDPI_SERVICE_APPLE_ITUNES 145 -#define NDPI_SERVICE_TUENTI 149 -#define NDPI_SERVICE_WIKIPEDIA 176 /* Tomasz Bujlow */ -#define NDPI_SERVICE_MSN NDPI_PROTOCOL_MSN /* Tomasz Bujlow */ -#define NDPI_SERVICE_AMAZON 178 /* Tomasz Bujlow */ -#define NDPI_SERVICE_EBAY 179 /* Tomasz Bujlow */ -#define NDPI_SERVICE_CNN 180 /* Tomasz Bujlow */ -#define NDPI_SERVICE_DROPBOX NDPI_PROTOCOL_DROPBOX /* Tomasz Bujlow */ -#define NDPI_SERVICE_SKYPE NDPI_PROTOCOL_SKYPE /* Tomasz Bujlow */ -#define NDPI_SERVICE_VIBER NDPI_PROTOCOL_VIBER -#define NDPI_SERVICE_YAHOO NDPI_PROTOCOL_YAHOO /* Tomasz Bujlow */ -#define NDPI_SERVICE_PANDORA 187 -#define NDPI_PROTOCOL_EAQ 190 -#define NDPI_PROTOCOL_GIT 191 -#define NDPI_PROTOCOL_DRDA 192 -#define NDPI_SERVICE_KAKAOTALK 193 /* KakaoTalk Chat (no voice call) */ -#define NDPI_SERVICE_KAKAOTALK_VOICE 194 /* KakaoTalk Voice */ -#define NDPI_SERVICE_TWITCH 195 /* Edoardo Dominici */ -#define NDPI_SERVICE_QUICKPLAY 196 /* Streaming service used by various services such as hooq.tv */ -#define NDPI_SERVICE_OPENDNS 197 -#define NDPI_PROTOCOL_MPEGTS 198 -#define NDPI_SERVICE_SNAPCHAT 199 -#define NDPI_SERVICE_DEEZER 200 -#define NDPI_SERVICE_INSTAGRAM 201 /* Andrea Buscarinu */ -#define NDPI_SERVICE_MICROSOFT 202 -#define NDPI_SERVICE_HOTSPOT_SHIELD 203 -#define NDPI_SERVICE_OCS 204 -#define NDPI_SERVICE_OFFICE_365 205 -#define NDPI_SERVICE_CLOUDFLARE 206 -#define NDPI_SERVICE_MS_ONE_DRIVE 207 -#define NDPI_PROTOCOL_MQTT 208 -#define NDPI_PROTOCOL_RX 209 -#define NDPI_SERVICE_SINA 210 -#define NDPI_PROTOCOL_STARCRAFT 211 /* Matteo Bracci */ -#define NDPI_PROTOCOL_TEREDO 212 -#define NDPI_PROTOCOL_HEP 213 /* Sipcapture.org QXIP BV */ -#define NDPI_SERVICE_HANGOUT 214 -#define NDPI_SERVICE_IFLIX 215 /* www.vizuamatix.com R&D team & M.Mallawaarachchie */ -#define NDPI_SERVICE_GITHUB 216 -#define NDPI_PROTOCOL_BJNP 217 -#define NDPI_SERVICE_1KXUN 218 -#define NDPI_SERVICE_IQIYI 219 -#define NDPI_PROTOCOL_SMPP 220 /* Damir Franusic */ +#define NDPI_PROTOCOL_GIT 226 +#define NDPI_PROTOCOL_DRDA 227 /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ -#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_SMPP +#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_DRDA #define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1) #define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL) diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 5598fc98c..dcc613779 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -52,30 +52,30 @@ static ndpi_network host_protocol_list[] = { */ - { 0x1F0D1800 /* 31.13.24.0/21 */, 21, NDPI_SERVICE_FACEBOOK }, - { 0x1F0D4000 /* 31.13.64.0/18 */, 18, NDPI_SERVICE_FACEBOOK }, - { 0x1F0D4100 /* 31.13.65.0/24 */, 24, NDPI_SERVICE_FACEBOOK }, - { 0x1F0D4200 /* 31.13.66.0/24 */, 24, NDPI_SERVICE_FACEBOOK }, - { 0x1F0D4300 /* 31.13.67.0/24 */, 24, NDPI_SERVICE_FACEBOOK }, - { 0x1F0D4400 /* 31.13.68.0/24 */, 24, NDPI_SERVICE_FACEBOOK }, - { 0x1F0D4500 /* 31.13.69.0/24 */, 24, NDPI_SERVICE_FACEBOOK }, - { 0x1F0D4600 /* 31.13.70.0/24 */, 24, NDPI_SERVICE_FACEBOOK }, - { 0x1F0D4700 /* 31.13.71.0/24 */, 24, NDPI_SERVICE_FACEBOOK }, - { 0x1F0D4800 /* 31.13.72.0/24 */, 24, NDPI_SERVICE_FACEBOOK }, - { 0x1F0D4900 /* 31.13.73.0/24 */, 24, NDPI_SERVICE_FACEBOOK }, - { 0x1F0D4A00 /* 31.13.74.0/24 */, 24, NDPI_SERVICE_FACEBOOK }, - { 0x1F0D4B00 /* 31.13.75.0/24 */, 24, NDPI_SERVICE_FACEBOOK }, - { 0x1F0D4C00 /* 31.13.76.0/24 */, 24, NDPI_SERVICE_FACEBOOK }, - { 0x1F0D4D00 /* 31.13.77.0/24 */, 24, NDPI_SERVICE_FACEBOOK }, - { 0x1F0D4E00 /* 31.13.78.0/24 */, 24, NDPI_SERVICE_FACEBOOK }, - { 0x1F0D8000 /* 31.13.80.0/24 */, 24, NDPI_SERVICE_FACEBOOK }, - { 0x1F0D6000 /* 31.13.96.0/19 */, 19, NDPI_SERVICE_FACEBOOK }, - { 0x2D402800 /* 45.64.40.0/22 */, 22, NDPI_SERVICE_FACEBOOK }, - { 0x453FB000 /* 69.63.176.0/20 */, 20, NDPI_SERVICE_FACEBOOK }, - { 0x453FB800 /* 69.63.184.0/21 */, 21, NDPI_SERVICE_FACEBOOK }, - { 0x42DC9000 /* 66.220.144.0/20 */, 20, NDPI_SERVICE_FACEBOOK }, - { 0x45DC9800 /* 69.220.152.0/21 */, 21, NDPI_SERVICE_FACEBOOK }, - { 0xCC0F1400 /* 204.15.20.0/22 */, 22, NDPI_SERVICE_FACEBOOK }, + { 0x1F0D1800 /* 31.13.24.0/21 */, 21, NDPI_PROTOCOL_FACEBOOK }, + { 0x1F0D4000 /* 31.13.64.0/18 */, 18, NDPI_PROTOCOL_FACEBOOK }, + { 0x1F0D4100 /* 31.13.65.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, + { 0x1F0D4200 /* 31.13.66.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, + { 0x1F0D4300 /* 31.13.67.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, + { 0x1F0D4400 /* 31.13.68.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, + { 0x1F0D4500 /* 31.13.69.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, + { 0x1F0D4600 /* 31.13.70.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, + { 0x1F0D4700 /* 31.13.71.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, + { 0x1F0D4800 /* 31.13.72.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, + { 0x1F0D4900 /* 31.13.73.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, + { 0x1F0D4A00 /* 31.13.74.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, + { 0x1F0D4B00 /* 31.13.75.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, + { 0x1F0D4C00 /* 31.13.76.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, + { 0x1F0D4D00 /* 31.13.77.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, + { 0x1F0D4E00 /* 31.13.78.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, + { 0x1F0D8000 /* 31.13.80.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, + { 0x1F0D6000 /* 31.13.96.0/19 */, 19, NDPI_PROTOCOL_FACEBOOK }, + { 0x2D402800 /* 45.64.40.0/22 */, 22, NDPI_PROTOCOL_FACEBOOK }, + { 0x453FB000 /* 69.63.176.0/20 */, 20, NDPI_PROTOCOL_FACEBOOK }, + { 0x453FB800 /* 69.63.184.0/21 */, 21, NDPI_PROTOCOL_FACEBOOK }, + { 0x42DC9000 /* 66.220.144.0/20 */, 20, NDPI_PROTOCOL_FACEBOOK }, + { 0x45DC9800 /* 69.220.152.0/21 */, 21, NDPI_PROTOCOL_FACEBOOK }, + { 0xCC0F1400 /* 204.15.20.0/22 */, 22, NDPI_PROTOCOL_FACEBOOK }, /* @@ -104,35 +104,35 @@ static ndpi_network host_protocol_list[] = { 202.160.130.0/24 202.160.131.0/24 */ - { 0x67FC7000 /* 103.252.112.0/23 */, 23, NDPI_SERVICE_TWITTER }, - { 0x67FC7200 /* 103.252.114.0/23 */, 23, NDPI_SERVICE_TWITTER }, - { 0x68F42800 /* 104.244.40.0/24 */, 24, NDPI_SERVICE_TWITTER }, - { 0x68F42900 /* 104.244.41.0/24 */, 24, NDPI_SERVICE_TWITTER }, - { 0x68F42A00 /* 104.244.42.0/24 */, 24, NDPI_SERVICE_TWITTER }, - { 0x68F42B00 /* 104.244.43.0/24 */, 24, NDPI_SERVICE_TWITTER }, - { 0x68F42C00 /* 104.244.44.0/24 */, 24, NDPI_SERVICE_TWITTER }, - { 0x68F42D00 /* 104.244.45.0/24 */, 24, NDPI_SERVICE_TWITTER }, - { 0x68F42E00 /* 104.244.46.0/24 */, 24, NDPI_SERVICE_TWITTER }, - { 0x68F42F00 /* 104.244.47.0/24 */, 24, NDPI_SERVICE_TWITTER }, - { 0xB92D0500 /* 185.45.5.0/24 */, 24, NDPI_SERVICE_TWITTER }, - { 0xB92D0600 /* 185.45.6.0/23 */, 23, NDPI_SERVICE_TWITTER }, - { 0xC0854C00 /* 192.133.76.0/22 */, 22, NDPI_SERVICE_TWITTER }, - { 0xC7109C00 /* 199.16.156.0/22 */, 22, NDPI_SERVICE_TWITTER }, - { 0xC73B9400 /* 199.59.148.0/22 */, 22, NDPI_SERVICE_TWITTER }, - { 0xC7603800 /* 199.96.56.0/23 */, 23, NDPI_SERVICE_TWITTER }, - { 0xC7603B00 /* 199.96.58.0/23 */, 23, NDPI_SERVICE_TWITTER }, - { 0xC7603C00 /* 199.96.60.0/23 */, 23, NDPI_SERVICE_TWITTER }, - { 0xC7603F00 /* 199.96.62.0/23 */, 23, NDPI_SERVICE_TWITTER }, - { 0x68F28000 /* 202.160.128.0/24 */, 24, NDPI_SERVICE_TWITTER }, - { 0x68F28100 /* 202.160.129.0/24 */, 24, NDPI_SERVICE_TWITTER }, - { 0x68F28200 /* 202.160.130.0/24 */, 24, NDPI_SERVICE_TWITTER }, - { 0x68F28300 /* 202.160.131.0/24 */, 24, NDPI_SERVICE_TWITTER }, + { 0x67FC7000 /* 103.252.112.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, + { 0x67FC7200 /* 103.252.114.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, + { 0x68F42800 /* 104.244.40.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, + { 0x68F42900 /* 104.244.41.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, + { 0x68F42A00 /* 104.244.42.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, + { 0x68F42B00 /* 104.244.43.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, + { 0x68F42C00 /* 104.244.44.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, + { 0x68F42D00 /* 104.244.45.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, + { 0x68F42E00 /* 104.244.46.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, + { 0x68F42F00 /* 104.244.47.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, + { 0xB92D0500 /* 185.45.5.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, + { 0xB92D0600 /* 185.45.6.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, + { 0xC0854C00 /* 192.133.76.0/22 */, 22, NDPI_PROTOCOL_TWITTER }, + { 0xC7109C00 /* 199.16.156.0/22 */, 22, NDPI_PROTOCOL_TWITTER }, + { 0xC73B9400 /* 199.59.148.0/22 */, 22, NDPI_PROTOCOL_TWITTER }, + { 0xC7603800 /* 199.96.56.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, + { 0xC7603B00 /* 199.96.58.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, + { 0xC7603C00 /* 199.96.60.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, + { 0xC7603F00 /* 199.96.62.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, + { 0x68F28000 /* 202.160.128.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, + { 0x68F28100 /* 202.160.129.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, + { 0x68F28200 /* 202.160.130.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, + { 0x68F28300 /* 202.160.131.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, /* OpenDNS 208.67.216.0/21 */ - { 0xD043D800 /* 208.67.216.0/21 */, 21, NDPI_SERVICE_OPENDNS }, + { 0xD043D800 /* 208.67.216.0/21 */, 21, NDPI_PROTOCOL_OPENDNS }, /* Microsoft Corporation (MS One Drive) @@ -144,25 +144,25 @@ static ndpi_network host_protocol_list[] = { 131.253.18.0/24 65.54.191.0/24 */ - { 0xCC4FC300 /* 204.79.195.0/24 */, 24, NDPI_SERVICE_MS_ONE_DRIVE }, - { 0xCC4FC400 /* 204.79.196.0/23 */, 23, NDPI_SERVICE_MS_ONE_DRIVE }, - { 0x86AA0000 /* 134.170.0.0/16 */, 16, NDPI_SERVICE_MS_ONE_DRIVE }, - { 0x83FD0C00 /* 131.253.12.0/22 */, 22, NDPI_SERVICE_MS_ONE_DRIVE }, - { 0x83FD1000 /* 131.253.16.0/23 */, 23, NDPI_SERVICE_MS_ONE_DRIVE }, - { 0x83FD1200 /* 131.253.18.0/24 */, 24, NDPI_SERVICE_MS_ONE_DRIVE }, - { 0x4136BF00 /* 65.54.191.0/24 */, 24, NDPI_SERVICE_MS_ONE_DRIVE }, + { 0xCC4FC300 /* 204.79.195.0/24 */, 24, NDPI_PROTOCOL_MS_ONE_DRIVE }, + { 0xCC4FC400 /* 204.79.196.0/23 */, 23, NDPI_PROTOCOL_MS_ONE_DRIVE }, + { 0x86AA0000 /* 134.170.0.0/16 */, 16, NDPI_PROTOCOL_MS_ONE_DRIVE }, + { 0x83FD0C00 /* 131.253.12.0/22 */, 22, NDPI_PROTOCOL_MS_ONE_DRIVE }, + { 0x83FD1000 /* 131.253.16.0/23 */, 23, NDPI_PROTOCOL_MS_ONE_DRIVE }, + { 0x83FD1200 /* 131.253.18.0/24 */, 24, NDPI_PROTOCOL_MS_ONE_DRIVE }, + { 0x4136BF00 /* 65.54.191.0/24 */, 24, NDPI_PROTOCOL_MS_ONE_DRIVE }, /* Amazon-EU-AWS Elastic Compute Cloud, EC2 (also used by Netflix) 46.137.128.0/18 */ - { 0x2E898000 /* 46.137.128.0/18 */, 18, NDPI_SERVICE_AMAZON }, + { 0x2E898000 /* 46.137.128.0/18 */, 18, NDPI_PROTOCOL_AMAZON }, /* Amazon-EU (also used by Netflix) 176.34.184.0/21 */ - { 0xB022B800 /* 176.34.184.0/21 */, 21, NDPI_SERVICE_AMAZON }, + { 0xB022B800 /* 176.34.184.0/21 */, 21, NDPI_PROTOCOL_AMAZON }, /* Netflix @@ -171,9 +171,9 @@ static ndpi_network host_protocol_list[] = { 69.53.224.0/19 */ - { 0x17F60000 /* 23.246.0.0/18 */, 18, NDPI_SERVICE_NETFLIX }, - { 0x1715BE7C /* 23.21.190.124/32 */, 32, NDPI_SERVICE_NETFLIX }, - { 0x4535E000 /* 69.53.224.0/19 */, 19, NDPI_SERVICE_NETFLIX }, + { 0x17F60000 /* 23.246.0.0/18 */, 18, NDPI_PROTOCOL_NETFLIX }, + { 0x1715BE7C /* 23.21.190.124/32 */, 32, NDPI_PROTOCOL_NETFLIX }, + { 0x4535E000 /* 69.53.224.0/19 */, 19, NDPI_PROTOCOL_NETFLIX }, /* Cloudflare @@ -182,10 +182,10 @@ static ndpi_network host_protocol_list[] = { 162.158.0.0/15 141.101.125.0/24 CLOUDFLARE-EU CDN network */ - { 0x68100000 /* 104.16.0.0/12 */, 12, NDPI_SERVICE_CLOUDFLARE }, - { 0xADF53000 /* 173.245.48.0/20 */, 20, NDPI_SERVICE_CLOUDFLARE }, - { 0xA29E0000 /* 162.158.0.0/15 */, 15, NDPI_SERVICE_CLOUDFLARE }, - { 0x8D657D00 /* 141.101.125.0/24 */, 24, NDPI_SERVICE_CLOUDFLARE }, + { 0x68100000 /* 104.16.0.0/12 */, 12, NDPI_PROTOCOL_CLOUDFLARE }, + { 0xADF53000 /* 173.245.48.0/20 */, 20, NDPI_PROTOCOL_CLOUDFLARE }, + { 0xA29E0000 /* 162.158.0.0/15 */, 15, NDPI_PROTOCOL_CLOUDFLARE }, + { 0x8D657D00 /* 141.101.125.0/24 */, 24, NDPI_PROTOCOL_CLOUDFLARE }, /* OFFICE 365 @@ -201,23 +201,23 @@ static ndpi_network host_protocol_list[] = { 13.107.15.0/24 13.107.16.0/24 */ - { 0x0D6B0100 /* 13.107.1.0 */, 24 , NDPI_SERVICE_OFFICE_365 }, - { 0x0D6B0300 /* 13.107.3.0 */, 24 , NDPI_SERVICE_OFFICE_365 }, - { 0x0D6B0400 /* 13.107.4.0 */, 24 , NDPI_SERVICE_OFFICE_365 }, - { 0x0D6B0500 /* 13.107.5.0 */, 24 , NDPI_SERVICE_OFFICE_365 }, - { 0x0D6B0600 /* 13.107.6.0 */, 24 , NDPI_SERVICE_OFFICE_365 }, - { 0x0D6B0700 /* 13.107.7.0 */, 24 , NDPI_SERVICE_OFFICE_365 }, - { 0x0D6B0900 /* 13.107.9.0 */, 24 , NDPI_SERVICE_OFFICE_365 }, - { 0x0D6B0C00 /* 13.107.12.0 */, 24 , NDPI_SERVICE_OFFICE_365 }, - { 0x0D6B0D00 /* 13.107.13.0 */, 24 , NDPI_SERVICE_OFFICE_365 }, - { 0x0D6B0F00 /* 13.107.15.0 */, 24 , NDPI_SERVICE_OFFICE_365 }, - { 0x0D6B1000 /* 13.107.16.0 */, 24 , NDPI_SERVICE_OFFICE_365 }, + { 0x0D6B0100 /* 13.107.1.0 */, 24 , NDPI_PROTOCOL_OFFICE_365 }, + { 0x0D6B0300 /* 13.107.3.0 */, 24 , NDPI_PROTOCOL_OFFICE_365 }, + { 0x0D6B0400 /* 13.107.4.0 */, 24 , NDPI_PROTOCOL_OFFICE_365 }, + { 0x0D6B0500 /* 13.107.5.0 */, 24 , NDPI_PROTOCOL_OFFICE_365 }, + { 0x0D6B0600 /* 13.107.6.0 */, 24 , NDPI_PROTOCOL_OFFICE_365 }, + { 0x0D6B0700 /* 13.107.7.0 */, 24 , NDPI_PROTOCOL_OFFICE_365 }, + { 0x0D6B0900 /* 13.107.9.0 */, 24 , NDPI_PROTOCOL_OFFICE_365 }, + { 0x0D6B0C00 /* 13.107.12.0 */, 24 , NDPI_PROTOCOL_OFFICE_365 }, + { 0x0D6B0D00 /* 13.107.13.0 */, 24 , NDPI_PROTOCOL_OFFICE_365 }, + { 0x0D6B0F00 /* 13.107.15.0 */, 24 , NDPI_PROTOCOL_OFFICE_365 }, + { 0x0D6B1000 /* 13.107.16.0 */, 24 , NDPI_PROTOCOL_OFFICE_365 }, /* OCS GO (Orange Cinéma Séries) 178.248.208.0/21 */ - { 0xB2F8D000 /* 178.248.208.0 */, 21, NDPI_SERVICE_OCS }, + { 0xB2F8D000 /* 178.248.208.0 */, 21, NDPI_PROTOCOL_OCS }, /* IFLIX services -by www.vizuamatix.com R&D team @@ -231,15 +231,15 @@ static ndpi_network host_protocol_list[] = { 52.74.192.247/32 2.21.231.24/32 */ - { 0x344D0000 /* 52.77.0.0 */, 16, NDPI_SERVICE_IFLIX }, - { 0x34DC0000 /* 52.220.0.0 */, 16, NDPI_SERVICE_IFLIX }, - { 0x344A0000 /* 52.74.0.0 */, 16, NDPI_SERVICE_IFLIX }, - { 0x36E69F00 /* 54.230.159.0 */, 24, NDPI_SERVICE_IFLIX }, - { 0x36C09C50 /* 54.192.156.80 */, 32, NDPI_SERVICE_IFLIX }, - { 0x36FBB6A8 /* 54.251.182.168 */, 32, NDPI_SERVICE_IFLIX }, - { 0x36C09600 /* 54.192.150.0 */, 24, NDPI_SERVICE_IFLIX }, - { 0x344AC0F7 /* 52.74.192.247 */, 32, NDPI_SERVICE_IFLIX }, - { 0x0215E718 /* 2.21.231.24 */, 32, NDPI_SERVICE_IFLIX }, + { 0x344D0000 /* 52.77.0.0 */, 16, NDPI_PROTOCOL_IFLIX }, + { 0x34DC0000 /* 52.220.0.0 */, 16, NDPI_PROTOCOL_IFLIX }, + { 0x344A0000 /* 52.74.0.0 */, 16, NDPI_PROTOCOL_IFLIX }, + { 0x36E69F00 /* 54.230.159.0 */, 24, NDPI_PROTOCOL_IFLIX }, + { 0x36C09C50 /* 54.192.156.80 */, 32, NDPI_PROTOCOL_IFLIX }, + { 0x36FBB6A8 /* 54.251.182.168 */, 32, NDPI_PROTOCOL_IFLIX }, + { 0x36C09600 /* 54.192.150.0 */, 24, NDPI_PROTOCOL_IFLIX }, + { 0x344AC0F7 /* 52.74.192.247 */, 32, NDPI_PROTOCOL_IFLIX }, + { 0x0215E718 /* 2.21.231.24 */, 32, NDPI_PROTOCOL_IFLIX }, /* Citrix GotoMeeting (AS16815, AS21866) @@ -271,7 +271,7 @@ static ndpi_network host_protocol_list[] = { Apple (FaceTime, iMessage,...) 17.0.0.0/8 */ - { 0x11000000 /* 17.0.0.0 */, 8, NDPI_SERVICE_APPLE }, + { 0x11000000 /* 17.0.0.0 */, 8, NDPI_PROTOCOL_APPLE }, /* Dropbox @@ -325,10 +325,10 @@ static ndpi_network host_protocol_list[] = { 64.233.160.0/19 216.58.192.0/19 */ - { 0xADC20000 /* 173.194.0.0 */, 16, NDPI_SERVICE_GOOGLE }, - { 0x4A7D0000 /* 74.125.0.0 */, 16, NDPI_SERVICE_GOOGLE }, - { 0x40E91600 /* 64.233.160.0 */, 19, NDPI_SERVICE_GOOGLE }, - { 0xD83AC000 /* 216.58.192.0 */, 19, NDPI_SERVICE_GOOGLE }, + { 0xADC20000 /* 173.194.0.0 */, 16, NDPI_PROTOCOL_GOOGLE }, + { 0x4A7D0000 /* 74.125.0.0 */, 16, NDPI_PROTOCOL_GOOGLE }, + { 0x40E91600 /* 64.233.160.0 */, 19, NDPI_PROTOCOL_GOOGLE }, + { 0xD83AC000 /* 216.58.192.0 */, 19, NDPI_PROTOCOL_GOOGLE }, /* Ubuntu One @@ -7305,79 +7305,79 @@ static ndpi_network host_protocol_list[] = { https://api.twitch.tv/kraken/ingests Edoardo Dominici edoaramis@gmail.com */ - { 0xB92ACC5D, 32, NDPI_SERVICE_TWITCH }, - { 0xB92ACC92, 32, NDPI_SERVICE_TWITCH }, - { 0xB92ACCA4, 32, NDPI_SERVICE_TWITCH }, - { 0xB92ACCCD, 32, NDPI_SERVICE_TWITCH }, - { 0xB92ACC30, 32, NDPI_SERVICE_TWITCH }, - { 0xC709FE15, 32, NDPI_SERVICE_TWITCH }, - { 0xC709FE19, 32, NDPI_SERVICE_TWITCH }, - { 0xBCACD305, 32, NDPI_SERVICE_TWITCH }, - { 0xC0104616, 32, NDPI_SERVICE_TWITCH }, - { 0xC010461D, 32, NDPI_SERVICE_TWITCH }, - { 0xC0104650, 32, NDPI_SERVICE_TWITCH }, - { 0xC0104651, 32, NDPI_SERVICE_TWITCH }, - { 0xC709FEA3, 32, NDPI_SERVICE_TWITCH }, - { 0xC709FE87, 32, NDPI_SERVICE_TWITCH }, - { 0xB92ACD85, 32, NDPI_SERVICE_TWITCH }, - { 0xB92ACDA4, 32, NDPI_SERVICE_TWITCH }, - { 0xC010419A, 32, NDPI_SERVICE_TWITCH }, - { 0xC01041AD, 32, NDPI_SERVICE_TWITCH }, - { 0xC0104172, 32, NDPI_SERVICE_TWITCH }, - { 0xB92ACD68, 32, NDPI_SERVICE_TWITCH }, - { 0xB92ACD55, 32, NDPI_SERVICE_TWITCH }, - { 0xC0104219, 32, NDPI_SERVICE_TWITCH }, - { 0xC010421A, 32, NDPI_SERVICE_TWITCH }, - { 0xC010421B, 32, NDPI_SERVICE_TWITCH }, - { 0xBCACD205, 32, NDPI_SERVICE_TWITCH }, - { 0xBCACCB05, 32, NDPI_SERVICE_TWITCH }, - { 0xC010413C, 32, NDPI_SERVICE_TWITCH }, - { 0xC010413D, 32, NDPI_SERVICE_TWITCH }, - { 0xC010413E, 32, NDPI_SERVICE_TWITCH }, - { 0xBCACD105, 32, NDPI_SERVICE_TWITCH }, - { 0xBCACD005, 32, NDPI_SERVICE_TWITCH }, - { 0xBCACCA05, 32, NDPI_SERVICE_TWITCH }, - { 0xB92ACD06, 32, NDPI_SERVICE_TWITCH }, - { 0xB92ACD14, 32, NDPI_SERVICE_TWITCH }, - { 0xB92ACCF3, 32, NDPI_SERVICE_TWITCH }, - { 0xC709F9C7, 32, NDPI_SERVICE_TWITCH }, - { 0xC709F9C9, 32, NDPI_SERVICE_TWITCH }, - { 0xC709F9CB, 32, NDPI_SERVICE_TWITCH }, - { 0xC709FBA4, 32, NDPI_SERVICE_TWITCH }, - { 0xC709FBA6, 32, NDPI_SERVICE_TWITCH }, - { 0xC709FBAA, 32, NDPI_SERVICE_TWITCH }, - { 0xC709FBB1, 32, NDPI_SERVICE_TWITCH }, - { 0xC709FBE8, 32, NDPI_SERVICE_TWITCH }, - { 0xC709FBE9, 32, NDPI_SERVICE_TWITCH }, - { 0xC709FBEA, 32, NDPI_SERVICE_TWITCH }, - { 0xC709FBEB, 32, NDPI_SERVICE_TWITCH }, - { 0xC709FBFB, 32, NDPI_SERVICE_TWITCH }, - { 0xC709FBFC, 32, NDPI_SERVICE_TWITCH }, - { 0xC709FBFD, 32, NDPI_SERVICE_TWITCH }, - { 0xC709FBFE, 32, NDPI_SERVICE_TWITCH }, - { 0xC709FF4B, 32, NDPI_SERVICE_TWITCH }, - { 0xC709FF4C, 32, NDPI_SERVICE_TWITCH }, - { 0xC709F974, 32, NDPI_SERVICE_TWITCH }, - { 0xC709F976, 32, NDPI_SERVICE_TWITCH }, - { 0xC709F978, 32, NDPI_SERVICE_TWITCH }, - { 0xC709F97D, 32, NDPI_SERVICE_TWITCH }, - { 0xC709F985, 32, NDPI_SERVICE_TWITCH }, - { 0xC709F986, 32, NDPI_SERVICE_TWITCH }, - { 0xC709F987, 32, NDPI_SERVICE_TWITCH }, - { 0xC709F98C, 32, NDPI_SERVICE_TWITCH }, - { 0xC709F9C5, 32, NDPI_SERVICE_TWITCH }, + { 0xB92ACC5D, 32, NDPI_PROTOCOL_TWITCH }, + { 0xB92ACC92, 32, NDPI_PROTOCOL_TWITCH }, + { 0xB92ACCA4, 32, NDPI_PROTOCOL_TWITCH }, + { 0xB92ACCCD, 32, NDPI_PROTOCOL_TWITCH }, + { 0xB92ACC30, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709FE15, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709FE19, 32, NDPI_PROTOCOL_TWITCH }, + { 0xBCACD305, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC0104616, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC010461D, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC0104650, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC0104651, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709FEA3, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709FE87, 32, NDPI_PROTOCOL_TWITCH }, + { 0xB92ACD85, 32, NDPI_PROTOCOL_TWITCH }, + { 0xB92ACDA4, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC010419A, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC01041AD, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC0104172, 32, NDPI_PROTOCOL_TWITCH }, + { 0xB92ACD68, 32, NDPI_PROTOCOL_TWITCH }, + { 0xB92ACD55, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC0104219, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC010421A, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC010421B, 32, NDPI_PROTOCOL_TWITCH }, + { 0xBCACD205, 32, NDPI_PROTOCOL_TWITCH }, + { 0xBCACCB05, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC010413C, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC010413D, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC010413E, 32, NDPI_PROTOCOL_TWITCH }, + { 0xBCACD105, 32, NDPI_PROTOCOL_TWITCH }, + { 0xBCACD005, 32, NDPI_PROTOCOL_TWITCH }, + { 0xBCACCA05, 32, NDPI_PROTOCOL_TWITCH }, + { 0xB92ACD06, 32, NDPI_PROTOCOL_TWITCH }, + { 0xB92ACD14, 32, NDPI_PROTOCOL_TWITCH }, + { 0xB92ACCF3, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709F9C7, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709F9C9, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709F9CB, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709FBA4, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709FBA6, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709FBAA, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709FBB1, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709FBE8, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709FBE9, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709FBEA, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709FBEB, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709FBFB, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709FBFC, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709FBFD, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709FBFE, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709FF4B, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709FF4C, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709F974, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709F976, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709F978, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709F97D, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709F985, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709F986, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709F987, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709F98C, 32, NDPI_PROTOCOL_TWITCH }, + { 0xC709F9C5, 32, NDPI_PROTOCOL_TWITCH }, /* AnchorFree (Hotspot Shield) AnchorFree Inc. AFNETWORK-1 (NET-74-115-0-0-1) 74.115.0.0 - 74.115.7.255 */ - { 0x4A730000, 21, NDPI_SERVICE_HOTSPOT_SHIELD }, + { 0x4A730000, 21, NDPI_PROTOCOL_HOTSPOT_SHIELD }, /* Github: https://help.github.com/articles/what-ip-addresses-does-github-use-that-i-should-whitelist/ 192.30.252.0/22 */ - { 0xC01EFC00 /* 192.30.252.0/22 */, 22, NDPI_SERVICE_GITHUB }, + { 0xC01EFC00 /* 192.30.252.0/22 */, 22, NDPI_PROTOCOL_GITHUB }, /* Valve Corporation (Steam) @@ -7414,192 +7414,192 @@ static ndpi_network host_protocol_list[] = { */ ndpi_protocol_match host_match[] = { - { "amazon.", "Amazon", NDPI_SERVICE_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "amazon.com", "Amazon", NDPI_SERVICE_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "images-amazon.com", "Amazon", NDPI_SERVICE_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "amazonaws.com", "Amazon", NDPI_SERVICE_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "amazon-adsystem.com", "Amazon", NDPI_SERVICE_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".cloudfront.net", "Amazon", NDPI_SERVICE_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".apple.com", "Apple", NDPI_SERVICE_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".mzstatic.com", "Apple", NDPI_SERVICE_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".icloud.com", "AppleiCloud", NDPI_SERVICE_APPLE_ICLOUD, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "itunes.apple.com", "AppleiTunes", NDPI_SERVICE_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - { ".cnn.c", "CNN", NDPI_SERVICE_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - { ".cnn.net", "CNN", NDPI_SERVICE_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - { ".dropbox.com", "DropBox", NDPI_SERVICE_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE }, - { "log.getdropbox.com", "DropBox", NDPI_SERVICE_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE }, - { ".ebay.", "eBay", NDPI_SERVICE_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".ebay.com", "eBay", NDPI_SERVICE_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".ebaystatic.com", "eBay", NDPI_SERVICE_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".ebaydesc.com", "eBay", NDPI_SERVICE_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".ebayrtm.com", "eBay", NDPI_SERVICE_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".ebaystratus.com", "eBay", NDPI_SERVICE_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".ebayimg.com", "eBay", NDPI_SERVICE_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "facebook.com", "Facebook", NDPI_SERVICE_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "fbstatic-a.akamaihd.net", "Facebook", NDPI_SERVICE_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".fbcdn.net", "Facebook", NDPI_SERVICE_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "fbcdn-", "Facebook", NDPI_SERVICE_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, /* fbcdn-video-a-akamaihd.net */ - { ".facebook.net", "Facebook", NDPI_SERVICE_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".google.", "Google", NDPI_SERVICE_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".gstatic.com", "Google", NDPI_SERVICE_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".googlesyndication.com", "Google", NDPI_SERVICE_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".googletagservices.com", "Google", NDPI_SERVICE_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".2mdn.net", "Google", NDPI_SERVICE_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".doubleclick.net", "Google", NDPI_SERVICE_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, /* Ads */ - { "googleads.", "Google", NDPI_SERVICE_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "google-analytics.", "Google", NDPI_SERVICE_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "googleusercontent.", "Google", NDPI_SERVICE_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "googleadservices.", "Google", NDPI_SERVICE_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "googleapis.com", "Google", NDPI_SERVICE_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "ggpht.com", "Google", NDPI_SERVICE_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "1e100.net", "Google", NDPI_SERVICE_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "maps.google.", "GoogleMaps", NDPI_SERVICE_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "maps.gstatic.com", "GoogleMaps", NDPI_SERVICE_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".gmail.", "GMail", NDPI_SERVICE_GMAIL, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_SAFE }, - { "mail.google.", "GMail", NDPI_SERVICE_GMAIL, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_SAFE }, - { "mail.outlook.com", "Hotmail", NDPI_SERVICE_HOTMAIL, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_SAFE }, - { ".last.fm", "LastFM", NDPI_SERVICE_LASTFM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - { "msn.com", "MSN", NDPI_SERVICE_MSN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - { "netflix.com", "NetFlix", NDPI_SERVICE_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "nflxext.com", "NetFlix", NDPI_SERVICE_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "nflximg.com", "NetFlix", NDPI_SERVICE_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "nflximg.net", "NetFlix", NDPI_SERVICE_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "nflxvideo.net", "NetFlix", NDPI_SERVICE_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".skype.", "Skype", NDPI_SERVICE_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".skypeassets.", "Skype", NDPI_SERVICE_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".skypedata.", "Skype", NDPI_SERVICE_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".skypeecs-", /* no final . */ "Skype", NDPI_SERVICE_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".skypeforbusiness.", "Skype", NDPI_SERVICE_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".lync.com", "Skype", NDPI_SERVICE_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".tuenti.com", "Tuenti", NDPI_SERVICE_TUENTI, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".twttr.com", "Twitter", NDPI_SERVICE_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, - { "twitter.", "Twitter", NDPI_SERVICE_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, - { "twimg.com", "Twitter", NDPI_SERVICE_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, - { ".viber.com", "Viber", NDPI_SERVICE_VIBER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - { ".cdn.viber.com", "Viber", NDPI_SERVICE_VIBER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - { "wikipedia.", "Wikipedia", NDPI_SERVICE_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "wikimedia.", "Wikipedia", NDPI_SERVICE_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "mediawiki.", "Wikipedia", NDPI_SERVICE_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "wikimediafoundation.", "Wikipedia", NDPI_SERVICE_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".whatsapp.", "WhatsApp", NDPI_SERVICE_WHATSAPP, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - { ".yahoo.", "Yahoo", NDPI_SERVICE_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".yimg.com", "Yahoo", NDPI_SERVICE_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "yahooapis.", "Yahoo", NDPI_SERVICE_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "youtube.", "YouTube", NDPI_SERVICE_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "youtu.be.", "YouTube", NDPI_SERVICE_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "yt3.ggpht.com", "YouTube", NDPI_SERVICE_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".googlevideo.com", "YouTube", NDPI_SERVICE_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".ytimg.com", "YouTube", NDPI_SERVICE_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "youtube-nocookie.", "YouTube", NDPI_SERVICE_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".vevo.com", "Vevo", NDPI_SERVICE_VEVO, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "amazon.", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "amazon.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "images-amazon.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "amazonaws.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "amazon-adsystem.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".cloudfront.net", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".apple.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".mzstatic.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".icloud.com", "AppleiCloud", NDPI_PROTOCOL_APPLE_ICLOUD, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "itunes.apple.com", "AppleiTunes", NDPI_PROTOCOL_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { ".cnn.c", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { ".cnn.net", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { ".dropbox.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE }, + { "log.getdropbox.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE }, + { ".ebay.", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".ebay.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".ebaystatic.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".ebaydesc.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".ebayrtm.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".ebaystratus.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".ebayimg.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "facebook.com", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "fbstatic-a.akamaihd.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".fbcdn.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "fbcdn-", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, /* fbcdn-video-a-akamaihd.net */ + { ".facebook.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".gstatic.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".googlesyndication.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".googletagservices.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".2mdn.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".doubleclick.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, /* Ads */ + { "googleads.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "google-analytics.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "googleusercontent.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "googleadservices.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "googleapis.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "ggpht.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "1e100.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "maps.google.", "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "maps.gstatic.com", "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".gmail.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_SAFE }, + { "mail.google.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_SAFE }, + { "mail.outlook.com", "Hotmail", NDPI_PROTOCOL_HOTMAIL, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_SAFE }, + { ".last.fm", "LastFM", NDPI_PROTOCOL_LASTFM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { "msn.com", "MSN", NDPI_PROTOCOL_MSN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { "netflix.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "nflxext.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "nflximg.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "nflximg.net", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "nflxvideo.net", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".skype.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".skypeassets.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".skypedata.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".skypeecs-", /* no final . */ "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".skypeforbusiness.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".lync.com", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".tuenti.com", "Tuenti", NDPI_PROTOCOL_TUENTI, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".twttr.com", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, + { "twitter.", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, + { "twimg.com", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, + { ".viber.com", "Viber", NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { ".cdn.viber.com", "Viber", NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { "wikipedia.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "wikimedia.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "mediawiki.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "wikimediafoundation.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".whatsapp.", "WhatsApp", NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { ".yahoo.", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".yimg.com", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "yahooapis.", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "youtube.", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "youtu.be.", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "yt3.ggpht.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".googlevideo.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".ytimg.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "youtube-nocookie.", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".vevo.com", "Vevo", NDPI_PROTOCOL_VEVO, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { ".spotify.", "Spotify", NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".pandora.com", "Pandora", NDPI_SERVICE_PANDORA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".pandora.com", "Pandora", NDPI_PROTOCOL_PANDORA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { ".torproject.org", "Tor", NDPI_PROTOCOL_TOR, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, - { ".kakao.com", "KakaoTalk", NDPI_SERVICE_KAKAOTALK, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_FUN }, - { "ttvnw.net", "Twitch", NDPI_SERVICE_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "static-cdn.jtvnw.net", "Twitch", NDPI_SERVICE_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "www-cdn.jtvnw.net", "Twitch", NDPI_SERVICE_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "quickplay.com", "QuickPlay", NDPI_SERVICE_QUICKPLAY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".kakao.com", "KakaoTalk", NDPI_PROTOCOL_KAKAOTALK, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_FUN }, + { "ttvnw.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "static-cdn.jtvnw.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "www-cdn.jtvnw.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "quickplay.com", "QuickPlay", NDPI_PROTOCOL_QUICKPLAY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { ".qq.com", "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, { ".gtimg.com", "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".weibo.com", "Sina(Weibo)", NDPI_SERVICE_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".sinaimg.cn", "Sina", NDPI_SERVICE_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".sinajs.cn", "Sina", NDPI_SERVICE_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".sina.cn", "Sina", NDPI_SERVICE_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".sina.com.cn", "Sina", NDPI_SERVICE_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".weibo.com", "Sina(Weibo)", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".sinaimg.cn", "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".sinajs.cn", "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".sina.cn", "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".sina.com.cn", "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, /* https://support.cipafilter.com/index.php?/Knowledgebase/Article/View/117/0/snapchat---how-to-block */ - { "feelinsonice.appspot.com", "Snapchat", NDPI_SERVICE_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { "feelinsonice-hrd.appspot.com", "Snapchat", NDPI_SERVICE_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { "feelinsonice.com", "Snapchat", NDPI_SERVICE_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { "feelinsonice.appspot.com", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { "feelinsonice-hrd.appspot.com", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { "feelinsonice.com", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, /* Detected "instagram.c10r.facebook.com". Omitted "*amazonaws.com" and "*facebook.com" CDNs e.g. "ig-telegraph-shv-04-frc3.facebook.com" */ - { ".cdninstagram.com", "Instagram", NDPI_SERVICE_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - { "instagram.", "Instagram", NDPI_SERVICE_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - { ".instagram.", "Instagram", NDPI_SERVICE_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - { "igcdn-photos-", "Instagram", NDPI_SERVICE_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - { "instagramimages-", "Instagram", NDPI_SERVICE_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - { "instagramstatic-", "Instagram", NDPI_SERVICE_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { ".cdninstagram.com", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { "instagram.", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { ".instagram.", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { "igcdn-photos-", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { "instagramimages-", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { "instagramstatic-", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - { ".waze.com", "Waze", NDPI_SERVICE_WAZE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".deezer.com", "Deezer", NDPI_SERVICE_DEEZER, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".waze.com", "Waze", NDPI_PROTOCOL_WAZE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".deezer.com", "Deezer", NDPI_PROTOCOL_DEEZER, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".microsoft.com", "Microsoft", NDPI_SERVICE_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, - { "i-msdn.sec.s-msft.com", "Microsoft", NDPI_SERVICE_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, - { "i2-msdn.sec.s-msft.com", "Microsoft", NDPI_SERVICE_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, - { ".webtrends.com", "Microsoft", NDPI_SERVICE_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".msecnd.net", "Microsoft", NDPI_SERVICE_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".visualstudio.com", "Microsoft", NDPI_SERVICE_MICROSOFT, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "bn1301.storage.live.com", "MS_OneDrive", NDPI_SERVICE_MS_ONE_DRIVE,NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - { "*.gateway.messenger.live.com", "MS_OneDrive", NDPI_SERVICE_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - { "skyapi.live.net", "MS_OneDrive", NDPI_SERVICE_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - { "d.docs.live.net", "MS_OneDrive", NDPI_SERVICE_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - { "update.microsoft.com", "WindowsUpdate", NDPI_SERVICE_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, - { ".windowsupdate.com", "WindowsUpdate", NDPI_SERVICE_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, + { ".microsoft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, + { "i-msdn.sec.s-msft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, + { "i2-msdn.sec.s-msft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, + { ".webtrends.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".msecnd.net", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".visualstudio.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "bn1301.storage.live.com", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE,NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { "*.gateway.messenger.live.com", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { "skyapi.live.net", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { "d.docs.live.net", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { "update.microsoft.com", "WindowsUpdate", NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, + { ".windowsupdate.com", "WindowsUpdate", NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, { "worldofwarcraft.com", "WorldOfWarcraft", NDPI_PROTOCOL_WORLDOFWARCRAFT, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".anchorfree.", "HotspotShield", NDPI_SERVICE_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, - { "hotspotshield.com", "HotspotShield", NDPI_SERVICE_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, + { ".anchorfree.", "HotspotShield", NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, + { "hotspotshield.com", "HotspotShield", NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, { ".webex.com", "Webex", NDPI_PROTOCOL_WEBEX, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".ocsdomain.com", "OCS", NDPI_SERVICE_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, - { "ocs.fr", "OCS", NDPI_SERVICE_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, - { ".ocs.fr", "OCS", NDPI_SERVICE_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, - { ".labgency.ws", "OCS", NDPI_SERVICE_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, + { ".ocsdomain.com", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, + { "ocs.fr", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, + { ".ocs.fr", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, + { ".labgency.ws", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, - { ".iflix.com", "IFLIX", NDPI_SERVICE_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".app.iflixcorp.com", "IFLIX", NDPI_SERVICE_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".images.iflixassets.com", "IFLIX", NDPI_SERVICE_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".iflix.com", "IFLIX", NDPI_PROTOCOL_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".app.iflixcorp.com", "IFLIX", NDPI_PROTOCOL_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".images.iflixassets.com", "IFLIX", NDPI_PROTOCOL_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "crl.microsoft.com", "Office365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "evsecure-ocsp.verisign.com", "Office365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "evsecure-aia.verisign.com", "Office365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "evsecure-crl.verisign.com", "Office365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".omniroot.com", "Office365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "crl.microsoft.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "evsecure-ocsp.verisign.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "evsecure-aia.verisign.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "evsecure-crl.verisign.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".omniroot.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, #if 0 /* The lines below are not just for Office 365 so they cannot be used for this purpose */ - { ".verisign.com", "Office365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".symcb.com", "Office365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".symcd.com", "Office365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".verisign.net", "Office365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".geotrust.com", "Office365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".entrust.net", "Office365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".public-trust.com", "Office365", NDPI_SERVICE_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".verisign.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".symcb.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".symcd.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".verisign.net", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".geotrust.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".entrust.net", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".public-trust.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, #endif /* http://www.urlquery.net/report.php?id=1453233646161 */ - { "lifedom.top", "Cloudflare", NDPI_SERVICE_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "coby.ns.cloudflare.com", "Cloudflare", NDPI_SERVICE_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "amanda.ns.cloudflare.com", "Cloudflare", NDPI_SERVICE_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "lifedom.top", "Cloudflare", NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "coby.ns.cloudflare.com", "Cloudflare", NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "amanda.ns.cloudflare.com", "Cloudflare", NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "d295hzzivaok4k.cloudfront.net", "OpenDNS", NDPI_SERVICE_OPENDNS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".opendns.com", "OpenDNS", NDPI_SERVICE_OPENDNS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, + { "d295hzzivaok4k.cloudfront.net", "OpenDNS", NDPI_PROTOCOL_OPENDNS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".opendns.com", "OpenDNS", NDPI_PROTOCOL_OPENDNS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, /* https://get.slack.help/hc/en-us/articles/205138367-Troubleshooting-Slack-connection-issues */ - { "slack.com", "Slack", NDPI_SERVICE_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".slack-msgs.com", "Slack", NDPI_SERVICE_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "slack-files.com", "Slack", NDPI_SERVICE_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "slack-imgs.com", "Slack", NDPI_SERVICE_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".slack-edge.com", "Slack", NDPI_SERVICE_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".slack-core.com", "Slack", NDPI_SERVICE_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "slack-redir.net", "Slack", NDPI_SERVICE_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "slack.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".slack-msgs.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "slack-files.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "slack-imgs.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".slack-edge.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".slack-core.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "slack-redir.net", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, /* Detected "slack-assets2.s3-us-west-2.amazonaws.com.". Omitted "*amazonaws.com" CDN, but no generic pattern to use on first part */ - { "slack-assets2.s3-", "Slack", NDPI_SERVICE_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "slack-assets2.s3-", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "github.com", "Github", NDPI_SERVICE_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".github.com", "Github", NDPI_SERVICE_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "github.io", "Github", NDPI_SERVICE_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".github.io", "Github", NDPI_SERVICE_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "githubusercontent.com", "Github", NDPI_SERVICE_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".githubusercontent.com", "Github", NDPI_SERVICE_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "github.com", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".github.com", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "github.io", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".github.io", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "githubusercontent.com", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".githubusercontent.com", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".iqiyi.com", "iQIYI", NDPI_SERVICE_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".qiyi.com", "iQIYI", NDPI_SERVICE_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".71.am", "iQIYI", NDPI_SERVICE_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".qiyipic.com", "iQIYI", NDPI_SERVICE_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".iqiyi.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".qiyi.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".71.am", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".qiyipic.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { ".ppstream.com", "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { ".pps.tv", "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".1kxun.", "1kxun", NDPI_SERVICE_1KXUN, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "tcad.wedolook.com", "1kxun", NDPI_SERVICE_1KXUN, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".1kxun.", "1kxun", NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "tcad.wedolook.com", "1kxun", NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { ".steampowered.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, { "steamcommunity.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, @@ -7648,7 +7648,7 @@ ndpi_protocol_match content_match[] = { { "NSPlayer/", NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "application/x-mms-framed", NULL, NDPI_CONTENT_MMS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "Xbox Live Client/", NULL, NDPI_PROTOCOL_XBOX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "Windows-Update-Agent", NULL, NDPI_SERVICE_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE }, + { "Windows-Update-Agent", NULL, NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE }, { "audio/webm", NULL, NDPI_CONTENT_WEBM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "video/webm", NULL, NDPI_CONTENT_WEBM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "application/x-rtsp-tunnelled", NULL, NDPI_PROTOCOL_RTSP, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 81fd68f29..28ae1ff13 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -671,6 +671,20 @@ static void init_string_based_protocols(struct ndpi_detection_module_struct *ndp /* ******************************************************************** */ +static void ndpi_init_placeholder_proto(struct ndpi_detection_module_struct *ndpi_mod, + ndpi_port_range *ports_a, + ndpi_port_range *ports_b, + u_int16_t *no_master, + u_int16_t proto_id) { + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, proto_id, + no_master, + no_master, "Placeholder", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ +} + +/* ******************************************************************** */ + /* This function is used to map protocol name and default ports and it MUST be updated whenever a new protocol is added to NDPI. @@ -1063,7 +1077,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "WorldOfWarcraft", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_SERVICE_HOTSPOT_SHIELD, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_HOTSPOT_SHIELD, no_master, no_master, "HotspotShield", NDPI_PROTOCOL_CATEGORY_VPN, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, @@ -1382,7 +1396,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "EAQ", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 6000, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_SERVICE_KAKAOTALK_VOICE, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_KAKAOTALK_VOICE, no_master, no_master, "KakaoTalk_Voice", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, @@ -1558,7 +1572,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "DRDA", NDPI_PROTOCOL_CATEGORY_DATABASE, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_SERVICE_HANGOUT, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HANGOUT, no_master, no_master, "GoogleHangout", NDPI_PROTOCOL_CATEGORY_CHAT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, @@ -1568,7 +1582,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "BJNP", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 8612, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_SERVICE_1KXUN, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_1KXUN, no_master, no_master, "1kxun", NDPI_PROTOCOL_CATEGORY_MEDIA, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ @@ -1579,6 +1593,14 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ + /* To be removed as soon as we define new protocols */ + ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_191); + ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_192); + ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_217); + ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_222); + ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_223); + ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_224); + ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_225); /* calling function for host and content matched protocols */ init_string_based_protocols(ndpi_mod); diff --git a/src/lib/protocols/hangout.c b/src/lib/protocols/hangout.c index ca53a8814..4555c6c75 100644 --- a/src/lib/protocols/hangout.c +++ b/src/lib/protocols/hangout.c @@ -19,7 +19,7 @@ */ #include "ndpi_api.h" -#ifdef NDPI_SERVICE_HANGOUT +#ifdef NDPI_PROTOCOL_HANGOUT /* https://support.google.com/a/answer/1279090?hl=en */ #define HANGOUT_UDP_LOW_PORT 19302 @@ -48,7 +48,7 @@ static u_int8_t isHangoutTCPPort(u_int16_t port) { /* ******************************************* */ static u_int8_t google_ptree_match(struct ndpi_detection_module_struct *ndpi_struct, struct in_addr *pin) { - return((ndpi_network_ptree_match(ndpi_struct, pin) == NDPI_SERVICE_GOOGLE) ? 1 : 0); + return((ndpi_network_ptree_match(ndpi_struct, pin) == NDPI_PROTOCOL_GOOGLE) ? 1 : 0); } /* ******************************************* */ @@ -78,14 +78,14 @@ void ndpi_search_hangout(struct ndpi_detection_module_struct *ndpi_struct, ((packet->udp != NULL) && (isHangoutUDPPort(ntohs(packet->udp->source)) || isHangoutUDPPort(ntohs(packet->udp->dest)))) || ((packet->tcp != NULL) && (isHangoutTCPPort(ntohs(packet->tcp->source)) || isHangoutTCPPort(ntohs(packet->tcp->dest))))) { - NDPI_LOG(NDPI_SERVICE_HANGOUT, ndpi_struct, NDPI_LOG_DEBUG, "Found Hangout.\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_SERVICE_HANGOUT, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG(NDPI_PROTOCOL_HANGOUT, ndpi_struct, NDPI_LOG_DEBUG, "Found Hangout.\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_HANGOUT, NDPI_PROTOCOL_UNKNOWN); return; } } - NDPI_LOG(NDPI_SERVICE_HANGOUT, ndpi_struct, NDPI_LOG_DEBUG, "No Hangout.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_SERVICE_HANGOUT); + NDPI_LOG(NDPI_PROTOCOL_HANGOUT, ndpi_struct, NDPI_LOG_DEBUG, "No Hangout.\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_HANGOUT); } /* ***************************************************************** */ @@ -93,7 +93,7 @@ void ndpi_search_hangout(struct ndpi_detection_module_struct *ndpi_struct, void init_hangout_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { ndpi_set_bitmask_protocol_detection("GoogleHangout", ndpi_struct, detection_bitmask, *id, - NDPI_SERVICE_HANGOUT, + NDPI_PROTOCOL_HANGOUT, ndpi_search_hangout, NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP, SAVE_DETECTION_BITMASK_AS_UNKNOWN, @@ -102,4 +102,4 @@ void init_hangout_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_ *id += 1; } -#endif /* NDPI_SERVICE_HANGOUT */ +#endif /* NDPI_PROTOCOL_HANGOUT */ diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 795a6e5b7..4b381f067 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -204,15 +204,15 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ } else if(iqiyi_counter > 0) { NDPI_LOG(NDPI_SERVICE_IQIYI, ndpi_struct, NDPI_LOG_DEBUG, "iQiyi found.\n"); - ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_SERVICE_IQIYI); + ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_IQIYI); } #endif -#ifdef NDPI_SERVICE_1KXUN +#ifdef NDPI_PROTOCOL_1KXUN /* 1KXUN */ if(kxun_counter > 0) { - NDPI_LOG(NDPI_SERVICE_1KXUN, ndpi_struct, NDPI_LOG_DEBUG, "1kxun found.\n"); - ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_SERVICE_1KXUN); + NDPI_LOG(NDPI_PROTOCOL_1KXUN, ndpi_struct, NDPI_LOG_DEBUG, "1kxun found.\n"); + ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_1KXUN); } #endif @@ -817,7 +817,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct x = 1; while(packet->line[x].len != 0) { if((memcmp(packet->line[x].ptr, "X-FB-SIM-HNI", 12)) == 0) { - ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_SERVICE_FACEBOOK); + ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_FACEBOOK); check_content_type_and_change_protocol(ndpi_struct, flow); return; } diff --git a/src/lib/protocols/kakaotalk_voice.c b/src/lib/protocols/kakaotalk_voice.c index 368532c5d..fbdc8eac6 100644 --- a/src/lib/protocols/kakaotalk_voice.c +++ b/src/lib/protocols/kakaotalk_voice.c @@ -27,7 +27,7 @@ #include "ndpi_api.h" -#ifdef NDPI_SERVICE_KAKAOTALK_VOICE +#ifdef NDPI_PROTOCOL_KAKAOTALK_VOICE void ndpi_search_kakaotalk_voice(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; @@ -48,21 +48,21 @@ void ndpi_search_kakaotalk_voice(struct ndpi_detection_module_struct *ndpi_struc if(((ntohl(packet->iph->saddr) & 0xFFFF0000 /* 255.255.0.0 */) == 0x01C90000 /* 1.201.0.0/16 */) || ((ntohl(packet->iph->daddr) & 0xFFFF0000 /* 255.255.0.0 */) == 0x01C90000 /* 1.201.0.0/16 */)) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_SERVICE_KAKAOTALK_VOICE, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_KAKAOTALK_VOICE, NDPI_PROTOCOL_UNKNOWN); return; } } } - NDPI_LOG(NDPI_SERVICE_KAKAOTALK_VOICE, ndpi_struct, NDPI_LOG_DEBUG, "Exclude kakaotalk_voice.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_SERVICE_KAKAOTALK_VOICE); + NDPI_LOG(NDPI_PROTOCOL_KAKAOTALK_VOICE, ndpi_struct, NDPI_LOG_DEBUG, "Exclude kakaotalk_voice.\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_KAKAOTALK_VOICE); } void init_kakaotalk_voice_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { ndpi_set_bitmask_protocol_detection("KakaoTalk_Voice", ndpi_struct, detection_bitmask, *id, - NDPI_SERVICE_KAKAOTALK_VOICE, + NDPI_PROTOCOL_KAKAOTALK_VOICE, ndpi_search_kakaotalk_voice, NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, SAVE_DETECTION_BITMASK_AS_UNKNOWN, diff --git a/src/lib/protocols/kxun.c b/src/lib/protocols/kxun.c index 33939ed85..d78e77a1a 100644 --- a/src/lib/protocols/kxun.c +++ b/src/lib/protocols/kxun.c @@ -19,13 +19,13 @@ */ #include "ndpi_protocols.h" -#ifdef NDPI_SERVICE_1KXUN +#ifdef NDPI_PROTOCOL_1KXUN static void ndpi_int_kxun_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_SERVICE_1KXUN, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_UNKNOWN); } @@ -46,7 +46,7 @@ void ndpi_search_kxun(struct ndpi_detection_module_struct packet->payload[1] == 0x0f && packet->payload[4] == 0xa0 && packet->payload[5] == 0x00) { - NDPI_LOG(NDPI_SERVICE_1KXUN, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG(NDPI_PROTOCOL_1KXUN, ndpi_struct, NDPI_LOG_DEBUG, "found 1kxun over udp.\n"); ndpi_int_kxun_add_connection(ndpi_struct, flow); return; @@ -78,15 +78,15 @@ void ndpi_search_kxun(struct ndpi_detection_module_struct } } /* EXCLUDE 1KXUN */ - NDPI_LOG(NDPI_SERVICE_1KXUN, ndpi_struct, NDPI_LOG_DEBUG, "exclude 1kxun.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_SERVICE_1KXUN); + NDPI_LOG(NDPI_PROTOCOL_1KXUN, ndpi_struct, NDPI_LOG_DEBUG, "exclude 1kxun.\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_1KXUN); } void init_kxun_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { ndpi_set_bitmask_protocol_detection("1kxun", ndpi_struct, detection_bitmask, *id, - NDPI_SERVICE_1KXUN, + NDPI_PROTOCOL_1KXUN, ndpi_search_kxun, NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD, SAVE_DETECTION_BITMASK_AS_UNKNOWN, diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c index 2ab93b949..bc64a6695 100644 --- a/src/lib/protocols/ssl.c +++ b/src/lib/protocols/ssl.c @@ -363,7 +363,7 @@ static void ssl_mark_and_payload_search_for_other_protocols(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { -#if defined(NDPI_PROTOCOL_MEEBO)|| defined(NDPI_PROTOCOL_TOR) || defined(NDPI_PROTOCOL_VPN_X) || defined(NDPI_PROTOCOL_UNENCRYPED_JABBER) || defined (NDPI_PROTOCOL_OSCAR) || defined (NDPI_PROTOCOL_ITUNES) || defined (NDPI_SERVICE_GMAIL) +#if defined(NDPI_PROTOCOL_MEEBO)|| defined(NDPI_PROTOCOL_TOR) || defined(NDPI_PROTOCOL_VPN_X) || defined(NDPI_PROTOCOL_UNENCRYPED_JABBER) || defined (NDPI_PROTOCOL_OSCAR) || defined (NDPI_PROTOCOL_ITUNES) || defined (NDPI_PROTOCOL_GMAIL) struct ndpi_packet_struct *packet = &flow->packet; // struct ndpi_id_struct *src=flow->src; // struct ndpi_id_struct *dst=flow->dst; @@ -598,7 +598,7 @@ void ndpi_search_ssl_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc && (packet->payload[4] == 0) && (packet->payload[2] <= 9) && (packet->payload[3] <= 9))) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_SERVICE_WHATSAPP, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_UNKNOWN); return; } else { /* No whatsapp, let's try SSL */ -- cgit v1.2.3 From 8805d8523b6f2f22d4db0a1344439f36e5f3f9c2 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 31 Jan 2017 15:04:24 +0100 Subject: Optimized code to avoid multiple calls to ndpi_network_ptree_match() HTTP-based subprotocols have not HTTP set as master_protocols --- src/include/ndpi_protocols.h | 1 + src/lib/ndpi_main.c | 7 +++---- src/lib/protocols/http.c | 10 ++++++---- src/lib/protocols/tcp_udp.c | 19 ++++++++++++------- 4 files changed, 22 insertions(+), 15 deletions(-) (limited to 'src') diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index f34a12f13..edf4ca3dc 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -44,6 +44,7 @@ ndpi_port_range* ndpi_build_default_ports(ndpi_port_range *ports, /* TCP/UDP protocols */ u_int ndpi_search_tcp_or_udp_raw(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, u_int8_t protocol, u_int32_t saddr, u_int32_t daddr, u_int16_t sport, u_int16_t dport); diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 28ae1ff13..f6b6911df 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1680,10 +1680,8 @@ u_int8_t ndpi_is_tor_flow(struct ndpi_detection_module_struct *ndpi_struct, if(packet->tcp != NULL) { if(packet->iph) { - if(tor_ptree_match(ndpi_struct, (struct in_addr *)&packet->iph->saddr) - || tor_ptree_match(ndpi_struct, (struct in_addr *)&packet->iph->daddr)) { + if(flow->guessed_host_protocol_id == NDPI_PROTOCOL_TOR) return(1); - } } } @@ -4413,7 +4411,8 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct u_int8_t user_defined_proto; if((proto == IPPROTO_TCP) || (proto == IPPROTO_UDP)) { - rc = ndpi_search_tcp_or_udp_raw(ndpi_struct, proto, shost, dhost, sport, dport); + rc = ndpi_search_tcp_or_udp_raw(ndpi_struct, NULL, proto, + shost, dhost, sport, dport); if(rc != NDPI_PROTOCOL_UNKNOWN) { ret.protocol = rc, diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 4b381f067..d405e407b 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -41,10 +41,11 @@ static void ndpi_int_http_add_connection(struct ndpi_detection_module_struct *nd /* If no custom protocol has been detected */ if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) { - if(protocol == NDPI_PROTOCOL_HTTP) + if(protocol == NDPI_PROTOCOL_HTTP) { ndpi_int_reset_protocol(flow); - - ndpi_set_detected_protocol(ndpi_struct, flow, protocol, NDPI_PROTOCOL_UNKNOWN); + ndpi_set_detected_protocol(ndpi_struct, flow, flow->guessed_host_protocol_id, protocol); + } else + ndpi_set_detected_protocol(ndpi_struct, flow, protocol, NDPI_PROTOCOL_HTTP); } flow->http_detected = 1; @@ -382,7 +383,8 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ if(!ndpi_struct->http_dont_dissect_response && flow->http_detected) parseHttpSubprotocol(ndpi_struct, flow); - flow->guessed_protocol_id = NDPI_PROTOCOL_HTTP; + if(flow->guessed_protocol_id == NDPI_PROTOCOL_UNKNOWN) + flow->guessed_protocol_id = NDPI_PROTOCOL_HTTP; /* check for accept line */ if(packet->accept_line.ptr != NULL) { diff --git a/src/lib/protocols/tcp_udp.c b/src/lib/protocols/tcp_udp.c index 2c6792551..605ba54c3 100644 --- a/src/lib/protocols/tcp_udp.c +++ b/src/lib/protocols/tcp_udp.c @@ -24,7 +24,8 @@ /* ndpi_main.c */ extern u_int8_t ndpi_is_tor_flow(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); -u_int ndpi_search_tcp_or_udp_raw(struct ndpi_detection_module_struct *ndpi_struct, +u_int ndpi_search_tcp_or_udp_raw(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, u_int8_t protocol, u_int32_t saddr, u_int32_t daddr, /* host endianess */ u_int16_t sport, u_int16_t dport) /* host endianess */ @@ -38,12 +39,15 @@ u_int ndpi_search_tcp_or_udp_raw(struct ndpi_detection_module_struct *ndpi_struc } } - host.s_addr = htonl(saddr); - if((rc = ndpi_network_ptree_match(ndpi_struct, &host)) != NDPI_PROTOCOL_UNKNOWN) - return (rc); - - host.s_addr = htonl(daddr); - return (ndpi_network_ptree_match(ndpi_struct, &host)); + if(flow) + return(flow->guessed_host_protocol_id); + else { + if((rc = ndpi_network_ptree_match(ndpi_struct, &host)) != NDPI_PROTOCOL_UNKNOWN) + return (rc); + + host.s_addr = htonl(daddr); + return (ndpi_network_ptree_match(ndpi_struct, &host)); + } } void ndpi_search_tcp_or_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -66,6 +70,7 @@ void ndpi_search_tcp_or_udp(struct ndpi_detection_module_struct *ndpi_struct, st if(packet->iph /* IPv4 Only: we need to support packet->iphv6 at some point */) { proto = ndpi_search_tcp_or_udp_raw(ndpi_struct, + flow, flow->packet.iph ? flow->packet.iph->protocol : #ifdef NDPI_DETECTION_SUPPORT_IPV6 flow->packet.iphv6->ip6_ctlun.ip6_un1.ip6_un1_nxt, -- cgit v1.2.3 From a3d32d9d80db80fcfce67c70e97121d84c29a112 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 31 Jan 2017 16:01:58 +0100 Subject: Improved HTTP subprotocol matching --- src/lib/protocols/http.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index d405e407b..41e04467c 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -40,7 +40,7 @@ static void ndpi_int_http_add_connection(struct ndpi_detection_module_struct *nd ndpi_search_tcp_or_udp(ndpi_struct, flow); /* If no custom protocol has been detected */ - if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) { + /* if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) */ { if(protocol == NDPI_PROTOCOL_HTTP) { ndpi_int_reset_protocol(flow); ndpi_set_detected_protocol(ndpi_struct, flow, flow->guessed_host_protocol_id, protocol); -- cgit v1.2.3 From 8fa2d8f0d6f67cccedcefdcf8c64fec139572a89 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 31 Jan 2017 16:38:31 +0100 Subject: Improved whatsapp detection --- src/lib/ndpi_content_match.c.inc | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'src') diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index dcc613779..04b04133a 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -128,6 +128,12 @@ static ndpi_network host_protocol_list[] = { { 0x68F28200 /* 202.160.130.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, { 0x68F28300 /* 202.160.131.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, + /* + WhatsApp Inc. + 169.47.35.32 - 169.47.35.63 + */ + { 0xA92F2320 /* 169.47.35.32/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, + /* OpenDNS 208.67.216.0/21 -- cgit v1.2.3 From 99410454681b75b3a40330ac38b886c53ecd070d Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 1 Feb 2017 18:10:02 +0100 Subject: Renumbered ids that were changed by mistake MQTT (NOW 208, latest stable version 222) RX ( NOW 209, latest stable version 223) OPENDNS ( NOW 197, latest stable version 225 ). --- src/include/ndpi_protocol_ids.h | 20 +++++++++++++------- src/lib/ndpi_main.c | 6 +++--- tests/result/coap_mqtt.pcap.out | 8 ++++---- tests/result/rx.pcap.out | 10 +++++----- 4 files changed, 25 insertions(+), 19 deletions(-) (limited to 'src') diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index e278ea260..b74f384e6 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -236,7 +236,10 @@ #define NDPI_PROTOCOL_KAKAOTALK_VOICE 194 /* KakaoTalk Voice */ #define NDPI_PROTOCOL_TWITCH 195 /* Edoardo Dominici */ #define NDPI_PROTOCOL_QUICKPLAY 196 /* Streaming service used by various services such as hooq.tv */ -#define NDPI_PROTOCOL_OPENDNS 197 + +/* 197 is free */ +#define NDPI_PROTOCOL_FREE_197 197 + #define NDPI_PROTOCOL_MPEGTS 198 #define NDPI_PROTOCOL_SNAPCHAT 199 #define NDPI_PROTOCOL_SINA 200 @@ -247,8 +250,11 @@ #define NDPI_PROTOCOL_1KXUN 205 #define NDPI_PROTOCOL_IQIYI 206 #define NDPI_PROTOCOL_SMPP 207 /* Damir Franusic */ -#define NDPI_PROTOCOL_MQTT 208 -#define NDPI_PROTOCOL_RX 209 + +/* 208 - 209 free */ +#define NDPI_PROTOCOL_FREE_208 208 +#define NDPI_PROTOCOL_FREE_209 209 + #define NDPI_PROTOCOL_DEEZER 210 #define NDPI_PROTOCOL_INSTAGRAM 211 /* Andrea Buscarinu */ #define NDPI_PROTOCOL_MICROSOFT 212 @@ -264,13 +270,13 @@ #define NDPI_PROTOCOL_OFFICE_365 219 #define NDPI_PROTOCOL_CLOUDFLARE 220 #define NDPI_PROTOCOL_MS_ONE_DRIVE 221 +#define NDPI_PROTOCOL_MQTT 222 +#define NDPI_PROTOCOL_RX 223 -/* 222 - 225 */ -#define NDPI_PROTOCOL_FREE_222 222 -#define NDPI_PROTOCOL_FREE_223 223 +/* 224 is free */ #define NDPI_PROTOCOL_FREE_224 224 -#define NDPI_PROTOCOL_FREE_225 225 +#define NDPI_PROTOCOL_OPENDNS 225 #define NDPI_PROTOCOL_GIT 226 #define NDPI_PROTOCOL_DRDA 227 diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index f6b6911df..5a6a935ae 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1596,11 +1596,11 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp /* To be removed as soon as we define new protocols */ ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_191); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_192); + ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_197); + ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_208); + ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_209); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_217); - ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_222); - ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_223); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_224); - ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_225); /* calling function for host and content matched protocols */ init_string_based_protocols(ndpi_mod); diff --git a/tests/result/coap_mqtt.pcap.out b/tests/result/coap_mqtt.pcap.out index a9bd983e1..67e3d3077 100644 --- a/tests/result/coap_mqtt.pcap.out +++ b/tests/result/coap_mqtt.pcap.out @@ -7,14 +7,14 @@ MQTT 7695 668291 4 3 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:5683 <-> [2001:620:8:35d9::10]:61047 [proto: 27/COAP][1 pkts/90 bytes] 4 UDP 192.168.56.1:50318 <-> 192.168.56.101:17500 [proto: 121/Dropbox][200 pkts/20220 bytes] 5 UDP 192.168.56.1:50312 <-> 192.168.56.101:17500 [proto: 121/Dropbox][200 pkts/20194 bytes] - 6 TCP 192.168.56.1:53523 <-> 192.168.56.101:17501 [proto: 208/MQTT][1926 pkts/167126 bytes] + 6 TCP 192.168.56.1:53523 <-> 192.168.56.101:17501 [proto: 222/MQTT][1926 pkts/167126 bytes] 7 UDP [bbbb::1]:33499 <-> [bbbb::3]:5683 [proto: 27/COAP][4 pkts/404 bytes] 8 UDP [bbbb::1]:46819 <-> [bbbb::3]:5683 [proto: 27/COAP][6 pkts/467 bytes] 9 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:5683 <-> [2001:620:8:35d9::10]:61044 [proto: 27/COAP][1 pkts/86 bytes] 10 UDP [2001:da8:215:1171:a10b:cb48:8f83:57f6]:5683 <-> [2001:620:8:35d9::10]:61046 [proto: 27/COAP][1 pkts/86 bytes] 11 UDP 192.168.56.1:50311 <-> 192.168.56.101:17500 [proto: 121/Dropbox][200 pkts/20120 bytes] 12 UDP 192.168.56.1:50319 <-> 192.168.56.101:17500 [proto: 121/Dropbox][200 pkts/20142 bytes] - 13 TCP 192.168.56.1:53522 <-> 192.168.56.101:17501 [proto: 208/MQTT][1922 pkts/166928 bytes] - 14 TCP 192.168.56.1:53528 <-> 192.168.56.101:17501 [proto: 208/MQTT][1928 pkts/167509 bytes] - 15 TCP 192.168.56.1:53524 <-> 192.168.56.101:17501 [proto: 208/MQTT][1919 pkts/166728 bytes] + 13 TCP 192.168.56.1:53522 <-> 192.168.56.101:17501 [proto: 222/MQTT][1922 pkts/166928 bytes] + 14 TCP 192.168.56.1:53528 <-> 192.168.56.101:17501 [proto: 222/MQTT][1928 pkts/167509 bytes] + 15 TCP 192.168.56.1:53524 <-> 192.168.56.101:17501 [proto: 222/MQTT][1919 pkts/166728 bytes] 16 UDP [bbbb::1]:50250 <-> [bbbb::3]:5683 [proto: 27/COAP][4 pkts/309 bytes] diff --git a/tests/result/rx.pcap.out b/tests/result/rx.pcap.out index f38fc982d..1339732cb 100644 --- a/tests/result/rx.pcap.out +++ b/tests/result/rx.pcap.out @@ -1,7 +1,7 @@ RX 132 26475 5 - 1 UDP 192.167.206.124:7002 <-> 131.114.219.168:38331 [proto: 209/RX][3 pkts/519 bytes] - 2 UDP 192.167.206.124:7002 <-> 131.114.219.168:41559 [proto: 209/RX][3 pkts/519 bytes] - 3 UDP 192.167.206.124:7003 <-> 131.114.219.168:7001 [proto: 209/RX][27 pkts/9919 bytes] - 4 UDP 131.114.219.168:7001 <-> 192.167.206.241:7000 [proto: 209/RX][79 pkts/12376 bytes] - 5 UDP 192.167.206.124:7000 <-> 131.114.219.168:7001 [proto: 209/RX][20 pkts/3142 bytes] + 1 UDP 192.167.206.124:7002 <-> 131.114.219.168:38331 [proto: 223/RX][3 pkts/519 bytes] + 2 UDP 192.167.206.124:7002 <-> 131.114.219.168:41559 [proto: 223/RX][3 pkts/519 bytes] + 3 UDP 192.167.206.124:7003 <-> 131.114.219.168:7001 [proto: 223/RX][27 pkts/9919 bytes] + 4 UDP 131.114.219.168:7001 <-> 192.167.206.241:7000 [proto: 223/RX][79 pkts/12376 bytes] + 5 UDP 192.167.206.124:7000 <-> 131.114.219.168:7001 [proto: 223/RX][20 pkts/3142 bytes] -- cgit v1.2.3 From beb069df64fd7c4221b8b8392819fd246338754f Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Sat, 4 Feb 2017 09:01:46 +0100 Subject: fix hardcoded value of version in Makefile Issue report by @clauderobi (issue #333) --- src/include/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/include/Makefile.am b/src/include/Makefile.am index cd901f58b..6eeca93b4 100644 --- a/src/include/Makefile.am +++ b/src/include/Makefile.am @@ -1,4 +1,4 @@ -library_includedir=$(includedir)/libndpi-1.4/libndpi +library_includedir=$(includedir)/libndpi-@VERSION@/libndpi library_include_HEADERS = ndpi_api.h \ ndpi_define.h \ -- cgit v1.2.3 From be1ee30fa82721460682b0cfa2eb4f5e9d0b03c2 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Sat, 4 Feb 2017 09:39:16 +0100 Subject: ndpi_main(.c): fix unused function 'tor_ptree_match' [-Werror,-Wunused-function] --- src/lib/ndpi_main.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 5a6a935ae..20b27c7fe 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1668,9 +1668,11 @@ u_int16_t ndpi_network_ptree_match(struct ndpi_detection_module_struct *ndpi_str /* ******************************************* */ +#if 0 static u_int8_t tor_ptree_match(struct ndpi_detection_module_struct *ndpi_struct, struct in_addr *pin) { return((ndpi_network_ptree_match(ndpi_struct, pin) == NDPI_PROTOCOL_TOR) ? 1 : 0); } +#endif /* ******************************************* */ -- cgit v1.2.3 From b229b89c787e7e6377b388e86ce56341ee6918b0 Mon Sep 17 00:00:00 2001 From: Campus Date: Thu, 9 Feb 2017 17:01:12 +0100 Subject: fix for https://github.com/ntop/nDPI/issues/339 --- src/include/ndpi_typedefs.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 0c07dd137..1415b3e6f 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -921,7 +921,7 @@ struct ndpi_flow_struct { */ struct ndpi_id_struct *server_id; /* HTTP host or DNS query */ - u_char host_server_name[192]; + u_char host_server_name[256]; /* Via HTTP User-Agent */ u_char detected_os[32]; /* Via HTTP X-Forwarded-For */ -- cgit v1.2.3 From 1d2e67d38ca195f115b3f06e1dbda3ab9c6d3df7 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sat, 11 Feb 2017 10:48:08 +0100 Subject: Dissected SSH client/server versions and reported in data structures --- example/ndpiReader.c | 18 +++++---- example/ndpi_util.c | 18 ++++++--- example/ndpi_util.h | 4 +- src/include/ndpi_typedefs.h | 5 ++- src/lib/protocols/ssh.c | 21 +++++++++++ tests/result/1kxun.pcap.out | 8 ++-- tests/result/6in4tunnel.pcap.out | 4 +- tests/result/Instagram.pcap.out | 10 ++--- tests/result/KakaoTalk_chat.pcap.out | 16 ++++---- tests/result/Viber_session.pcap.out | 6 +-- tests/result/dropbox.pcap.out | 8 ++-- tests/result/facebook.pcap.out | 4 +- tests/result/google_ssl.pcap.out | 2 +- tests/result/http_ipv6.pcap.out | 12 +++--- tests/result/ocs.pcap.out | 6 +-- tests/result/skype.pcap.out | 10 ++--- tests/result/skype_no_unknown.pcap.out | 6 +-- tests/result/snapchat.pcap.out | 4 +- tests/result/tor.pcap.out | 14 +++---- tests/result/viber_mobile.pcap.out | 12 +++--- tests/result/waze.pcap.out | 24 ++++++------ tests/result/webex.pcap.out | 62 +++++++++++++++---------------- tests/result/weibo.pcap.out | 2 +- tests/result/whatsapp_login_call.pcap.out | 6 +-- 24 files changed, 158 insertions(+), 124 deletions(-) (limited to 'src') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index e1777d7da..4bf786aa8 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -387,8 +387,10 @@ static void printFlow(u_int16_t thread_id, struct ndpi_flow_info *flow) { flow->packets, (long long unsigned int) flow->bytes); if(flow->host_server_name[0] != '\0') fprintf(out, "[Host: %s]", flow->host_server_name); - if(flow->ssl.client_certificate[0] != '\0') fprintf(out, "[SSL client: %s]", flow->ssl.client_certificate); - if(flow->ssl.server_certificate[0] != '\0') fprintf(out, "[SSL server: %s]", flow->ssl.server_certificate); + + + if(flow->ssh_ssl.client_info[0] != '\0') fprintf(out, "[client: %s]", flow->ssh_ssl.client_info); + if(flow->ssh_ssl.server_info[0] != '\0') fprintf(out, "[server: %s]", flow->ssh_ssl.server_info); if(flow->bittorent_hash[0] != '\0') fprintf(out, "[BT Hash: %s]", flow->bittorent_hash); fprintf(out, "\n"); @@ -427,16 +429,16 @@ static void printFlow(u_int16_t thread_id, struct ndpi_flow_info *flow) { if(flow->host_server_name[0] != '\0') json_object_object_add(jObj,"host.server.name",json_object_new_string(flow->host_server_name)); - if((flow->ssl.client_certificate[0] != '\0') || (flow->ssl.server_certificate[0] != '\0')) { + if((flow->ssh_ssl.client_info[0] != '\0') || (flow->ssh_ssl.server_info[0] != '\0')) { json_object *sjObj = json_object_new_object(); - if(flow->ssl.client_certificate[0] != '\0') - json_object_object_add(sjObj, "client", json_object_new_string(flow->ssl.client_certificate)); + if(flow->ssh_ssl.client_info[0] != '\0') + json_object_object_add(sjObj, "client", json_object_new_string(flow->ssh_ssl.client_info)); - if(flow->ssl.server_certificate[0] != '\0') - json_object_object_add(sjObj, "server", json_object_new_string(flow->ssl.server_certificate)); + if(flow->ssh_ssl.server_info[0] != '\0') + json_object_object_add(sjObj, "server", json_object_new_string(flow->ssh_ssl.server_info)); - json_object_object_add(jObj, "ssl", sjObj); + json_object_object_add(jObj, "ssh_ssl", sjObj); } if(json_flag == 1) diff --git a/example/ndpi_util.c b/example/ndpi_util.c index d121b5841..d5cb27d5a 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -440,7 +440,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info6(struct ndpi_workflow * workflo Function to process the packet: determine the flow of a packet and try to decode it @return: 0 if success; else != 0 - + @Note: ipsize = header->len - ip_offset ; rawsize = header->len */ static unsigned int packet_processing(struct ndpi_workflow * workflow, @@ -519,10 +519,18 @@ static unsigned int packet_processing(struct ndpi_workflow * workflow, } if((proto == IPPROTO_TCP) && (flow->detected_protocol.protocol != NDPI_PROTOCOL_DNS)) { - snprintf(flow->ssl.client_certificate, sizeof(flow->ssl.client_certificate), "%s", - flow->ndpi_flow->protos.ssl.client_certificate); - snprintf(flow->ssl.server_certificate, sizeof(flow->ssl.server_certificate), "%s", - flow->ndpi_flow->protos.ssl.server_certificate); + if(flow->detected_protocol.protocol == NDPI_PROTOCOL_SSH) { + snprintf(flow->ssh_ssl.client_info, sizeof(flow->ssh_ssl.client_info), "%s", + flow->ndpi_flow->protos.ssh.client_signature); + snprintf(flow->ssh_ssl.server_info, sizeof(flow->ssh_ssl.server_info), "%s", + flow->ndpi_flow->protos.ssh.server_signature); + } else if((flow->detected_protocol.protocol == NDPI_PROTOCOL_SSL) + || (flow->detected_protocol.master_protocol == NDPI_PROTOCOL_SSL)) { + snprintf(flow->ssh_ssl.client_info, sizeof(flow->ssh_ssl.client_info), "%s", + flow->ndpi_flow->protos.ssl.client_certificate); + snprintf(flow->ssh_ssl.server_info, sizeof(flow->ssh_ssl.server_info), "%s", + flow->ndpi_flow->protos.ssl.server_certificate); + } } if(flow->detection_completed) { diff --git a/example/ndpi_util.h b/example/ndpi_util.h index 3168a5010..171ab8e95 100644 --- a/example/ndpi_util.h +++ b/example/ndpi_util.h @@ -62,8 +62,8 @@ typedef struct ndpi_flow_info { char bittorent_hash[41]; struct { - char client_certificate[48], server_certificate[48]; - } ssl; + char client_info[48], server_info[48]; + } ssh_ssl; void *src_id, *dst_id; } ndpi_flow_info_t; diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 1415b3e6f..801f1e768 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -942,7 +942,6 @@ struct ndpi_flow_struct { } http; union { - /* the only fields useful for nDPI and ntopng */ struct { u_int8_t num_queries, num_answers, reply_code; @@ -957,6 +956,10 @@ struct ndpi_flow_struct { struct { char client_certificate[48], server_certificate[48]; } ssl; + + struct { + char client_signature[48], server_signature[48]; + } ssh; } protos; /*** ALL protocol specific 64 bit variables here ***/ diff --git a/src/lib/protocols/ssh.c b/src/lib/protocols/ssh.c index 20b8b5fe9..cb874010f 100644 --- a/src/lib/protocols/ssh.c +++ b/src/lib/protocols/ssh.c @@ -31,6 +31,18 @@ static void ndpi_int_ssh_add_connection(struct ndpi_detection_module_struct ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SSH, NDPI_PROTOCOL_UNKNOWN); } +static void ndpi_ssh_zap_cr(char *str, int len) { + len--; + + while(len > 0) { + if((str[len] == '\n') || (str[len] == '\r')) { + str[len] = '\0'; + len--; + } else + break; + } +} + void ndpi_search_ssh_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; @@ -40,6 +52,10 @@ void ndpi_search_ssh_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc if (flow->l4.tcp.ssh_stage == 0) { if (packet->payload_packet_len > 7 && packet->payload_packet_len < 100 && memcmp(packet->payload, "SSH-", 4) == 0) { + int len = ndpi_min(sizeof(flow->protos.ssh.client_signature)-1, packet->payload_packet_len); + strncpy(flow->protos.ssh.client_signature, (const char *)packet->payload, len); + flow->protos.ssh.client_signature[len] = '\0'; + ndpi_ssh_zap_cr(flow->protos.ssh.client_signature, len); NDPI_LOG(NDPI_PROTOCOL_SSH, ndpi_struct, NDPI_LOG_DEBUG, "ssh stage 0 passed\n"); flow->l4.tcp.ssh_stage = 1 + packet->packet_direction; return; @@ -47,7 +63,12 @@ void ndpi_search_ssh_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc } else if (flow->l4.tcp.ssh_stage == (2 - packet->packet_direction)) { if (packet->payload_packet_len > 7 && packet->payload_packet_len < 100 && memcmp(packet->payload, "SSH-", 4) == 0) { + int len = ndpi_min(sizeof(flow->protos.ssh.server_signature)-1, packet->payload_packet_len); + strncpy(flow->protos.ssh.server_signature, (const char *)packet->payload, len); + flow->protos.ssh.server_signature[len] = '\0'; + ndpi_ssh_zap_cr(flow->protos.ssh.server_signature, len); NDPI_LOG(NDPI_PROTOCOL_SSH, ndpi_struct, NDPI_LOG_DEBUG, "found ssh\n"); + ndpi_int_ssh_add_connection(ndpi_struct, flow); return; diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out index 0b800614d..f53dabdd0 100644 --- a/tests/result/1kxun.pcap.out +++ b/tests/result/1kxun.pcap.out @@ -21,9 +21,9 @@ Lync 2 132 1 4 UDP [fe80::9bd:81dd:2fdc:5750]:5355 <-> [ff02::1:3]:61548 [proto: 154/LLMNR][2 pkts/190 bytes][Host: caesar-thinkpad] 5 UDP [fe80::5d92:62a8:ebde:1319]:5355 <-> [ff02::1:3]:58468 [proto: 154/LLMNR][2 pkts/178 bytes][Host: wangs-ltw] 6 UDP 192.168.2.186:32768 <-> 255.255.255.255:1947 [proto: 205/1kxun][2 pkts/164 bytes] - 7 TCP 192.168.5.16:53623 <-> 192.168.115.75:443 [proto: 91/SSL][19 pkts/3642 bytes][SSL client: 1] - 8 TCP 192.168.5.16:53625 <-> 192.168.115.75:443 [proto: 91/SSL][19 pkts/3638 bytes][SSL client: 1] - 9 TCP 192.168.5.16:53629 <-> 192.168.115.75:443 [proto: 91/SSL][17 pkts/3518 bytes][SSL client: 1] + 7 TCP 192.168.5.16:53623 <-> 192.168.115.75:443 [proto: 91/SSL][19 pkts/3642 bytes][client: 1] + 8 TCP 192.168.5.16:53625 <-> 192.168.115.75:443 [proto: 91/SSL][19 pkts/3638 bytes][client: 1] + 9 TCP 192.168.5.16:53629 <-> 192.168.115.75:443 [proto: 91/SSL][17 pkts/3518 bytes][client: 1] 10 UDP [fe80::9bd:81dd:2fdc:5750]:5355 <-> [ff02::1:3]:64568 [proto: 154/LLMNR][2 pkts/190 bytes][Host: caesar-thinkpad] 11 UDP [fe80::5d92:62a8:ebde:1319]:5355 <-> [ff02::1:3]:61172 [proto: 154/LLMNR][2 pkts/174 bytes][Host: sonusav] 12 TCP 192.168.5.16:53627 <-> 203.69.81.73:80 [proto: 7.205/HTTP.1kxun][14 pkts/9498 bytes][Host: dl-obs.official.line.naver.jp] @@ -77,7 +77,7 @@ Lync 2 132 1 60 TCP 192.168.115.8:49596 <-> 203.66.182.87:443 [proto: 91/SSL][6 pkts/352 bytes] 61 UDP [fe80::9bd:81dd:2fdc:5750]:1900 <-> [ff02::c]:1900 [proto: 12/SSDP][16 pkts/8921 bytes] 62 TCP 192.168.5.16:53622 <-> 192.168.115.75:443 [proto: 91/SSL][2 pkts/120 bytes] - 63 TCP 192.168.5.16:53626 <-> 192.168.115.75:443 [proto: 91/SSL][19 pkts/3210 bytes][SSL client: 1] + 63 TCP 192.168.5.16:53626 <-> 192.168.115.75:443 [proto: 91/SSL][19 pkts/3210 bytes][client: 1] 64 TCP 192.168.5.16:53628 <-> 203.69.81.73:80 [proto: 7.205/HTTP.1kxun][14 pkts/9158 bytes][Host: dl-obs.official.line.naver.jp] 65 TCP 192.168.115.8:49598 <-> 222.73.254.167:80 [proto: 7.205/HTTP.1kxun][14 pkts/2386 bytes][Host: kankan.1kxun.com] 66 UDP [fe80::5d92:62a8:ebde:1319]:5355 <-> [ff02::1:3]:63659 [proto: 154/LLMNR][2 pkts/172 bytes][Host: isatap] diff --git a/tests/result/6in4tunnel.pcap.out b/tests/result/6in4tunnel.pcap.out index 7786f4a3a..520173ab5 100644 --- a/tests/result/6in4tunnel.pcap.out +++ b/tests/result/6in4tunnel.pcap.out @@ -4,9 +4,9 @@ SSL 28 15397 1 ICMPV6 48 7862 3 Facebook 37 14726 3 - 1 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:443 <-> [2a03:2880:1010:6f03:face:b00c::2]:53234 [proto: 91.119/SSL.Facebook][33 pkts/13926 bytes][SSL client: www.facebook.com] + 1 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:443 <-> [2a03:2880:1010:6f03:face:b00c::2]:53234 [proto: 91.119/SSL.Facebook][33 pkts/13926 bytes][client: www.facebook.com] 2 UDP [2001:470:1f16:13f::2]:6404 <-> [2a03:2880:fffe:b:face:b00c::99]:53 [proto: 5.119/DNS.Facebook][2 pkts/394 bytes][Host: star.c10r.facebook.com] - 3 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:443 <-> [2604:a880:1:20::224:b001]:60205 [proto: 91/SSL][28 pkts/15397 bytes][SSL client: mail.tomasu.net] + 3 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:443 <-> [2604:a880:1:20::224:b001]:60205 [proto: 91/SSL][28 pkts/15397 bytes][client: mail.tomasu.net] 4 ICMPV6 [2001:470:1f16:13f::2]:0 <-> [2604:a880:1:20::224:b001]:0 [proto: 102/ICMPV6][1 pkts/200 bytes] 5 ICMPV6 [2a03:2880:1010:6f03:face:b00c::2]:0 <-> [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 [proto: 102/ICMPV6][1 pkts/1314 bytes] 6 TCP [2604:a880:1:20::224:b001]:993 <-> [2001:470:1f17:13f:6d69:c72:7313:616f]:35610 [proto: 51/IMAPS][2 pkts/258 bytes] diff --git a/tests/result/Instagram.pcap.out b/tests/result/Instagram.pcap.out index 1cb6c8e76..0e2f4620c 100644 --- a/tests/result/Instagram.pcap.out +++ b/tests/result/Instagram.pcap.out @@ -15,12 +15,12 @@ Instagram 363 255094 16 7 TCP 192.168.0.103:38816 <-> 46.33.70.160:80 [proto: 7.211/HTTP.Instagram][52 pkts/58994 bytes][Host: photos-h.ak.instagram.com] 8 TCP 77.67.29.17:80 <-> 192.168.0.103:33976 [proto: 7/HTTP][34 pkts/29039 bytes] 9 TCP 192.168.0.103:37350 <-> 82.85.26.153:80 [proto: 7.211/HTTP.Instagram][1 pkts/324 bytes][Host: photos-a.ak.instagram.com] - 10 TCP 192.168.0.103:41181 <-> 82.85.26.154:443 [proto: 91.211/SSL.Instagram][14 pkts/5567 bytes][SSL client: igcdn-photos-a-a.akamaihd.net] + 10 TCP 192.168.0.103:41181 <-> 82.85.26.154:443 [proto: 91.211/SSL.Instagram][14 pkts/5567 bytes][client: igcdn-photos-a-a.akamaihd.net] 11 TCP 31.13.86.52:80 <-> 192.168.0.103:58216 [proto: 7.119/HTTP.Facebook][150 pkts/153558 bytes] 12 TCP 192.168.0.103:57936 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][58 pkts/50220 bytes][Host: photos-g.ak.instagram.com] 13 TCP 192.168.0.103:57966 <-> 82.85.26.185:80 [proto: 7/HTTP][3 pkts/198 bytes] 14 TCP 192.168.0.103:58052 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][75 pkts/57239 bytes][Host: photos-g.ak.instagram.com] - 15 TCP 173.252.107.4:443 <-> 192.168.0.103:56382 [proto: 91.211/SSL.Instagram][17 pkts/2647 bytes][SSL client: telegraph-ash.instagram.com] + 15 TCP 173.252.107.4:443 <-> 192.168.0.103:56382 [proto: 91.211/SSL.Instagram][17 pkts/2647 bytes][client: telegraph-ash.instagram.com] 16 UDP 192.168.0.106:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][4 pkts/580 bytes] 17 UDP 8.8.8.8:53 <-> 192.168.0.103:33603 [proto: 5.211/DNS.Instagram][2 pkts/298 bytes][Host: igcdn-photos-a-a.akamaihd.net] 18 TCP 31.13.93.52:443 <-> 192.168.0.103:33936 [proto: 91.119/SSL.Facebook][68 pkts/45688 bytes] @@ -29,12 +29,12 @@ Instagram 363 255094 16 21 TCP 192.168.0.103:38817 <-> 46.33.70.160:80 [proto: 7/HTTP][3 pkts/198 bytes] 22 TCP 192.168.0.103:40855 <-> 46.33.70.150:80 [proto: 7/HTTP][2 pkts/140 bytes] 23 UDP 8.8.8.8:53 <-> 192.168.0.103:51219 [proto: 5.211/DNS.Instagram][2 pkts/394 bytes][Host: igcdn-photos-h-a.akamaihd.net] - 24 TCP 192.168.0.103:44558 <-> 46.33.70.174:443 [proto: 91.211/SSL.Instagram][17 pkts/6369 bytes][SSL client: igcdn-photos-h-a.akamaihd.net] - 25 TCP 192.168.0.103:41182 <-> 82.85.26.154:443 [proto: 91.211/SSL.Instagram][14 pkts/5567 bytes][SSL client: igcdn-photos-a-a.akamaihd.net] + 24 TCP 192.168.0.103:44558 <-> 46.33.70.174:443 [proto: 91.211/SSL.Instagram][17 pkts/6369 bytes][client: igcdn-photos-h-a.akamaihd.net] + 25 TCP 192.168.0.103:41182 <-> 82.85.26.154:443 [proto: 91.211/SSL.Instagram][14 pkts/5567 bytes][client: igcdn-photos-a-a.akamaihd.net] 26 TCP 192.168.0.103:41562 <-> 92.122.48.138:80 [proto: 7/HTTP][25 pkts/23525 bytes] 27 TCP 192.168.0.103:44379 <-> 82.85.26.186:80 [proto: 7.211/HTTP.Instagram][81 pkts/53416 bytes][Host: photos-e.ak.instagram.com] 28 TCP 192.168.0.103:58690 <-> 46.33.70.159:443 [proto: 91/SSL][2 pkts/169 bytes] - 29 TCP 192.168.0.103:60908 <-> 46.33.70.136:443 [proto: 91.211/SSL.Instagram][19 pkts/9340 bytes][SSL client: igcdn-photos-g-a.akamaihd.net] + 29 TCP 192.168.0.103:60908 <-> 46.33.70.136:443 [proto: 91.211/SSL.Instagram][19 pkts/9340 bytes][client: igcdn-photos-g-a.akamaihd.net] 30 TCP 192.168.0.103:57965 <-> 82.85.26.185:80 [proto: 7.211/HTTP.Instagram][7 pkts/4015 bytes][Host: photos-f.ak.instagram.com] 31 TCP 192.168.0.103:58053 <-> 82.85.26.162:80 [proto: 7.211/HTTP.Instagram][1 pkts/321 bytes][Host: photos-g.ak.instagram.com] diff --git a/tests/result/KakaoTalk_chat.pcap.out b/tests/result/KakaoTalk_chat.pcap.out index f6dd66fab..64aa1385f 100644 --- a/tests/result/KakaoTalk_chat.pcap.out +++ b/tests/result/KakaoTalk_chat.pcap.out @@ -16,7 +16,7 @@ KakaoTalk 55 9990 15 6 UDP 10.188.1.1:53 <-> 10.24.82.188:4017 [proto: 5.119/DNS.Facebook][2 pkts/229 bytes][Host: developers.facebook.com] 7 UDP 10.188.1.1:53 <-> 10.24.82.188:5929 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-p.talk.kakao.com] 8 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][26 pkts/3926 bytes] - 9 TCP 210.103.240.15:443 <-> 10.24.82.188:37821 [proto: 91.193/SSL.KakaoTalk][27 pkts/7126 bytes][SSL server: *.kakao.com] + 9 TCP 210.103.240.15:443 <-> 10.24.82.188:37821 [proto: 91.193/SSL.KakaoTalk][27 pkts/7126 bytes][server: *.kakao.com] 10 UDP 10.188.1.1:53 <-> 10.24.82.188:25117 [proto: 5.193/DNS.KakaoTalk][2 pkts/208 bytes][Host: up-gp.talk.kakao.com] 11 UDP 10.188.1.1:53 <-> 10.24.82.188:29029 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-a.talk.kakao.com] 12 UDP 10.188.1.1:53 <-> 10.24.82.188:35603 [proto: 5.193/DNS.KakaoTalk][2 pkts/215 bytes][Host: ac-talk.kakao.com] @@ -26,10 +26,10 @@ KakaoTalk 55 9990 15 16 UDP 10.188.1.1:53 <-> 10.24.82.188:43077 [proto: 5.193/DNS.KakaoTalk][2 pkts/178 bytes][Host: dn-l.talk.kakao.com] 17 UDP 10.188.1.1:53 <-> 10.24.82.188:61011 [proto: 5.193/DNS.KakaoTalk][2 pkts/200 bytes][Host: plus-talk.kakao.com] 18 UDP 10.188.191.1:53 <-> 10.24.82.188:61011 [proto: 5.193/DNS.KakaoTalk][2 pkts/200 bytes][Host: plus-talk.kakao.com] - 19 TCP 10.24.82.188:58964 <-> 54.255.253.199:5223 [proto: 91/SSL][6 pkts/1890 bytes][SSL server: *.push.samsungosp.com] + 19 TCP 10.24.82.188:58964 <-> 54.255.253.199:5223 [proto: 91/SSL][6 pkts/1890 bytes][server: *.push.samsungosp.com] 20 UDP 10.188.1.1:53 <-> 10.24.82.188:9094 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-v.talk.kakao.com] - 21 TCP 173.252.97.2:443 <-> 10.24.82.188:35503 [proto: 91.119/SSL.Facebook][38 pkts/7591 bytes][SSL server: *.facebook.com] - 22 TCP 173.252.97.2:443 <-> 10.24.82.188:35511 [proto: 91.119/SSL.Facebook][36 pkts/7152 bytes][SSL server: *.facebook.com] + 21 TCP 173.252.97.2:443 <-> 10.24.82.188:35503 [proto: 91.119/SSL.Facebook][38 pkts/7591 bytes][server: *.facebook.com] + 22 TCP 173.252.97.2:443 <-> 10.24.82.188:35511 [proto: 91.119/SSL.Facebook][36 pkts/7152 bytes][server: *.facebook.com] 23 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/SSL][18 pkts/2409 bytes] 24 UDP 10.188.1.1:53 <-> 10.24.82.188:12908 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-m.talk.kakao.com] 25 TCP 173.194.72.188:5228 <-> 10.24.82.188:34686 [proto: 126/Google][1 pkts/164 bytes] @@ -40,10 +40,10 @@ KakaoTalk 55 9990 15 30 TCP 210.103.240.15:443 <-> 10.24.82.188:42332 [proto: 91/SSL][5 pkts/280 bytes] 31 TCP 216.58.220.174:443 <-> 10.24.82.188:49217 [proto: 91.126/SSL.Google][1 pkts/83 bytes] 32 UDP 10.188.1.1:53 <-> 10.24.82.188:38448 [proto: 5.193/DNS.KakaoTalk][2 pkts/190 bytes][Host: auth.kakao.com] - 33 TCP 31.13.68.70:443 <-> 10.24.82.188:43581 [proto: 91.119/SSL.Facebook][34 pkts/9655 bytes][SSL client: graph.facebook.com] - 34 TCP 31.13.68.84:443 <-> 10.24.82.188:45209 [proto: 91.119/SSL.Facebook][19 pkts/7707 bytes][SSL client: api.facebook.com] - 35 TCP 31.13.68.84:443 <-> 10.24.82.188:45211 [proto: 91.119/SSL.Facebook][29 pkts/9077 bytes][SSL client: developers.facebook.com] - 36 TCP 31.13.68.84:443 <-> 10.24.82.188:45213 [proto: 91.119/SSL.Facebook][28 pkts/7561 bytes][SSL server: *.facebook.com] + 33 TCP 31.13.68.70:443 <-> 10.24.82.188:43581 [proto: 91.119/SSL.Facebook][34 pkts/9655 bytes][client: graph.facebook.com] + 34 TCP 31.13.68.84:443 <-> 10.24.82.188:45209 [proto: 91.119/SSL.Facebook][19 pkts/7707 bytes][client: api.facebook.com] + 35 TCP 31.13.68.84:443 <-> 10.24.82.188:45211 [proto: 91.119/SSL.Facebook][29 pkts/9077 bytes][client: developers.facebook.com] + 36 TCP 31.13.68.84:443 <-> 10.24.82.188:45213 [proto: 91.119/SSL.Facebook][28 pkts/7561 bytes][server: *.facebook.com] 37 TCP 31.13.68.73:443 <-> 10.24.82.188:47007 [proto: 91.119/SSL.Facebook][4 pkts/251 bytes] diff --git a/tests/result/Viber_session.pcap.out b/tests/result/Viber_session.pcap.out index 86cef872a..17451e021 100644 --- a/tests/result/Viber_session.pcap.out +++ b/tests/result/Viber_session.pcap.out @@ -30,16 +30,16 @@ Viber 4163 392492 4 19 ICMP 192.168.1.1:0 <-> 192.168.200.222:0 [proto: 81/ICMP][2 pkts/196 bytes] 20 TCP 192.168.200.222:37376 <-> 74.125.68.239:443 [proto: 91.126/SSL.Google][5 pkts/424 bytes] 21 TCP 52.0.253.46:443 <-> 192.168.200.222:43287 [proto: 64/SSL_No_Cert][34 pkts/4141 bytes] - 22 TCP 23.21.254.189:443 <-> 192.168.200.222:51146 [proto: 91/SSL][15 pkts/1484 bytes][SSL client: e.crashlytics.com] + 22 TCP 23.21.254.189:443 <-> 192.168.200.222:51146 [proto: 91/SSL][15 pkts/1484 bytes][client: e.crashlytics.com] 23 TCP 52.0.253.46:4244 <-> 192.168.200.222:43454 [proto: 144/Viber][12 pkts/1161 bytes] - 24 TCP 74.125.200.18:443 <-> 192.168.200.222:42040 [proto: 91.122/SSL.GMail][21 pkts/1891 bytes][SSL client: mail.google.com] + 24 TCP 74.125.200.18:443 <-> 192.168.200.222:42040 [proto: 91.122/SSL.GMail][21 pkts/1891 bytes][client: mail.google.com] 25 TCP 93.184.221.200:80 <-> 192.168.200.222:43646 [proto: 7/HTTP][1 pkts/60 bytes] 26 TCP 192.168.200.222:40005 <-> 108.168.176.234:443 [proto: 91/SSL][24 pkts/2848 bytes] 27 UDP 54.169.63.186:7987 <-> 192.168.200.222:48564 [proto: 144/Viber][2 pkts/138 bytes] 28 UDP 54.169.63.186:7985 <-> 192.168.200.222:48564 [proto: 144/Viber][4143 pkts/390781 bytes] 29 TCP 93.184.221.200:80 <-> 192.168.200.222:50854 [proto: 7/HTTP][1 pkts/60 bytes] 30 TCP 108.160.172.205:443 <-> 192.168.200.222:51765 [proto: 91.121/SSL.Dropbox][1 pkts/97 bytes] - 31 TCP 107.22.192.179:443 <-> 192.168.200.222:52269 [proto: 91/SSL][16 pkts/1419 bytes][SSL client: settings.crashlytics.com] + 31 TCP 107.22.192.179:443 <-> 192.168.200.222:52269 [proto: 91/SSL][16 pkts/1419 bytes][client: settings.crashlytics.com] Undetected flows: diff --git a/tests/result/dropbox.pcap.out b/tests/result/dropbox.pcap.out index c8b862513..786dc24de 100644 --- a/tests/result/dropbox.pcap.out +++ b/tests/result/dropbox.pcap.out @@ -4,9 +4,9 @@ Dropbox 1104 246122 16 1 UDP 192.168.1.105:33189 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][4 pkts/744 bytes][Host: notify.dropbox.com] 2 UDP 192.168.1.105:17500 <-> 192.168.1.255:17500 [proto: 121/Dropbox][6 pkts/1422 bytes] - 3 TCP 192.168.1.105:59975 <-> 108.160.172.204:443 [proto: 91.121/SSL.Dropbox][34 pkts/18026 bytes][SSL client: client.dropbox.com] + 3 TCP 192.168.1.105:59975 <-> 108.160.172.204:443 [proto: 91.121/SSL.Dropbox][34 pkts/18026 bytes][client: client.dropbox.com] 4 UDP 192.168.1.105:36173 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][8 pkts/1390 bytes][Host: log.getdropbox.com] - 5 TCP 192.168.1.105:46394 <-> 162.125.17.131:443 [proto: 91.121/SSL.Dropbox][22 pkts/11392 bytes][SSL client: notify.dropbox.com] + 5 TCP 192.168.1.105:46394 <-> 162.125.17.131:443 [proto: 91.121/SSL.Dropbox][22 pkts/11392 bytes][client: notify.dropbox.com] 6 UDP 192.168.1.105:50789 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][4 pkts/792 bytes][Host: d.dropbox.com] 7 UDP 192.168.1.105:55407 <-> 192.168.1.254:53 [proto: 5.121/DNS.Dropbox][4 pkts/822 bytes][Host: client.dropbox.com] 8 UDP 192.168.56.1:50318 <-> 192.168.56.101:17500 [proto: 121/Dropbox][200 pkts/20220 bytes] @@ -25,7 +25,7 @@ Dropbox 1104 246122 16 21 UDP 192.168.56.1:50311 <-> 192.168.56.101:17500 [proto: 121/Dropbox][200 pkts/20120 bytes] 22 UDP 192.168.56.1:50319 <-> 192.168.56.101:17500 [proto: 121/Dropbox][200 pkts/20142 bytes] 23 UDP 192.168.1.106:57268 <-> 239.255.255.250:1900 [proto: 12/SSDP][16 pkts/2632 bytes] - 24 TCP 54.240.174.31:443 <-> 192.168.1.105:44949 [proto: 91.121/SSL.Dropbox][138 pkts/97302 bytes][SSL client: client-cf.dropbox.com] + 24 TCP 54.240.174.31:443 <-> 192.168.1.105:44949 [proto: 91.121/SSL.Dropbox][138 pkts/97302 bytes][client: client-cf.dropbox.com] 25 TCP 192.168.1.105:36226 <-> 108.160.172.195:80 [proto: 7.121/HTTP.Dropbox][20 pkts/3928 bytes][Host: log.getdropbox.com] 26 UDP 192.168.1.101:2169 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/1018 bytes] 27 UDP 192.168.1.101:2141 <-> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes] @@ -40,4 +40,4 @@ Dropbox 1104 246122 16 36 UDP 192.168.1.101:4169 <-> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes] 37 UDP 192.168.1.106:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][16 pkts/1648 bytes] 38 UDP 192.168.1.101:4625 <-> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/2836 bytes] - 39 TCP 192.168.1.105:47747 <-> 108.160.172.225:443 [proto: 91.121/SSL.Dropbox][54 pkts/27432 bytes][SSL client: d.dropbox.com] + 39 TCP 192.168.1.105:47747 <-> 108.160.172.225:443 [proto: 91.121/SSL.Dropbox][54 pkts/27432 bytes][client: d.dropbox.com] diff --git a/tests/result/facebook.pcap.out b/tests/result/facebook.pcap.out index ad3cbdaad..a8a362735 100644 --- a/tests/result/facebook.pcap.out +++ b/tests/result/facebook.pcap.out @@ -1,4 +1,4 @@ Facebook 60 30511 2 - 1 TCP 192.168.43.18:52066 <-> 66.220.156.68:443 [proto: 91.119/SSL.Facebook][19 pkts/5745 bytes][SSL client: facebook.com] - 2 TCP 192.168.43.18:44614 <-> 31.13.86.36:443 [proto: 91.119/SSL.Facebook][41 pkts/24766 bytes][SSL client: www.facebook.com] + 1 TCP 192.168.43.18:52066 <-> 66.220.156.68:443 [proto: 91.119/SSL.Facebook][19 pkts/5745 bytes][client: facebook.com] + 2 TCP 192.168.43.18:44614 <-> 31.13.86.36:443 [proto: 91.119/SSL.Facebook][41 pkts/24766 bytes][client: www.facebook.com] diff --git a/tests/result/google_ssl.pcap.out b/tests/result/google_ssl.pcap.out index 111be80e6..2e69420db 100644 --- a/tests/result/google_ssl.pcap.out +++ b/tests/result/google_ssl.pcap.out @@ -1,3 +1,3 @@ Google 28 9108 1 - 1 TCP 216.58.212.100:443 <-> 172.31.3.224:42835 [proto: 91.126/SSL.Google][28 pkts/9108 bytes][SSL server: www.google.com] + 1 TCP 216.58.212.100:443 <-> 172.31.3.224:42835 [proto: 91.126/SSL.Google][28 pkts/9108 bytes][server: www.google.com] diff --git a/tests/result/http_ipv6.pcap.out b/tests/result/http_ipv6.pcap.out index c63b74d0d..6928e61e4 100644 --- a/tests/result/http_ipv6.pcap.out +++ b/tests/result/http_ipv6.pcap.out @@ -5,14 +5,14 @@ QUIC 3 502 1 ntop 80 36401 4 1 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:33062 <-> [2a00:1450:400b:c02::9a]:443 [proto: 91/SSL][2 pkts/172 bytes] - 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a03:b0c0:3:d0::70:1001]:37486 [proto: 91.229/SSL.ntop][19 pkts/7014 bytes][SSL client: www.ntop.org] - 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a03:b0c0:3:d0::70:1001]:37488 [proto: 91.229/SSL.ntop][17 pkts/6842 bytes][SSL client: www.ntop.org] - 4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a03:b0c0:3:d0::70:1001]:37494 [proto: 91.229/SSL.ntop][18 pkts/6928 bytes][SSL client: www.ntop.org] - 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a03:b0c0:3:d0::70:1001]:37506 [proto: 91.229/SSL.ntop][26 pkts/15617 bytes][SSL client: www.ntop.org] + 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a03:b0c0:3:d0::70:1001]:37486 [proto: 91.229/SSL.ntop][19 pkts/7014 bytes][client: www.ntop.org] + 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a03:b0c0:3:d0::70:1001]:37488 [proto: 91.229/SSL.ntop][17 pkts/6842 bytes][client: www.ntop.org] + 4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a03:b0c0:3:d0::70:1001]:37494 [proto: 91.229/SSL.ntop][18 pkts/6928 bytes][client: www.ntop.org] + 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a03:b0c0:3:d0::70:1001]:37506 [proto: 91.229/SSL.ntop][26 pkts/15617 bytes][client: www.ntop.org] 6 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a00:1450:4006:804::200e]:40526 [proto: 91/SSL][2 pkts/172 bytes] 7 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a00:1450:4001:803::1017]:41776 [proto: 91/SSL][14 pkts/2213 bytes] - 8 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a02:26f0:ad:197::236]:53132 [proto: 91.119/SSL.Facebook][12 pkts/5187 bytes][SSL client: s-static.ak.facebook.com] - 9 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a02:26f0:ad:197::236]:53134 [proto: 91.119/SSL.Facebook][10 pkts/5015 bytes][SSL client: s-static.ak.facebook.com] + 8 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a02:26f0:ad:197::236]:53132 [proto: 91.119/SSL.Facebook][12 pkts/5187 bytes][client: s-static.ak.facebook.com] + 9 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a02:26f0:ad:197::236]:53134 [proto: 91.119/SSL.Facebook][10 pkts/5015 bytes][client: s-static.ak.facebook.com] 10 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a00:1450:4006:803::2008]:58660 [proto: 91/SSL][2 pkts/172 bytes] 11 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:443 <-> [2a00:1450:4001:803::1012]:59690 [proto: 91/SSL][2 pkts/172 bytes] 12 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:60124 <-> [2a02:26f0:ad:1a1::eed]:443 [proto: 91/SSL][2 pkts/172 bytes] diff --git a/tests/result/ocs.pcap.out b/tests/result/ocs.pcap.out index 525e41d58..43674631a 100644 --- a/tests/result/ocs.pcap.out +++ b/tests/result/ocs.pcap.out @@ -9,19 +9,19 @@ OCS 863 57552 7 2 TCP 192.168.180.2:48250 <-> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][6 pkts/1092 bytes][Host: ocu03.labgency.ws] 3 TCP 192.168.180.2:41223 <-> 216.58.208.46:443 [proto: 91.126/SSL.Google][13 pkts/1448 bytes] 4 UDP 192.168.180.2:38472 <-> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/63 bytes][Host: ocu03.labgency.ws] - 5 TCP 192.168.180.2:39263 <-> 23.21.230.199:443 [proto: 91/SSL][20 pkts/2715 bytes][SSL client: settings.crashlytics.com] + 5 TCP 192.168.180.2:39263 <-> 23.21.230.199:443 [proto: 91/SSL][20 pkts/2715 bytes][client: settings.crashlytics.com] 6 UDP 192.168.180.2:48770 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][1 pkts/72 bytes][Host: android.clients.google.com] 7 TCP 192.168.180.2:47803 <-> 64.233.166.95:443 [proto: 91/SSL][12 pkts/1608 bytes] 8 UDP 192.168.180.2:1291 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/67 bytes][Host: api.eu01.capptain.com] 9 UDP 192.168.180.2:2589 <-> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/61 bytes][Host: ocs.labgency.ws] 10 UDP 192.168.180.2:3621 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/77 bytes][Host: xmpp.device06.eu01.capptain.com] 11 UDP 192.168.180.2:11793 <-> 8.8.8.8:53 [proto: 5.126/DNS.Google][1 pkts/65 bytes][Host: play.googleapis.com] - 12 TCP 192.168.180.2:36680 <-> 178.248.208.54:443 [proto: 91.218/SSL.OCS][20 pkts/6089 bytes][SSL client: ocs.labgency.ws] + 12 TCP 192.168.180.2:36680 <-> 178.248.208.54:443 [proto: 91.218/SSL.OCS][20 pkts/6089 bytes][client: ocs.labgency.ws] 13 TCP 192.168.180.2:53356 <-> 137.135.129.206:80 [proto: 7/HTTP][6 pkts/479 bytes][Host: api.eu01.capptain.com] 14 UDP 192.168.180.2:24245 <-> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/56 bytes][Host: www.ocs.fr] 15 TCP 192.168.180.2:49881 <-> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][751 pkts/44783 bytes][Host: ocu03.labgency.ws] 16 UDP 192.168.180.2:40097 <-> 8.8.8.8:53 [proto: 5/DNS][1 pkts/70 bytes][Host: settings.crashlytics.com] - 17 TCP 192.168.180.2:32946 <-> 64.233.184.188:443 [proto: 91.126/SSL.Google][12 pkts/2212 bytes][SSL client: mtalk.google.com] + 17 TCP 192.168.180.2:32946 <-> 64.233.184.188:443 [proto: 91.126/SSL.Google][12 pkts/2212 bytes][client: mtalk.google.com] 18 TCP 192.168.180.2:44959 <-> 137.135.129.206:80 [proto: 7/HTTP][7 pkts/540 bytes][Host: api.eu01.capptain.com] diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index 908377178..29ee2021f 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -104,9 +104,9 @@ MS_OneDrive 387 198090 1 89 TCP 192.168.1.34:50086 <-> 111.221.77.142:40023 [proto: 125/Skype][16 pkts/1270 bytes] 90 TCP 192.168.1.34:50096 <-> 111.221.74.46:40027 [proto: 125/Skype][15 pkts/1212 bytes] 91 TCP 192.168.1.34:50024 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][3 pkts/168 bytes] - 92 TCP 192.168.1.34:50128 <-> 17.172.100.36:443 [proto: 91.143/SSL.AppleiCloud][86 pkts/20286 bytes][SSL client: p05-keyvalueservice.icloud.com] - 93 TCP 192.168.1.34:50027 <-> 23.223.73.34:443 [proto: 91.125/SSL.Skype][18 pkts/3679 bytes][SSL client: apps.skypeassets.com] - 94 TCP 192.168.1.34:50090 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][15 pkts/2340 bytes][SSL client: apps.skype.com] + 92 TCP 192.168.1.34:50128 <-> 17.172.100.36:443 [proto: 91.143/SSL.AppleiCloud][86 pkts/20286 bytes][client: p05-keyvalueservice.icloud.com] + 93 TCP 192.168.1.34:50027 <-> 23.223.73.34:443 [proto: 91.125/SSL.Skype][18 pkts/3679 bytes][client: apps.skypeassets.com] + 94 TCP 192.168.1.34:50090 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][15 pkts/2340 bytes][client: apps.skype.com] 95 UDP 192.168.1.34:13021 <-> 157.55.130.145:443 [proto: 125/Skype][1 pkts/60 bytes] 96 TCP 192.168.1.34:50088 <-> 157.55.235.146:33033 [proto: 125/Skype][18 pkts/1400 bytes] 97 UDP 192.168.1.34:13021 <-> 106.188.249.186:15120 [proto: 125/Skype][1 pkts/60 bytes] @@ -170,7 +170,7 @@ MS_OneDrive 387 198090 1 155 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] 156 UDP 192.168.1.34:13021 <-> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes] 157 TCP 76.167.161.6:20274 <-> 192.168.1.34:50112 [proto: 125/Skype][15 pkts/1254 bytes] - 158 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][387 pkts/198090 bytes][SSL server: *.gateway.messenger.live.com] + 158 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][387 pkts/198090 bytes][server: *.gateway.messenger.live.com] 159 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][14 pkts/1328 bytes] 160 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] 161 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][15 pkts/1411 bytes] @@ -244,7 +244,7 @@ MS_OneDrive 387 198090 1 229 UDP 192.168.1.1:53 <-> 192.168.1.34:65426 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] 230 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][17 pkts/1380 bytes] 231 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][16 pkts/1236 bytes] - 232 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][SSL client: apps.skype.com] + 232 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] 233 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][2 pkts/92 bytes] 234 IGMP 224.0.0.1:0 <-> 192.168.1.1:0 [proto: 82/IGMP][1 pkts/60 bytes] 235 IGMP 192.168.1.92:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index ab3f3f0fd..49579d00a 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -151,7 +151,7 @@ MS_OneDrive 348 181687 1 138 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] 139 TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 125/Skype][15 pkts/1226 bytes] 140 TCP 76.167.161.6:20274 <-> 192.168.1.34:51288 [proto: 125/Skype][15 pkts/1258 bytes] - 141 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][348 pkts/181687 bytes][SSL server: *.gateway.messenger.live.com] + 141 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][348 pkts/181687 bytes][server: *.gateway.messenger.live.com] 142 TCP 157.56.52.28:443 <-> 192.168.1.34:51232 [proto: 91.125/SSL.Skype][13 pkts/1157 bytes] 143 TCP 192.168.1.34:51241 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1584 bytes] 144 TCP 192.168.1.34:51261 <-> 157.55.235.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] @@ -233,8 +233,8 @@ MS_OneDrive 348 181687 1 220 IGMP 224.0.0.22:0 <-> 192.168.1.219:0 [proto: 82/IGMP][1 pkts/60 bytes] 221 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][1 pkts/46 bytes] 222 IGMP 192.168.1.229:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] - 223 TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][SSL client: apps.skype.com] - 224 TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][12 pkts/2148 bytes][SSL client: apps.skype.com] + 223 TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] + 224 TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][12 pkts/2148 bytes][client: apps.skype.com] 225 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] 226 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125/Skype][17 pkts/1322 bytes] 227 UDP 239.255.255.250:1900 <-> 192.168.0.254:1025 [proto: 12/SSDP][36 pkts/13402 bytes] diff --git a/tests/result/snapchat.pcap.out b/tests/result/snapchat.pcap.out index 132460e25..c82660708 100644 --- a/tests/result/snapchat.pcap.out +++ b/tests/result/snapchat.pcap.out @@ -1,6 +1,6 @@ SSL_No_Cert 22 2879 1 Snapchat 34 7320 2 - 1 TCP 10.8.0.1:56193 <-> 74.125.136.141:443 [proto: 91.199/SSL.Snapchat][17 pkts/3943 bytes][SSL client: feelinsonice-hrd.appspot.com] - 2 TCP 10.8.0.1:44536 <-> 74.125.136.141:443 [proto: 91.199/SSL.Snapchat][17 pkts/3377 bytes][SSL client: feelinsonice-hrd.appspot.com] + 1 TCP 10.8.0.1:56193 <-> 74.125.136.141:443 [proto: 91.199/SSL.Snapchat][17 pkts/3943 bytes][client: feelinsonice-hrd.appspot.com] + 2 TCP 10.8.0.1:44536 <-> 74.125.136.141:443 [proto: 91.199/SSL.Snapchat][17 pkts/3377 bytes][client: feelinsonice-hrd.appspot.com] 3 TCP 10.8.0.1:33233 <-> 74.125.136.141:443 [proto: 64/SSL_No_Cert][22 pkts/2879 bytes] diff --git a/tests/result/tor.pcap.out b/tests/result/tor.pcap.out index 4fb9eb1d4..134965393 100644 --- a/tests/result/tor.pcap.out +++ b/tests/result/tor.pcap.out @@ -6,12 +6,12 @@ Tor 3676 3014362 7 1 UDP 192.168.1.1:17500 <-> 192.168.1.255:17500 [proto: 121/Dropbox][10 pkts/1860 bytes] 2 UDP [fe80::c583:1972:5728:7323]:547 <-> [ff02::1:2]:546 [proto: 103/DHCPV6][6 pkts/906 bytes] - 3 TCP 212.83.155.250:443 <-> 192.168.1.252:51174 [proto: 163/Tor][32 pkts/10431 bytes][SSL client: www.t3i3ru.com] - 4 TCP 46.59.52.31:443 <-> 192.168.1.252:51111 [proto: 163/Tor][34 pkts/11142 bytes][SSL client: www.e6r5p57kbafwrxj3plz.com] - 5 TCP 91.143.93.242:443 <-> 192.168.1.252:51175 [proto: 163/Tor][38 pkts/12520 bytes][SSL client: www.gfu7hbxpfp.com] + 3 TCP 212.83.155.250:443 <-> 192.168.1.252:51174 [proto: 163/Tor][32 pkts/10431 bytes] + 4 TCP 46.59.52.31:443 <-> 192.168.1.252:51111 [proto: 163/Tor][34 pkts/11142 bytes] + 5 TCP 91.143.93.242:443 <-> 192.168.1.252:51175 [proto: 163/Tor][38 pkts/12520 bytes] 6 TCP 157.56.30.46:443 <-> 192.168.1.252:51104 [proto: 91/SSL][1 pkts/60 bytes] 7 UDP 192.168.1.252:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][1 pkts/252 bytes] - 8 TCP 38.229.70.53:443 <-> 192.168.1.252:51112 [proto: 163/Tor][1576 pkts/1388792 bytes][SSL client: www.q4cyamnc6mtokjurvdclt.com] - 9 TCP 38.229.70.53:443 <-> 192.168.1.252:51176 [proto: 163/Tor][1826 pkts/1513278 bytes][SSL client: www.jmts2id.com] - 10 TCP 62.210.137.230:443 <-> 192.168.1.252:51185 [proto: 163/Tor][29 pkts/9661 bytes][SSL client: www.6gyip7tqim7sieb.com] - 11 TCP 91.143.93.242:443 <-> 192.168.1.252:51110 [proto: 163/Tor][141 pkts/68538 bytes][SSL client: www.ct7ctrgb6cr7.com] + 8 TCP 38.229.70.53:443 <-> 192.168.1.252:51112 [proto: 163/Tor][1576 pkts/1388792 bytes] + 9 TCP 38.229.70.53:443 <-> 192.168.1.252:51176 [proto: 163/Tor][1826 pkts/1513278 bytes] + 10 TCP 62.210.137.230:443 <-> 192.168.1.252:51185 [proto: 163/Tor][29 pkts/9661 bytes] + 11 TCP 91.143.93.242:443 <-> 192.168.1.252:51110 [proto: 163/Tor][141 pkts/68538 bytes] diff --git a/tests/result/viber_mobile.pcap.out b/tests/result/viber_mobile.pcap.out index ca38a7815..0c1afb020 100644 --- a/tests/result/viber_mobile.pcap.out +++ b/tests/result/viber_mobile.pcap.out @@ -12,7 +12,7 @@ Google 75 17027 7 WhatsApp 31 6224 2 Viber 10081 1413446 4 - 1 TCP 74.125.130.188:5228 <-> 192.168.200.222:57999 [proto: 91.126/SSL.Google][15 pkts/2458 bytes][SSL client: mtalk.google.com] + 1 TCP 74.125.130.188:5228 <-> 192.168.200.222:57999 [proto: 91.126/SSL.Google][15 pkts/2458 bytes][client: mtalk.google.com] 2 UDP 122.146.250.88:9415 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][1 pkts/146 bytes] 3 TCP 74.125.130.188:5228 <-> 192.168.200.222:59011 [proto: 126/Google][16 pkts/5838 bytes] 4 UDP 192.168.200.222:39413 <-> 134.249.176.227:7108 [proto: 37/BitTorrent][2 pkts/475 bytes] @@ -28,7 +28,7 @@ Viber 10081 1413446 4 14 UDP 90.19.187.56:40500 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][1 pkts/146 bytes] 15 UDP 80.47.129.1:44420 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/505 bytes] 16 UDP 70.112.231.62:51413 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][3 pkts/438 bytes] - 17 TCP 192.168.200.222:38039 <-> 31.13.79.246:443 [proto: 91.119/SSL.Facebook][37 pkts/16168 bytes][SSL client: graph.facebook.com] + 17 TCP 192.168.200.222:38039 <-> 31.13.79.246:443 [proto: 91.119/SSL.Facebook][37 pkts/16168 bytes][client: graph.facebook.com] 18 UDP 94.6.33.9:46735 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/505 bytes] 19 TCP 216.58.199.206:443 <-> 192.168.200.222:58663 [proto: 91.126/SSL.Google][2 pkts/132 bytes] 20 UDP 88.176.55.218:51413 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][1 pkts/146 bytes] @@ -47,7 +47,7 @@ Viber 10081 1413446 4 33 UDP 24.43.1.206:17193 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][8 pkts/1992 bytes] 34 ICMP 8.8.8.8:0 <-> 192.168.200.222:0 [proto: 81/ICMP][1 pkts/148 bytes] 35 UDP 192.168.200.222:39413 <-> 186.220.157.231:45235 [proto: 37/BitTorrent][2 pkts/505 bytes] - 36 TCP 74.125.68.156:443 <-> 192.168.200.222:51055 [proto: 91.126/SSL.Google][31 pkts/7607 bytes][SSL client: googleads.g.doubleclick.net] + 36 TCP 74.125.68.156:443 <-> 192.168.200.222:51055 [proto: 91.126/SSL.Google][31 pkts/7607 bytes][client: googleads.g.doubleclick.net] 37 ICMP 37.214.167.82:0 <-> 192.168.200.222:0 [proto: 81/ICMP][1 pkts/174 bytes] 38 UDP 80.234.25.211:12624 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/505 bytes] 39 TCP 112.124.219.93:80 <-> 192.168.200.222:46761 [proto: 7/HTTP][9 pkts/1083 bytes][Host: androiddailyyogacn.oss-cn-hangzhou.aliyuncs.com] @@ -69,9 +69,9 @@ Viber 10081 1413446 4 55 TCP 192.168.200.222:37376 <-> 74.125.68.239:443 [proto: 91.126/SSL.Google][7 pkts/532 bytes] 56 TCP 52.0.253.46:443 <-> 192.168.200.222:43287 [proto: 64/SSL_No_Cert][36 pkts/5874 bytes] 57 UDP 8.8.8.8:53 <-> 192.168.200.222:52263 [proto: 5.142/DNS.WhatsApp][2 pkts/278 bytes][Host: e9.whatsapp.net] - 58 TCP 23.21.254.189:443 <-> 192.168.200.222:51146 [proto: 91/SSL][22 pkts/9241 bytes][SSL client: e.crashlytics.com] + 58 TCP 23.21.254.189:443 <-> 192.168.200.222:51146 [proto: 91/SSL][22 pkts/9241 bytes][client: e.crashlytics.com] 59 TCP 52.0.253.46:4244 <-> 192.168.200.222:43454 [proto: 144/Viber][16 pkts/2043 bytes] - 60 TCP 74.125.200.18:443 <-> 192.168.200.222:42040 [proto: 91.122/SSL.GMail][33 pkts/14532 bytes][SSL client: mail.google.com] + 60 TCP 74.125.200.18:443 <-> 192.168.200.222:42040 [proto: 91.122/SSL.GMail][33 pkts/14532 bytes][client: mail.google.com] 61 UDP 37.214.167.82:11905 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][1 pkts/146 bytes] 62 UDP 8.8.8.8:53 <-> 192.168.200.222:58921 [proto: 5/DNS][4 pkts/336 bytes][Host: sis.jpush.io] 63 TCP 93.184.221.200:80 <-> 192.168.200.222:43646 [proto: 7/HTTP][5 pkts/300 bytes] @@ -83,7 +83,7 @@ Viber 10081 1413446 4 69 UDP 192.168.200.222:39413 <-> 81.192.42.247:15057 [proto: 37/BitTorrent][1 pkts/146 bytes] 70 UDP 92.245.59.202:12998 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/505 bytes] 71 TCP 108.160.172.205:443 <-> 192.168.200.222:51765 [proto: 91.121/SSL.Dropbox][2 pkts/163 bytes] - 72 TCP 107.22.192.179:443 <-> 192.168.200.222:52269 [proto: 91/SSL][26 pkts/10057 bytes][SSL client: settings.crashlytics.com] + 72 TCP 107.22.192.179:443 <-> 192.168.200.222:52269 [proto: 91/SSL][26 pkts/10057 bytes][client: settings.crashlytics.com] Undetected flows: diff --git a/tests/result/waze.pcap.out b/tests/result/waze.pcap.out index 65169ea40..b74ec7a15 100644 --- a/tests/result/waze.pcap.out +++ b/tests/result/waze.pcap.out @@ -8,19 +8,19 @@ Waze 484 289335 19 WhatsApp 15 1341 1 1 TCP 10.8.0.1:50828 <-> 108.168.176.228:443 [proto: 142/WhatsApp][15 pkts/1341 bytes] - 2 TCP 10.8.0.1:36312 <-> 176.34.186.180:443 [proto: 91.135/SSL.Waze][32 pkts/44619 bytes][SSL server: *.world.waze.com] - 3 TCP 10.8.0.1:36314 <-> 176.34.186.180:443 [proto: 91.135/SSL.Waze][20 pkts/5673 bytes][SSL server: *.world.waze.com] - 4 TCP 10.8.0.1:36316 <-> 176.34.186.180:443 [proto: 91.135/SSL.Waze][28 pkts/27886 bytes][SSL server: *.world.waze.com] + 2 TCP 10.8.0.1:36312 <-> 176.34.186.180:443 [proto: 91.135/SSL.Waze][32 pkts/44619 bytes][server: *.world.waze.com] + 3 TCP 10.8.0.1:36314 <-> 176.34.186.180:443 [proto: 91.135/SSL.Waze][20 pkts/5673 bytes][server: *.world.waze.com] + 4 TCP 10.8.0.1:36316 <-> 176.34.186.180:443 [proto: 91.135/SSL.Waze][28 pkts/27886 bytes][server: *.world.waze.com] 5 TCP 200.160.4.49:80 <-> 10.16.37.157:41823 [proto: 7/HTTP][4 pkts/228 bytes] 6 TCP 200.160.4.31:80 <-> 10.16.37.157:43991 [proto: 7/HTTP][4 pkts/228 bytes] - 7 TCP 10.8.0.1:51050 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][18 pkts/5553 bytes][SSL server: *.waze.com] + 7 TCP 10.8.0.1:51050 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][18 pkts/5553 bytes][server: *.waze.com] 8 TCP 10.8.0.1:45169 <-> 200.160.4.198:80 [proto: 7/HTTP][4 pkts/216 bytes] 9 TCP 200.160.4.49:80 <-> 10.16.37.157:46473 [proto: 7/HTTP][4 pkts/228 bytes] 10 TCP 200.160.4.49:80 <-> 10.16.37.157:52953 [proto: 7/HTTP][4 pkts/228 bytes] - 11 TCP 10.8.0.1:36100 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][107 pkts/85712 bytes][SSL server: *.world.waze.com] - 12 TCP 10.8.0.1:36102 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][37 pkts/11984 bytes][SSL server: *.world.waze.com] - 13 TCP 10.8.0.1:36134 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][24 pkts/6585 bytes][SSL server: *.world.waze.com] - 14 TCP 10.8.0.1:39010 <-> 52.17.114.219:443 [proto: 91.135/SSL.Waze][16 pkts/9185 bytes][SSL server: *.world.waze.com] + 11 TCP 10.8.0.1:36100 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][107 pkts/85712 bytes][server: *.world.waze.com] + 12 TCP 10.8.0.1:36102 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][37 pkts/11984 bytes][server: *.world.waze.com] + 13 TCP 10.8.0.1:36134 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][24 pkts/6585 bytes][server: *.world.waze.com] + 14 TCP 10.8.0.1:39010 <-> 52.17.114.219:443 [proto: 91.135/SSL.Waze][16 pkts/9185 bytes][server: *.world.waze.com] 15 TCP 10.8.0.1:45536 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][15 pkts/1365 bytes][Host: cres.waze.com] 16 TCP 10.8.0.1:45538 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][14 pkts/1326 bytes][Host: cres.waze.com] 17 TCP 10.8.0.1:45540 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][14 pkts/1286 bytes][Host: roadshields.waze.com] @@ -30,14 +30,14 @@ WhatsApp 15 1341 1 21 TCP 10.8.0.1:54915 <-> 65.39.128.135:80 [proto: 7.60/HTTP.HTTPDownload][37 pkts/63205 bytes][Host: xtra1.gpsonextra.net] 22 TCP 10.8.0.1:36585 <-> 173.194.118.48:443 [proto: 64/SSL_No_Cert][13 pkts/2142 bytes] 23 TCP 10.8.0.1:43089 <-> 200.160.4.198:443 [proto: 91/SSL][4 pkts/216 bytes] - 24 TCP 10.8.0.1:51049 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][23 pkts/7823 bytes][SSL server: *.waze.com] - 25 TCP 10.8.0.1:51051 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][21 pkts/7715 bytes][SSL server: *.waze.com] + 24 TCP 10.8.0.1:51049 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][23 pkts/7823 bytes][server: *.waze.com] + 25 TCP 10.8.0.1:51051 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][21 pkts/7715 bytes][server: *.waze.com] 26 UDP 10.8.0.1:46214 <-> 200.89.75.198:123 [proto: 9/NTP][2 pkts/180 bytes] 27 TCP 200.160.4.49:80 <-> 10.16.37.157:52746 [proto: 7/HTTP][4 pkts/228 bytes] 28 TCP 10.8.0.1:60574 <-> 200.160.4.49:80 [proto: 7/HTTP][4 pkts/216 bytes] 29 TCP 10.8.0.1:60479 <-> 200.160.4.49:443 [proto: 91/SSL][4 pkts/216 bytes] - 30 TCP 10.8.0.1:36137 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][23 pkts/5742 bytes][SSL server: *.world.waze.com] - 31 TCP 10.8.0.1:39021 <-> 52.17.114.219:443 [proto: 91.135/SSL.Waze][33 pkts/58896 bytes][SSL server: *.world.waze.com] + 30 TCP 10.8.0.1:36137 <-> 46.51.173.182:443 [proto: 91.135/SSL.Waze][23 pkts/5742 bytes][server: *.world.waze.com] + 31 TCP 10.8.0.1:39021 <-> 52.17.114.219:443 [proto: 91.135/SSL.Waze][33 pkts/58896 bytes][server: *.world.waze.com] 32 TCP 10.8.0.1:45529 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][17 pkts/4015 bytes][Host: roadshields.waze.com] diff --git a/tests/result/webex.pcap.out b/tests/result/webex.pcap.out index 7d9c790f1..50109bef0 100644 --- a/tests/result/webex.pcap.out +++ b/tests/result/webex.pcap.out @@ -7,61 +7,61 @@ Google 17 6375 1 Webex 1244 809312 29 1 TCP 10.8.0.1:51135 <-> 62.109.224.120:443 [proto: 91/SSL][11 pkts/697 bytes] - 2 TCP 10.8.0.1:51155 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][513 pkts/344086 bytes][SSL server: *.webex.com] + 2 TCP 10.8.0.1:51155 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][513 pkts/344086 bytes][server: *.webex.com] 3 TCP 10.8.0.1:51195 <-> 62.109.224.120:443 [proto: 91/SSL][5 pkts/353 bytes] - 4 TCP 10.8.0.1:51370 <-> 64.68.105.97:443 [proto: 91.141/SSL.Webex][16 pkts/7099 bytes][SSL server: *.webex.com] + 4 TCP 10.8.0.1:51370 <-> 64.68.105.97:443 [proto: 91.141/SSL.Webex][16 pkts/7099 bytes][server: *.webex.com] 5 TCP 10.8.0.1:51833 <-> 62.109.229.158:443 [proto: 91/SSL][8 pkts/639 bytes] 6 TCP 10.8.0.1:51839 <-> 62.109.229.158:443 [proto: 91/SSL][8 pkts/639 bytes] - 7 TCP 10.8.0.1:51857 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][50 pkts/10360 bytes][SSL server: *.webex.com] + 7 TCP 10.8.0.1:51857 <-> 62.109.229.158:443 [proto: 91.141/SSL.Webex][50 pkts/10360 bytes][server: *.webex.com] 8 TCP 10.8.0.1:51859 <-> 62.109.229.158:443 [proto: 91/SSL][3 pkts/182 bytes] 9 TCP 10.8.0.1:41757 <-> 114.29.213.212:443 [proto: 91/SSL][11 pkts/697 bytes] 10 TCP 10.8.0.1:47135 <-> 114.29.202.139:443 [proto: 91/SSL][11 pkts/697 bytes] - 11 TCP 10.8.0.1:47841 <-> 114.29.200.11:443 [proto: 91.141/SSL.Webex][11 pkts/4584 bytes][SSL server: *.webex.com] + 11 TCP 10.8.0.1:47841 <-> 114.29.200.11:443 [proto: 91.141/SSL.Webex][11 pkts/4584 bytes][server: *.webex.com] 12 TCP 10.8.0.1:59757 <-> 78.46.237.91:80 [proto: 7/HTTP][10 pkts/1391 bytes][Host: cp.pushwoosh.com] 13 TCP 107.20.242.44:443 <-> 10.133.206.47:59447 [proto: 91/SSL][3 pkts/174 bytes] - 14 TCP 10.8.0.1:55665 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][22 pkts/6555 bytes][SSL server: *.webex.com] - 15 TCP 10.8.0.1:55669 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][23 pkts/6641 bytes][SSL server: *.webex.com] - 16 TCP 10.8.0.1:55671 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][22 pkts/6555 bytes][SSL server: *.webex.com] - 17 TCP 10.8.0.1:55687 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][22 pkts/6555 bytes][SSL server: *.webex.com] - 18 TCP 10.8.0.1:37129 <-> 64.68.105.98:443 [proto: 91.141/SSL.Webex][18 pkts/7207 bytes][SSL server: *.webex.com] + 14 TCP 10.8.0.1:55665 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][22 pkts/6555 bytes][server: *.webex.com] + 15 TCP 10.8.0.1:55669 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][23 pkts/6641 bytes][server: *.webex.com] + 16 TCP 10.8.0.1:55671 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][22 pkts/6555 bytes][server: *.webex.com] + 17 TCP 10.8.0.1:55687 <-> 173.243.0.110:443 [proto: 91.141/SSL.Webex][22 pkts/6555 bytes][server: *.webex.com] + 18 TCP 10.8.0.1:37129 <-> 64.68.105.98:443 [proto: 91.141/SSL.Webex][18 pkts/7207 bytes][server: *.webex.com] 19 TCP 10.8.0.1:37139 <-> 64.68.105.98:443 [proto: 91/SSL][11 pkts/697 bytes] 20 TCP 10.8.0.1:33511 <-> 80.74.110.68:443 [proto: 91/SSL][8 pkts/668 bytes] 21 TCP 10.8.0.1:33551 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][21 pkts/2530 bytes] 22 TCP 10.8.0.1:33553 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][20 pkts/2475 bytes] 23 TCP 10.8.0.1:33559 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][13 pkts/1733 bytes] - 24 TCP 10.8.0.1:41351 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][9 pkts/905 bytes][SSL client: radcom.webex.com] - 25 TCP 10.8.0.1:41419 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][14 pkts/8239 bytes][SSL server: *.webex.com] - 26 TCP 10.8.0.1:45814 <-> 62.109.231.3:443 [proto: 91.141/SSL.Webex][16 pkts/7968 bytes][SSL server: *.webex.com] + 24 TCP 10.8.0.1:41351 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][9 pkts/905 bytes][client: radcom.webex.com] + 25 TCP 10.8.0.1:41419 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][14 pkts/8239 bytes][server: *.webex.com] + 26 TCP 10.8.0.1:45814 <-> 62.109.231.3:443 [proto: 91.141/SSL.Webex][16 pkts/7968 bytes][server: *.webex.com] 27 TCP 10.8.0.1:51134 <-> 62.109.224.120:443 [proto: 91/SSL][11 pkts/697 bytes] - 28 TCP 10.8.0.1:51154 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][105 pkts/19286 bytes][SSL server: *.webex.com] + 28 TCP 10.8.0.1:51154 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][105 pkts/19286 bytes][server: *.webex.com] 29 TCP 10.8.0.1:51190 <-> 62.109.224.120:443 [proto: 91/SSL][11 pkts/717 bytes] - 30 TCP 10.8.0.1:51194 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][24 pkts/35888 bytes][SSL server: *.webex.com] - 31 TCP 10.8.0.1:52219 <-> 64.68.121.100:443 [proto: 91.141/SSL.Webex][15 pkts/5217 bytes][SSL server: *.webex.com] + 30 TCP 10.8.0.1:51194 <-> 62.109.224.120:443 [proto: 91.141/SSL.Webex][24 pkts/35888 bytes][server: *.webex.com] + 31 TCP 10.8.0.1:52219 <-> 64.68.121.100:443 [proto: 91.141/SSL.Webex][15 pkts/5217 bytes][server: *.webex.com] 32 TCP 10.8.0.1:41726 <-> 114.29.213.212:443 [proto: 91/SSL][8 pkts/515 bytes] - 33 TCP 10.8.0.1:55969 <-> 64.68.121.99:443 [proto: 91.141/SSL.Webex][15 pkts/5217 bytes][SSL server: *.webex.com] - 34 TCP 10.8.0.1:57647 <-> 64.68.121.153:443 [proto: 91.141/SSL.Webex][14 pkts/7796 bytes][SSL server: *.webex.com] - 35 TCP 10.8.0.1:47116 <-> 114.29.202.139:443 [proto: 91.141/SSL.Webex][13 pkts/4692 bytes][SSL server: *.webex.com] + 33 TCP 10.8.0.1:55969 <-> 64.68.121.99:443 [proto: 91.141/SSL.Webex][15 pkts/5217 bytes][server: *.webex.com] + 34 TCP 10.8.0.1:57647 <-> 64.68.121.153:443 [proto: 91.141/SSL.Webex][14 pkts/7796 bytes][server: *.webex.com] + 35 TCP 10.8.0.1:47116 <-> 114.29.202.139:443 [proto: 91.141/SSL.Webex][13 pkts/4692 bytes][server: *.webex.com] 36 TCP 10.8.0.1:59756 <-> 78.46.237.91:80 [proto: 7/HTTP][12 pkts/1791 bytes][Host: cp.pushwoosh.com] - 37 TCP 10.8.0.1:51646 <-> 114.29.204.49:443 [proto: 91.141/SSL.Webex][17 pkts/5293 bytes][SSL server: *.webex.com] + 37 TCP 10.8.0.1:51646 <-> 114.29.204.49:443 [proto: 91.141/SSL.Webex][17 pkts/5293 bytes][server: *.webex.com] 38 TCP 10.8.0.1:51676 <-> 114.29.204.49:443 [proto: 91/SSL][11 pkts/697 bytes] - 39 TCP 10.8.0.1:52730 <-> 173.243.4.76:443 [proto: 91.141/SSL.Webex][17 pkts/7990 bytes][SSL server: *.webex.com] - 40 TCP 10.8.0.1:43433 <-> 216.58.208.40:443 [proto: 91.126/SSL.Google][17 pkts/6375 bytes][SSL client: ssl.google-analytics.com] - 41 TCP 10.8.0.1:47498 <-> 209.197.222.159:443 [proto: 91.141/SSL.Webex][14 pkts/7796 bytes][SSL server: *.webex.com] + 39 TCP 10.8.0.1:52730 <-> 173.243.4.76:443 [proto: 91.141/SSL.Webex][17 pkts/7990 bytes][server: *.webex.com] + 40 TCP 10.8.0.1:43433 <-> 216.58.208.40:443 [proto: 91.126/SSL.Google][17 pkts/6375 bytes][client: ssl.google-analytics.com] + 41 TCP 10.8.0.1:47498 <-> 209.197.222.159:443 [proto: 91.141/SSL.Webex][14 pkts/7796 bytes][server: *.webex.com] 42 TCP 185.63.147.10:443 <-> 10.133.206.47:54651 [proto: 91/SSL][3 pkts/174 bytes] 43 UDP 10.8.0.1:64538 <-> 172.16.1.75:5060 [proto: 100/SIP][22 pkts/15356 bytes] 44 TCP 10.133.206.47:33459 <-> 80.74.110.68:443 [proto: 91/SSL][5 pkts/317 bytes] 45 TCP 10.8.0.1:33512 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][18 pkts/1972 bytes] 46 TCP 10.8.0.1:33554 <-> 80.74.110.68:443 [proto: 64/SSL_No_Cert][18 pkts/1972 bytes] - 47 TCP 10.8.0.1:49048 <-> 23.44.253.243:443 [proto: 91.141/SSL.Webex][14 pkts/5202 bytes][SSL server: www.webex.com] - 48 TCP 10.8.0.1:41346 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][95 pkts/92236 bytes][SSL client: radcom.webex.com] - 49 TCP 10.8.0.1:41348 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][56 pkts/109696 bytes][SSL client: radcom.webex.com] - 50 TCP 10.8.0.1:41350 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][11 pkts/1013 bytes][SSL client: radcom.webex.com] - 51 TCP 10.8.0.1:41354 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][26 pkts/26384 bytes][SSL server: *.webex.com] - 52 TCP 10.8.0.1:41358 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][38 pkts/42482 bytes][SSL server: *.webex.com] - 53 TCP 10.8.0.1:41386 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][17 pkts/8401 bytes][SSL server: *.webex.com] + 47 TCP 10.8.0.1:49048 <-> 23.44.253.243:443 [proto: 91.141/SSL.Webex][14 pkts/5202 bytes][server: www.webex.com] + 48 TCP 10.8.0.1:41346 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][95 pkts/92236 bytes][client: radcom.webex.com] + 49 TCP 10.8.0.1:41348 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][56 pkts/109696 bytes][client: radcom.webex.com] + 50 TCP 10.8.0.1:41350 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][11 pkts/1013 bytes][client: radcom.webex.com] + 51 TCP 10.8.0.1:41354 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][26 pkts/26384 bytes][server: *.webex.com] + 52 TCP 10.8.0.1:41358 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][38 pkts/42482 bytes][server: *.webex.com] + 53 TCP 10.8.0.1:41386 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][17 pkts/8401 bytes][server: *.webex.com] 54 TCP 10.8.0.1:41394 <-> 64.68.105.103:443 [proto: 91/SSL][11 pkts/697 bytes] - 55 TCP 10.8.0.1:46211 <-> 54.241.32.14:443 [proto: 91/SSL][30 pkts/9568 bytes][SSL client: api.crittercism.com] - 56 TCP 10.8.0.1:44492 <-> 64.68.104.140:443 [proto: 91.141/SSL.Webex][17 pkts/7969 bytes][SSL server: *.webex.com] + 55 TCP 10.8.0.1:46211 <-> 54.241.32.14:443 [proto: 91/SSL][30 pkts/9568 bytes][client: api.crittercism.com] + 56 TCP 10.8.0.1:44492 <-> 64.68.104.140:443 [proto: 91.141/SSL.Webex][17 pkts/7969 bytes][server: *.webex.com] Undetected flows: diff --git a/tests/result/weibo.pcap.out b/tests/result/weibo.pcap.out index acb3f9167..801983bcb 100644 --- a/tests/result/weibo.pcap.out +++ b/tests/result/weibo.pcap.out @@ -20,7 +20,7 @@ Sina(Weibo) 418 258007 15 13 TCP 192.168.1.105:35807 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][53 pkts/36468 bytes][Host: img.t.sinajs.cn] 14 TCP 192.168.1.105:35809 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][35 pkts/22361 bytes][Host: img.t.sinajs.cn] 15 TCP 192.168.1.105:35811 <-> 93.188.134.246:80 [proto: 7.200/HTTP.Sina(Weibo)][5 pkts/744 bytes][Host: js.t.sinajs.cn] - 16 TCP 192.168.1.105:50827 <-> 47.89.65.229:443 [proto: 91/SSL][4 pkts/448 bytes][SSL client: g.alicdn.com] + 16 TCP 192.168.1.105:50827 <-> 47.89.65.229:443 [proto: 91/SSL][4 pkts/448 bytes][client: g.alicdn.com] 17 TCP 192.168.1.105:50831 <-> 47.89.65.229:443 [proto: 91/SSL][3 pkts/194 bytes] 18 TCP 42.156.184.19:443 <-> 192.168.1.105:52272 [proto: 91/SSL][1 pkts/74 bytes] 19 TCP 42.156.184.19:443 <-> 192.168.1.105:52274 [proto: 91/SSL][1 pkts/74 bytes] diff --git a/tests/result/whatsapp_login_call.pcap.out b/tests/result/whatsapp_login_call.pcap.out index 6ac5f31b9..1a5f00e1e 100644 --- a/tests/result/whatsapp_login_call.pcap.out +++ b/tests/result/whatsapp_login_call.pcap.out @@ -26,7 +26,7 @@ WhatsAppVoice 706 91156 4 12 TCP 192.168.2.4:49182 <-> 17.172.100.52:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] 13 TCP 192.168.2.4:49180 <-> 17.172.100.59:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] 14 TCP 192.168.2.4:49197 <-> 17.167.142.39:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 15 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][32 pkts/9705 bytes][SSL client: p53-buy.itunes.apple.com] + 15 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][32 pkts/9705 bytes][client: p53-buy.itunes.apple.com] 16 TCP 192.168.2.4:49172 <-> 23.50.148.228:443 [proto: 91/SSL][5 pkts/391 bytes] 17 UDP 192.168.2.4:51518 <-> 31.13.100.14:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] 18 UDP 192.168.2.4:51518 <-> 31.13.70.48:3478 [proto: 78.119/STUN.Facebook][5 pkts/676 bytes] @@ -56,13 +56,13 @@ WhatsAppVoice 706 91156 4 42 TCP 192.168.2.4:49165 <-> 17.172.100.55:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] 43 TCP 192.168.2.4:49164 <-> 17.167.142.31:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] 44 TCP 192.168.2.4:49167 <-> 17.172.100.8:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] - 45 TCP 192.168.2.4:49201 <-> 17.178.104.12:443 [proto: 91.140/SSL.Apple][38 pkts/17220 bytes][SSL client: query.ess.apple.com] + 45 TCP 192.168.2.4:49201 <-> 17.178.104.12:443 [proto: 91.140/SSL.Apple][38 pkts/17220 bytes][client: query.ess.apple.com] 46 TCP 192.168.2.4:49191 <-> 17.172.100.49:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] 47 TCP 192.168.2.4:49181 <-> 17.172.100.37:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] 48 TCP 192.168.2.4:49198 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] 49 TCP 192.168.2.4:49200 <-> 17.167.142.13:443 [proto: 91.140/SSL.Apple][3 pkts/162 bytes] 50 TCP 192.168.2.4:49203 <-> 17.178.104.14:443 [proto: 91.140/SSL.Apple][3 pkts/198 bytes] - 51 TCP 192.168.2.4:49204 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][53 pkts/18382 bytes][SSL client: p53-buy.itunes.apple.com] + 51 TCP 192.168.2.4:49204 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][53 pkts/18382 bytes][client: p53-buy.itunes.apple.com] 52 TCP 192.168.2.4:49199 <-> 17.172.100.70:993 [proto: 51.140/IMAPS.Apple][17 pkts/1998 bytes] 53 TCP 192.168.2.4:49193 <-> 17.110.229.14:5223 [proto: 140/Apple][22 pkts/5926 bytes] 54 UDP 169.254.166.207:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes] -- cgit v1.2.3 From b16769ddbe0f20000b52fa86b7a1d6a966705c28 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sun, 12 Feb 2017 20:14:11 +0100 Subject: Refined guess that does not happen for protocols that have been excluded --- src/lib/ndpi_main.c | 35 +++++++++++++++++++++++++++-------- src/lib/protocols/mssql_tds.c | 2 +- 2 files changed, 28 insertions(+), 9 deletions(-) (limited to 'src') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 20b27c7fe..2bf1a103e 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -3439,22 +3439,41 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st /* TODO: add the remaining stage_XXXX protocols */ if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) { + u_int16_t guessed_protocol_id, guessed_host_protocol_id; + if((flow->guessed_protocol_id == NDPI_PROTOCOL_UNKNOWN) && (flow->packet.l4_protocol == IPPROTO_TCP) && (flow->l4.tcp.ssl_stage > 1)) flow->guessed_protocol_id = NDPI_PROTOCOL_SSL; - - ndpi_int_change_protocol(ndpi_struct, flow, - flow->guessed_host_protocol_id, - flow->guessed_protocol_id); + + guessed_protocol_id = flow->guessed_protocol_id, + guessed_host_protocol_id = flow->guessed_host_protocol_id; + + if((guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN) + && (NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_host_protocol_id))) + guessed_host_protocol_id = NDPI_PROTOCOL_UNKNOWN; + + + /* Ignore guessed protocol if they have been discarded */ + if((guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) + && (guessed_host_protocol_id == NDPI_PROTOCOL_UNKNOWN) + && (NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_protocol_id))) + guessed_protocol_id = NDPI_PROTOCOL_UNKNOWN; + + if((guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) + || (guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN)) { + ndpi_int_change_protocol(ndpi_struct, flow, + guessed_host_protocol_id, + guessed_protocol_id); + } } else { flow->detected_protocol_stack[1] = flow->guessed_protocol_id, flow->detected_protocol_stack[0] = flow->guessed_host_protocol_id; - + if(flow->detected_protocol_stack[1] == flow->detected_protocol_stack[0]) flow->detected_protocol_stack[1] = flow->guessed_host_protocol_id; } - + if((flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) && (flow->num_stun_udp_pkts > 0)) ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_STUN, flow->guessed_host_protocol_id); @@ -4177,10 +4196,10 @@ void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, if((upper_detected_protocol == NDPI_PROTOCOL_UNKNOWN) && (lower_detected_protocol != NDPI_PROTOCOL_UNKNOWN)) upper_detected_protocol = lower_detected_protocol; - + if(upper_detected_protocol == lower_detected_protocol) lower_detected_protocol = NDPI_PROTOCOL_UNKNOWN; - + ndpi_int_change_flow_protocol(ndpi_struct, flow, upper_detected_protocol, lower_detected_protocol); ndpi_int_change_packet_protocol(ndpi_struct, flow, diff --git a/src/lib/protocols/mssql_tds.c b/src/lib/protocols/mssql_tds.c index 8a78266a9..42cecb8e2 100644 --- a/src/lib/protocols/mssql_tds.c +++ b/src/lib/protocols/mssql_tds.c @@ -46,7 +46,7 @@ void ndpi_search_mssql_tds(struct ndpi_detection_module_struct *ndpi_struct, str struct ndpi_packet_struct *packet = &flow->packet; struct tds_packet_header *h = (struct tds_packet_header*) packet->payload; - if (packet->payload_packet_len < sizeof(struct tds_packet_header)) { + if(packet->payload_packet_len < sizeof(struct tds_packet_header)) { NDPI_LOG(NDPI_PROTOCOL_MSSQL_TDS, ndpi_struct, NDPI_LOG_DEBUG, "exclude mssql_tds\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MSSQL_TDS); return; -- cgit v1.2.3 From e2cfc96577be5fe97cd5ce63ac30b23cbfadce84 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 13 Feb 2017 01:29:25 +0100 Subject: Improvements for exporting info in MDNS and UBNTAC2 protocols Added test pcap file for UBNTAC2 --- example/ndpiReader.c | 2 +- example/ndpi_util.c | 6 +++++- example/ndpi_util.h | 1 + src/include/ndpi_typedefs.h | 8 ++++++++ src/lib/protocols/mdns.c | 21 +++++++++++++++----- src/lib/protocols/ubntac2.c | 35 ++++++++++++++++++++++++++++----- tests/pcap/ubntac2.pcap | Bin 0 -> 1888 bytes tests/result/skype_no_unknown.pcap.out | 2 +- tests/result/ubntac2.pcap.out | 10 ++++++++++ 9 files changed, 72 insertions(+), 13 deletions(-) create mode 100644 tests/pcap/ubntac2.pcap create mode 100644 tests/result/ubntac2.pcap.out (limited to 'src') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 4bf786aa8..72b495912 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -387,7 +387,7 @@ static void printFlow(u_int16_t thread_id, struct ndpi_flow_info *flow) { flow->packets, (long long unsigned int) flow->bytes); if(flow->host_server_name[0] != '\0') fprintf(out, "[Host: %s]", flow->host_server_name); - + if(flow->info[0] != '\0') fprintf(out, "[%s]", flow->info); if(flow->ssh_ssl.client_info[0] != '\0') fprintf(out, "[client: %s]", flow->ssh_ssl.client_info); if(flow->ssh_ssl.server_info[0] != '\0') fprintf(out, "[server: %s]", flow->ssh_ssl.server_info); diff --git a/example/ndpi_util.c b/example/ndpi_util.c index d5cb27d5a..3397d8a92 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -516,8 +516,12 @@ static unsigned int packet_processing(struct ndpi_workflow * workflow, } if(n == 0) flow->bittorent_hash[0] = '\0'; + } else if(flow->detected_protocol.protocol == NDPI_PROTOCOL_MDNS) { + snprintf(flow->info, sizeof(flow->info), "%s", flow->ndpi_flow->protos.mdns.answer); + } else if(flow->detected_protocol.protocol == NDPI_PROTOCOL_UBNTAC2) { + snprintf(flow->info, sizeof(flow->info), "%s", flow->ndpi_flow->protos.ubntac2.version); } - + if((proto == IPPROTO_TCP) && (flow->detected_protocol.protocol != NDPI_PROTOCOL_DNS)) { if(flow->detected_protocol.protocol == NDPI_PROTOCOL_SSH) { snprintf(flow->ssh_ssl.client_info, sizeof(flow->ssh_ssl.client_info), "%s", diff --git a/example/ndpi_util.h b/example/ndpi_util.h index 171ab8e95..6ff17bac2 100644 --- a/example/ndpi_util.h +++ b/example/ndpi_util.h @@ -58,6 +58,7 @@ typedef struct ndpi_flow_info { // result only, not used for flow identification ndpi_protocol detected_protocol; + char info[96]; char host_server_name[192]; char bittorent_hash[41]; diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 801f1e768..68e332c23 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -960,6 +960,14 @@ struct ndpi_flow_struct { struct { char client_signature[48], server_signature[48]; } ssh; + + struct { + char answer[96]; + } mdns; + + struct { + char version[96]; + } ubntac2; } protos; /*** ALL protocol specific 64 bit variables here ***/ diff --git a/src/lib/protocols/mdns.c b/src/lib/protocols/mdns.c index b3184c26f..0692b3252 100644 --- a/src/lib/protocols/mdns.c +++ b/src/lib/protocols/mdns.c @@ -63,13 +63,26 @@ static int ndpi_int_check_mdns_payload(struct ndpi_detection_module_struct ntohs(get_u_int16_t(packet->payload, 6)) <= NDPI_MAX_MDNS_REQUESTS) { NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, NDPI_LOG_DEBUG, "found MDNS with question query.\n"); - return 1; - + return 1; } else if((packet->payload[2] & 0x80) != 0 && ntohs(get_u_int16_t(packet->payload, 4)) == 0 && ntohs(get_u_int16_t(packet->payload, 6)) <= NDPI_MAX_MDNS_REQUESTS && ntohs(get_u_int16_t(packet->payload, 6)) != 0) { + char answer[256]; + int i, j, len; + + for(i=13, j=0; (packet->payload[i] != 0) && (i < packet->payload_packet_len) && (i < (sizeof(answer)-1)); i++) + answer[j++] = (packet->payload[i] < 13) ? '.' : packet->payload[i]; + + answer[j] = '\0'; + + /* printf("==> [%d] %s\n", j, answer); */ + + len = ndpi_min(sizeof(flow->protos.mdns.answer)-1, j); + strncpy(flow->protos.mdns.answer, (const char *)answer, len); + flow->protos.mdns.answer[len] = '\0'; + NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, NDPI_LOG_DEBUG, "found MDNS with answer query.\n"); return 1; } @@ -87,14 +100,12 @@ void ndpi_search_mdns(struct ndpi_detection_module_struct *ndpi_struct, struct n */ /* check if UDP packet */ - if(packet->udp != NULL) { - + if(packet->udp != NULL) { /* read destination port */ dport = ntohs(packet->udp->dest); /* check standard MDNS ON port 5353 */ if(dport == 5353 && packet->payload_packet_len >= 12) { - /* mdns protocol must have destination address 224.0.0.251 */ if(packet->iph != NULL && ntohl(packet->iph->daddr) == 0xe00000fb) { diff --git a/src/lib/protocols/ubntac2.c b/src/lib/protocols/ubntac2.c index b465e0a30..7196ee884 100644 --- a/src/lib/protocols/ubntac2.c +++ b/src/lib/protocols/ubntac2.c @@ -37,12 +37,37 @@ void ndpi_search_ubntac2(struct ndpi_detection_module_struct *ndpi_struct, struc if(packet->udp) { if(packet->payload_packet_len >= 135 && - (packet->udp->source == htons(10001) || packet->udp->dest == htons(10001)) && - memcmp(&(packet->payload[36]), "UBNT", 4) == 0) { + (packet->udp->source == htons(10001) || packet->udp->dest == htons(10001))) { + int found = 0; - NDPI_LOG(NDPI_PROTOCOL_UBNTAC2, ndpi_struct, NDPI_LOG_DEBUG, "UBNT AirControl 2 request\n"); - - ndpi_int_ubntac2_add_connection(ndpi_struct, flow); + if(memcmp(&(packet->payload[36]), "UBNT", 4) == 0) { + found = 36+5; + } else if(memcmp(&(packet->payload[49]), "ubnt", 4) == 0) { + found = 49+5; + } + + if(found) { + char version[256]; + int i, j, len; + + found += packet->payload[found+1] + 4; /* Skip model name */ + found++; /* Skip len*/ + + if(found < packet->payload_packet_len) { + for(i=found, j=0; (packet->payload[i] != 0) && (i < packet->payload_packet_len) && (i < (sizeof(version)-1)); i++) + version[j++] = packet->payload[i]; + + version[j] = '\0'; + + len = ndpi_min(sizeof(flow->protos.ubntac2.version)-1, j); + strncpy(flow->protos.ubntac2.version, (const char *)version, len); + flow->protos.ubntac2.version[len] = '\0'; + } + + NDPI_LOG(NDPI_PROTOCOL_UBNTAC2, ndpi_struct, NDPI_LOG_DEBUG, "UBNT AirControl 2 request\n"); + + ndpi_int_ubntac2_add_connection(ndpi_struct, flow); + } return; } } diff --git a/tests/pcap/ubntac2.pcap b/tests/pcap/ubntac2.pcap new file mode 100644 index 000000000..254700b61 Binary files /dev/null and b/tests/pcap/ubntac2.pcap differ diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index 49579d00a..d8b67aab0 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -239,7 +239,7 @@ MS_OneDrive 348 181687 1 226 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125/Skype][17 pkts/1322 bytes] 227 UDP 239.255.255.250:1900 <-> 192.168.0.254:1025 [proto: 12/SSDP][36 pkts/13402 bytes] 228 TCP 192.168.1.34:51253 <-> 64.4.23.166:443 [proto: 91/SSL][14 pkts/1432 bytes] - 229 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/142 bytes] + 229 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/142 bytes][Lucas-iMac.local] 230 UDP 192.168.1.34:13021 <-> 64.4.23.145:40027 [proto: 125/Skype][1 pkts/73 bytes] 231 UDP 192.168.1.34:13021 <-> 64.4.23.142:40023 [proto: 125/Skype][1 pkts/72 bytes] 232 UDP 192.168.1.34:13021 <-> 64.4.23.140:40003 [proto: 125/Skype][1 pkts/67 bytes] diff --git a/tests/result/ubntac2.pcap.out b/tests/result/ubntac2.pcap.out new file mode 100644 index 000000000..02e7d8e59 --- /dev/null +++ b/tests/result/ubntac2.pcap.out @@ -0,0 +1,10 @@ +UBNTAC2 8 1736 8 + + 1 UDP 192.168.1.1:42838 <-> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] + 2 UDP 192.168.1.1:47746 <-> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] + 3 UDP 192.168.1.1:52220 <-> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] + 4 UDP 192.168.1.1:59772 <-> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] + 5 UDP 192.168.1.1:34085 <-> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] + 6 UDP 192.168.1.1:44641 <-> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] + 7 UDP 192.168.1.1:47871 <-> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] + 8 UDP 192.168.1.1:55321 <-> 255.255.255.255:10001 [proto: 31/UBNTAC2][1 pkts/217 bytes][UniFiSecurityGateway.ER-e120.v4.3.33.4936086.161203.2031] -- cgit v1.2.3 From 363b38ceb015530fa1f054c24ebe6c55483e64c1 Mon Sep 17 00:00:00 2001 From: Campus Date: Mon, 13 Feb 2017 13:03:27 +0100 Subject: fix dhcp buffer overflow --- src/lib/protocols/dhcp.c | 49 ++++++++++++++++++++++++------------------------ 1 file changed, 25 insertions(+), 24 deletions(-) (limited to 'src') diff --git a/src/lib/protocols/dhcp.c b/src/lib/protocols/dhcp.c index f597d6ced..38711c911 100644 --- a/src/lib/protocols/dhcp.c +++ b/src/lib/protocols/dhcp.c @@ -78,34 +78,35 @@ void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct, stru while(i < DHCP_VEND_LEN) { u_int8_t id = dhcp->options[i]; - u_int8_t len = dhcp->options[i+1]; - - if(len == 0) break; - + if(id == 0xFF) break; + else { + u_int8_t len = dhcp->options[i+1]; + + if(len == 0) break; + #ifdef DHCP_DEBUG - printf("[DHCP] Id=%d [len=%d]\n", id, len); + printf("[DHCP] Id=%d [len=%d]\n", id, len); #endif - - if(id == 53 /* DHCP Message Type */) { - u_int8_t msg_type = dhcp->options[i+2]; - - if(msg_type <= 8) foundValidMsgType = 1; - } else if(id == 12 /* Host Name */) { - char *name = (char*)&dhcp->options[i+2]; - int j = 0; - + + if(id == 53 /* DHCP Message Type */) { + u_int8_t msg_type = dhcp->options[i+2]; + + if(msg_type <= 8) foundValidMsgType = 1; + } else if(id == 12 /* Host Name */) { + char *name = (char*)&dhcp->options[i+2]; + int j = 0; + #ifdef DHCP_DEBUG - printf("[DHCP] "); - while(j < len) { printf("%c", name[j]); j++; } - printf("\n"); + printf("[DHCP] "); + while(j < len) { printf("%c", name[j]); j++; } + printf("\n"); #endif - j = ndpi_min(len, sizeof(flow->host_server_name)-1); - strncpy((char*)flow->host_server_name, name, j); - flow->host_server_name[j] = '\0'; - } else if(id == 0xFF) - break; - - i += len + 2; + j = ndpi_min(len, sizeof(flow->host_server_name)-1); + strncpy((char*)flow->host_server_name, name, j); + flow->host_server_name[j] = '\0'; + } + i += len + 2; + } } //get_u_int16_t(packet->payload, 240) == htons(0x3501)) { -- cgit v1.2.3 From b35c1ab696672257eeebe8e22448373e486c5e82 Mon Sep 17 00:00:00 2001 From: Campus Date: Tue, 14 Feb 2017 01:23:47 +0100 Subject: minor fix mgcp dissector --- src/lib/protocols/mgcp.c | 104 +++++++++++++++++++---------------------------- 1 file changed, 41 insertions(+), 63 deletions(-) (limited to 'src') diff --git a/src/lib/protocols/mgcp.c b/src/lib/protocols/mgcp.c index 779caa0eb..e16091642 100644 --- a/src/lib/protocols/mgcp.c +++ b/src/lib/protocols/mgcp.c @@ -1,8 +1,7 @@ /* * mgcp.c * - * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2017 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -21,12 +20,11 @@ * along with nDPI. If not, see . * */ - - #include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_MGCP + static void ndpi_int_mgcp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -34,67 +32,47 @@ static void ndpi_int_mgcp_add_connection(struct ndpi_detection_module_struct } - -#if !defined(WIN32) - static inline -#else -__forceinline static -#endif - void ndpi_search_mgcp_connection(struct ndpi_detection_module_struct - *ndpi_struct, struct ndpi_flow_struct *flow) -{ - - struct ndpi_packet_struct *packet = &flow->packet; - -// struct ndpi_id_struct *src=ndpi_struct->src; -// struct ndpi_id_struct *dst=ndpi_struct->dst; - - /* information about MGCP taken from http://en.wikipedia.org/wiki/MGCP */ - - u_int16_t pos = 5; - - if (packet->payload_packet_len < 8) { - goto mgcp_excluded; - } - - /* packet must end with 0x0d0a or with 0x0a */ - if (packet->payload[packet->payload_packet_len - 1] != 0x0a) { - goto mgcp_excluded; - } - - - - if (packet->payload[0] != 'A' && packet->payload[0] != 'C' && packet->payload[0] != 'D' && - packet->payload[0] != 'E' && packet->payload[0] != 'M' && packet->payload[0] != 'N' && - packet->payload[0] != 'R') { - goto mgcp_excluded; - } - if (memcmp(packet->payload, "AUEP ", 5) != 0 && memcmp(packet->payload, "AUCX ", 5) != 0 && - memcmp(packet->payload, "CRCX ", 5) != 0 && memcmp(packet->payload, "DLCX ", 5) != 0 && - memcmp(packet->payload, "EPCF ", 5) != 0 && memcmp(packet->payload, "MDCX ", 5) != 0 && - memcmp(packet->payload, "NTFY ", 5) != 0 && memcmp(packet->payload, "RQNT ", 5) != 0 && - memcmp(packet->payload, "RSIP ", 5) != 0) { - goto mgcp_excluded; - } - // now search for string "MGCP " in the rest of the message - while ((pos + 4) < packet->payload_packet_len) { - if (memcmp(&packet->payload[pos], "MGCP ", 5) == 0) { - NDPI_LOG(NDPI_PROTOCOL_MGCP, ndpi_struct, NDPI_LOG_DEBUG, "MGCP match.\n"); - ndpi_int_mgcp_add_connection(ndpi_struct, flow); - return; - } - pos++; - } - - mgcp_excluded: - NDPI_LOG(NDPI_PROTOCOL_MGCP, ndpi_struct, NDPI_LOG_DEBUG, "exclude MGCP.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MGCP); -} - - void ndpi_search_mgcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_search_mgcp_connection(ndpi_struct, flow); + + struct ndpi_packet_struct *packet = &flow->packet; + + u_int16_t pos = 5; + + if (packet->payload_packet_len < 8) { + goto mgcp_excluded; + } + + /* packet must end with 0x0d0a or with 0x0a */ + if (packet->payload[packet->payload_packet_len - 1] != 0x0a) { + goto mgcp_excluded; + } + + if (packet->payload[0] != 'A' && packet->payload[0] != 'C' && packet->payload[0] != 'D' && + packet->payload[0] != 'E' && packet->payload[0] != 'M' && packet->payload[0] != 'N' && + packet->payload[0] != 'R') { + goto mgcp_excluded; + } + if (memcmp(packet->payload, "AUEP ", 5) != 0 && memcmp(packet->payload, "AUCX ", 5) != 0 && + memcmp(packet->payload, "CRCX ", 5) != 0 && memcmp(packet->payload, "DLCX ", 5) != 0 && + memcmp(packet->payload, "EPCF ", 5) != 0 && memcmp(packet->payload, "MDCX ", 5) != 0 && + memcmp(packet->payload, "NTFY ", 5) != 0 && memcmp(packet->payload, "RQNT ", 5) != 0 && + memcmp(packet->payload, "RSIP ", 5) != 0) { + goto mgcp_excluded; + } + // now search for string "MGCP " in the rest of the message + while ((pos + 4) < packet->payload_packet_len) { + if (memcmp(&packet->payload[pos], "MGCP ", 5) == 0) { + NDPI_LOG(NDPI_PROTOCOL_MGCP, ndpi_struct, NDPI_LOG_DEBUG, "MGCP match.\n"); + ndpi_int_mgcp_add_connection(ndpi_struct, flow); + return; + } + pos++; + } + + mgcp_excluded: + NDPI_LOG(NDPI_PROTOCOL_MGCP, ndpi_struct, NDPI_LOG_DEBUG, "exclude MGCP.\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MGCP); } -- cgit v1.2.3 From af04f78bd783a18593fb9a1320bfc430ae8af0bc Mon Sep 17 00:00:00 2001 From: Campus Date: Thu, 16 Feb 2017 12:43:52 +0100 Subject: update Netflix ip-range list --- src/lib/ndpi_content_match.c.inc | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'src') diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 04b04133a..0bbf4f9df 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -175,11 +175,32 @@ static ndpi_network host_protocol_list[] = { 23.246.0.0/18 23.21.190.124/32 69.53.224.0/19 + 108.175.32.0/20 + 185.2.220.0/22 + 185.9.188.0/22 + 192.173.64.0/18 + 198.38.96.0/19 + 198.45.48.0/20 + 37.77.184.0/21 + 45.57.0.0/17 + 66.197.128.0/17 + 64.120.128.0/17 */ { 0x17F60000 /* 23.246.0.0/18 */, 18, NDPI_PROTOCOL_NETFLIX }, { 0x1715BE7C /* 23.21.190.124/32 */, 32, NDPI_PROTOCOL_NETFLIX }, { 0x4535E000 /* 69.53.224.0/19 */, 19, NDPI_PROTOCOL_NETFLIX }, + { 0x6CAF2000 /* 108.175.32.0/20 */, 20, NDPI_PROTOCOL_NETFLIX }, + { 0xB902DC00 /* 185.2.220.0/22 */, 22, NDPI_PROTOCOL_NETFLIX }, + { 0xB909BC00 /* 185.9.188.0/22 */, 22, NDPI_PROTOCOL_NETFLIX }, + { 0xC0AD4000 /* 192.173.64.0/18 */, 18, NDPI_PROTOCOL_NETFLIX }, + { 0xC6266000 /* 198.38.96.0/19 */, 19, NDPI_PROTOCOL_NETFLIX }, + { 0xC62D3000 /* 198.45.48.0/20 */, 20, NDPI_PROTOCOL_NETFLIX }, + { 0x254DB800 /* 37.77.184.0/21 */, 21, NDPI_PROTOCOL_NETFLIX }, + { 0x2D390000 /* 45.57.0.0/17 */, 17, NDPI_PROTOCOL_NETFLIX }, + { 0x42C58000 /* 66.197.128.0/17 */, 17, NDPI_PROTOCOL_NETFLIX }, + { 0x40788000 /* 64.120.128.0/17 */, 17, NDPI_PROTOCOL_NETFLIX }, + /* Cloudflare -- cgit v1.2.3 From eb92c6b676064ef7bd642f43eae3136e7db4737e Mon Sep 17 00:00:00 2001 From: Campus Date: Thu, 16 Feb 2017 20:11:21 +0100 Subject: improved skype detection --- src/lib/ndpi_content_match.c.inc | 6 +++++- src/lib/protocols/skype.c | 23 ++++++++++------------- 2 files changed, 15 insertions(+), 14 deletions(-) (limited to 'src') diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 0bbf4f9df..dfcad6c28 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -317,11 +317,13 @@ static ndpi_network host_protocol_list[] = { 157.60.0.0/16, 157.54.0.0/15 13.107.3.128/32 13.107.3.129/32 - 111.221.64.0 - 111.221.127.255 + 13.64.0.0/11 + 111.221.64.0/18 91.190.216.0/21 (AS198015 Skype Communications Sarl) 91.190.218.0/24 40.126.129.109/32 65.55.223.0/26 + 23.96.0.0/13 */ { 0x9D388740 /* 157.56.135.64 */, 26, NDPI_PROTOCOL_SKYPE }, { 0x9D38B900 /* 157.56.185.0 */, 26, NDPI_PROTOCOL_SKYPE }, @@ -330,6 +332,7 @@ static ndpi_network host_protocol_list[] = { { 0x9D38C600 /* 157.56.198.0 */, 26, NDPI_PROTOCOL_SKYPE }, { 0x9D3C0000 /* 157.60.0.0 */, 16, NDPI_PROTOCOL_SKYPE }, { 0x9D360000 /* 157.54.0.0 */, 15, NDPI_PROTOCOL_SKYPE }, + { 0x0D400000 /* 13.64.0.0 */, 11, NDPI_PROTOCOL_SKYPE }, { 0x0D6B0380 /* 13.107.3.128 */, 32, NDPI_PROTOCOL_SKYPE }, { 0x0D6B0381 /* 13.107.3.129 */, 32, NDPI_PROTOCOL_SKYPE }, { 0x6FDD4000 /* 111.221.64.0 */, 18, NDPI_PROTOCOL_SKYPE }, @@ -337,6 +340,7 @@ static ndpi_network host_protocol_list[] = { { 0x5BBEDA00 /* 91.190.218.0 */, 24, NDPI_PROTOCOL_SKYPE }, { 0x287F816D /* 40.126.129.109 */, 32, NDPI_PROTOCOL_SKYPE }, { 0x4237DF00 /* 65.55.223.0 */, 26, NDPI_PROTOCOL_SKYPE }, + { 0x17600000 /* 23.96.0.0 */, 13, NDPI_PROTOCOL_SKYPE }, /* route: 5.42.160.0/19 diff --git a/src/lib/protocols/skype.c b/src/lib/protocols/skype.c index da36d40bf..7236da777 100644 --- a/src/lib/protocols/skype.c +++ b/src/lib/protocols/skype.c @@ -1,7 +1,7 @@ /* * skype.c * - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2017 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -17,8 +17,6 @@ * along with nDPI. If not, see . * */ - - #include "ndpi_api.h" #ifdef NDPI_PROTOCOL_SKYPE @@ -55,18 +53,17 @@ static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, s // const u_int8_t *packet_payload = packet->payload; u_int32_t payload_len = packet->payload_packet_len; + if(flow->host_server_name[0] != '\0') return; - /* - Skype AS8220 - 212.161.8.0/24 - */ + if(is_skype_flow(ndpi_struct, flow)) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_UNKNOWN); return; } + // UDP check if(packet->udp != NULL) { flow->l4.udp.skype_packet_id++; @@ -75,20 +72,20 @@ static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, s /* skype-to-skype */ if(dport != 1119) /* It can be confused with battle.net */ { - if(((payload_len == 3) && ((packet->payload[2] & 0x0F)== 0x0d)) - || ((payload_len >= 16) - && (packet->payload[0] != 0x30) /* Avoid invalid SNMP detection */ - && (packet->payload[2] == 0x02))) { + if(((payload_len == 3) && ((packet->payload[2] & 0x0F)== 0x0d)) || + ((payload_len >= 16) + && (packet->payload[0] != 0x30) /* Avoid invalid SNMP detection */ + && (packet->payload[2] == 0x02))) { NDPI_LOG(NDPI_PROTOCOL_SKYPE, ndpi_struct, NDPI_LOG_DEBUG, "Found skype.\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_UNKNOWN); } } - return; } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SKYPE); return; + + // TCP check } else if(packet->tcp != NULL) { flow->l4.tcp.skype_packet_id++; -- cgit v1.2.3 From 66044578c2dba3b081d87d6ea95e1802cb4b47cb Mon Sep 17 00:00:00 2001 From: Konstantin Shalygin Date: Sun, 12 Feb 2017 20:33:38 +0700 Subject: ndpi_content_match: Add origin routes for many services. --- src/lib/ndpi_content_match.c.inc | 15000 +++++++++++++++++++------------------ 1 file changed, 7745 insertions(+), 7255 deletions(-) (limited to 'src') diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index dfcad6c28..86927edb2 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -1,7 +1,7 @@ /* * ndpi_content_match.c * - * Copyright (C) 2011-16 - ntop.org + * Copyright (C) 2011-2017 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -22,90 +22,36 @@ static ndpi_network host_protocol_list[] = { - /* - Facebook - 31.13.86.0/24 - 31.13.24.0/21 - 31.13.64.0/18 - 31.13.65.0/24 - 31.13.66.0/24 - 31.13.67.0/24 - 31.13.68.0/24 - 31.13.69.0/24 - 31.13.70.0/24 - 31.13.71.0/24 - 31.13.72.0/24 - 31.13.73.0/24 - 31.13.74.0/24 - 31.13.75.0/24 - 31.13.76.0/24 - 31.13.77.0/24 - 31.13.78.0/24 - 31.13.80.0/24 - 31.13.96.0/19 - 45.64.40.0/22 - 69.63.176.0/20 - 69.63.184.0/21 - 66.220.144.0/20 - 66.220.152.0/21 - 204.15.20.0/22 - + /* + Facebook, Inc. + origin AS32934, AS54115 + */ - */ - { 0x1F0D1800 /* 31.13.24.0/21 */, 21, NDPI_PROTOCOL_FACEBOOK }, - { 0x1F0D4000 /* 31.13.64.0/18 */, 18, NDPI_PROTOCOL_FACEBOOK }, - { 0x1F0D4100 /* 31.13.65.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, - { 0x1F0D4200 /* 31.13.66.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, - { 0x1F0D4300 /* 31.13.67.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, - { 0x1F0D4400 /* 31.13.68.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, - { 0x1F0D4500 /* 31.13.69.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, - { 0x1F0D4600 /* 31.13.70.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, - { 0x1F0D4700 /* 31.13.71.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, - { 0x1F0D4800 /* 31.13.72.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, - { 0x1F0D4900 /* 31.13.73.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, - { 0x1F0D4A00 /* 31.13.74.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, - { 0x1F0D4B00 /* 31.13.75.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, - { 0x1F0D4C00 /* 31.13.76.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, - { 0x1F0D4D00 /* 31.13.77.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, - { 0x1F0D4E00 /* 31.13.78.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, - { 0x1F0D8000 /* 31.13.80.0/24 */, 24, NDPI_PROTOCOL_FACEBOOK }, - { 0x1F0D6000 /* 31.13.96.0/19 */, 19, NDPI_PROTOCOL_FACEBOOK }, - { 0x2D402800 /* 45.64.40.0/22 */, 22, NDPI_PROTOCOL_FACEBOOK }, - { 0x453FB000 /* 69.63.176.0/20 */, 20, NDPI_PROTOCOL_FACEBOOK }, - { 0x453FB800 /* 69.63.184.0/21 */, 21, NDPI_PROTOCOL_FACEBOOK }, - { 0x42DC9000 /* 66.220.144.0/20 */, 20, NDPI_PROTOCOL_FACEBOOK }, - { 0x45DC9800 /* 69.220.152.0/21 */, 21, NDPI_PROTOCOL_FACEBOOK }, - { 0xCC0F1400 /* 204.15.20.0/22 */, 22, NDPI_PROTOCOL_FACEBOOK }, + { 0x1F0D1800 /* 31.13.24.0/21 */, 21, NDPI_PROTOCOL_FACEBOOK }, + { 0x1F0D4000 /* 31.13.64.0/18 */, 18, NDPI_PROTOCOL_FACEBOOK }, + { 0x2D402800 /* 45.64.40.0/22 */, 22, NDPI_PROTOCOL_FACEBOOK }, + { 0x42DC9000 /* 66.220.144.0/20 */, 20, NDPI_PROTOCOL_FACEBOOK }, + { 0x453FB000 /* 69.63.176.0/20 */, 20, NDPI_PROTOCOL_FACEBOOK }, + { 0x45ABE000 /* 69.171.224.0/19 */, 19, NDPI_PROTOCOL_FACEBOOK }, + { 0x4A774C00 /* 74.119.76.0/22 */, 22, NDPI_PROTOCOL_FACEBOOK }, + { 0x67046000 /* 103.4.96.0/22 */, 22, NDPI_PROTOCOL_FACEBOOK }, + { 0x81860000 /* 129.134.0.0/16 */, 16, NDPI_PROTOCOL_FACEBOOK }, + { 0x9DF00000 /* 157.240.0.0/16 */, 16, NDPI_PROTOCOL_FACEBOOK }, + { 0xADFC4000 /* 173.252.64.0/18 */, 18, NDPI_PROTOCOL_FACEBOOK }, + { 0xB33CC000 /* 179.60.192.0/22 */, 22, NDPI_PROTOCOL_FACEBOOK }, + { 0xB93CD800 /* 185.60.216.0/22 */, 22, NDPI_PROTOCOL_FACEBOOK }, + { 0xC7C94000 /* 199.201.64.0/22 */, 22, NDPI_PROTOCOL_FACEBOOK }, + { 0xCC0F1400 /* 204.15.20.0/22 */, 22, NDPI_PROTOCOL_FACEBOOK }, + /* + Twitter Inc. + origin AS13414, AS35995 + */ - /* - Twitter - 103.252.112.0/23 - 103.252.114.0/23 - 104.244.40.0/24 - 104.244.41.0/24 - 104.244.42.0/24 - 104.244.43.0/24 - 104.244.44.0/24 - 104.244.45.0/24 - 104.244.46.0/24 - 104.244.47.0/24 - 185.45.5.0/24 - 185.45.6.0/23 - 192.133.76.0/22 - 199.16.156.0/22 - 199.59.148.0/22 - 199.96.56.0/23 - 199.96.58.0/23 - 199.96.60.0/23 - 199.96.62.0/23 - 202.160.128.0/24 - 202.160.129.0/24 - 202.160.130.0/24 - 202.160.131.0/24 - */ - { 0x67FC7000 /* 103.252.112.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, - { 0x67FC7200 /* 103.252.114.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, + { 0x0819C200 /* 8.25.194.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, + { 0x0819C400 /* 8.25.196.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, + { 0x450C3800 /* 69.12.56.0/21 */, 21, NDPI_PROTOCOL_TWITTER }, + { 0x67FC7000 /* 103.252.112.0/22 */, 22, NDPI_PROTOCOL_TWITTER }, { 0x68F42800 /* 104.244.40.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, { 0x68F42900 /* 104.244.41.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, { 0x68F42A00 /* 104.244.42.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, @@ -114,81 +60,493 @@ static ndpi_network host_protocol_list[] = { { 0x68F42D00 /* 104.244.45.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, { 0x68F42E00 /* 104.244.46.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, { 0x68F42F00 /* 104.244.47.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, - { 0xB92D0500 /* 185.45.5.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, + { 0xB92D0400 /* 185.45.4.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, { 0xB92D0600 /* 185.45.6.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, + { 0xBC40E000 /* 188.64.224.0/21 */, 21, NDPI_PROTOCOL_TWITTER }, + { 0xC02C4400 /* 192.44.68.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, + { 0xC030EC00 /* 192.48.236.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, { 0xC0854C00 /* 192.133.76.0/22 */, 22, NDPI_PROTOCOL_TWITTER }, { 0xC7109C00 /* 199.16.156.0/22 */, 22, NDPI_PROTOCOL_TWITTER }, { 0xC73B9400 /* 199.59.148.0/22 */, 22, NDPI_PROTOCOL_TWITTER }, - { 0xC7603800 /* 199.96.56.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, - { 0xC7603B00 /* 199.96.58.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, - { 0xC7603C00 /* 199.96.60.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, - { 0xC7603F00 /* 199.96.62.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, - { 0x68F28000 /* 202.160.128.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, - { 0x68F28100 /* 202.160.129.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, - { 0x68F28200 /* 202.160.130.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, - { 0x68F28300 /* 202.160.131.0/24 */, 24, NDPI_PROTOCOL_TWITTER }, + { 0xC7453A00 /* 199.69.58.0/23 */, 23, NDPI_PROTOCOL_TWITTER }, + { 0xC7603800 /* 199.96.56.0/21 */, 21, NDPI_PROTOCOL_TWITTER }, + { 0xCAA08000 /* 202.160.128.0/22 */, 22, NDPI_PROTOCOL_TWITTER }, /* WhatsApp Inc. 169.47.35.32 - 169.47.35.63 */ + { 0xA92F2320 /* 169.47.35.32/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, - - /* - OpenDNS - 208.67.216.0/21 - */ - { 0xD043D800 /* 208.67.216.0/21 */, 21, NDPI_PROTOCOL_OPENDNS }, - /* + /* + OpenDNS, LLC + origin AS36692, AS30607 + */ + + { 0x26631400 /* 38.99.20.0/23 */, 23, NDPI_PROTOCOL_OPENDNS }, + { 0x3F504FC0 /* 63.80.79.192/26 */, 26, NDPI_PROTOCOL_OPENDNS }, + { 0x43D74000 /* 67.215.64.0/19 */, 19, NDPI_PROTOCOL_OPENDNS }, + { 0x92700000 /* 146.112.0.0/16 */, 16, NDPI_PROTOCOL_OPENDNS }, + { 0xB93C5400 /* 185.60.84.0/24 */, 24, NDPI_PROTOCOL_OPENDNS }, + { 0xB93C5500 /* 185.60.85.0/24 */, 24, NDPI_PROTOCOL_OPENDNS }, + { 0xB93C5600 /* 185.60.86.0/24 */, 24, NDPI_PROTOCOL_OPENDNS }, + { 0xB93C5700 /* 185.60.87.0/24 */, 24, NDPI_PROTOCOL_OPENDNS }, + { 0xCCC2E800 /* 204.194.232.0/21 */, 21, NDPI_PROTOCOL_OPENDNS }, + { 0xD043D800 /* 208.67.216.0/21 */, 21, NDPI_PROTOCOL_OPENDNS }, + { 0xD0452000 /* 208.69.32.0/21 */, 21, NDPI_PROTOCOL_OPENDNS }, + + /* Microsoft Corporation (MS One Drive) - 204.79.195.0/24 - 204.79.196.0/23 - 134.170.0.0/16 - 131.253.12.0/22 - 131.253.16.0/23 - 131.253.18.0/24 - 65.54.191.0/24 */ + { 0xCC4FC300 /* 204.79.195.0/24 */, 24, NDPI_PROTOCOL_MS_ONE_DRIVE }, { 0xCC4FC400 /* 204.79.196.0/23 */, 23, NDPI_PROTOCOL_MS_ONE_DRIVE }, - { 0x86AA0000 /* 134.170.0.0/16 */, 16, NDPI_PROTOCOL_MS_ONE_DRIVE }, + { 0x86AA0000 /* 134.170.0.0/16 */, 16, NDPI_PROTOCOL_MS_ONE_DRIVE }, { 0x83FD0C00 /* 131.253.12.0/22 */, 22, NDPI_PROTOCOL_MS_ONE_DRIVE }, { 0x83FD1000 /* 131.253.16.0/23 */, 23, NDPI_PROTOCOL_MS_ONE_DRIVE }, { 0x83FD1200 /* 131.253.18.0/24 */, 24, NDPI_PROTOCOL_MS_ONE_DRIVE }, - { 0x4136BF00 /* 65.54.191.0/24 */, 24, NDPI_PROTOCOL_MS_ONE_DRIVE }, + { 0x4136BF00 /* 65.54.191.0/24 */, 24, NDPI_PROTOCOL_MS_ONE_DRIVE }, - /* - Amazon-EU-AWS Elastic Compute Cloud, EC2 (also used by Netflix) - 46.137.128.0/18 + /* + Amazon.com, Inc. / Amazon Data Services Ireland Ltd + origin AS16509, AS14618, AS7224, AS62785, AS8987 */ + + { 0x08129000 /* 8.18.144.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x08129100 /* 8.18.145.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x0D200000 /* 13.32.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x0D340000 /* 13.52.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x0D380000 /* 13.56.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x0D700000 /* 13.112.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x0D7C0000 /* 13.124.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x0DD00000 /* 13.208.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x0DE40000 /* 13.228.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x0DE80000 /* 13.232.0.0/13 */, 13, NDPI_PROTOCOL_AMAZON }, + { 0x0DF80000 /* 13.248.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x17140000 /* 23.20.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x1B000000 /* 27.0.0.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x22C00000 /* 34.192.0.0/10 */, 10, NDPI_PROTOCOL_AMAZON }, + { 0x23980000 /* 35.152.0.0/13 */, 13, NDPI_PROTOCOL_AMAZON }, + { 0x23A00000 /* 35.160.0.0/12 */, 12, NDPI_PROTOCOL_AMAZON }, + { 0x23B00000 /* 35.176.0.0/13 */, 13, NDPI_PROTOCOL_AMAZON }, + { 0x2BFAC000 /* 43.250.192.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x2BFAC100 /* 43.250.193.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x2E338000 /* 46.51.128.0/18 */, 18, NDPI_PROTOCOL_AMAZON }, + { 0x2E33C000 /* 46.51.192.0/20 */, 20, NDPI_PROTOCOL_AMAZON }, + { 0x2E33D800 /* 46.51.216.0/21 */, 21, NDPI_PROTOCOL_AMAZON }, + { 0x2E33E000 /* 46.51.224.0/19 */, 19, NDPI_PROTOCOL_AMAZON }, + { 0x2E890000 /* 46.137.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, { 0x2E898000 /* 46.137.128.0/18 */, 18, NDPI_PROTOCOL_AMAZON }, + { 0x2E89C000 /* 46.137.192.0/19 */, 19, NDPI_PROTOCOL_AMAZON }, + { 0x2E89E000 /* 46.137.224.0/19 */, 19, NDPI_PROTOCOL_AMAZON }, + { 0x32100000 /* 50.16.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x32700000 /* 50.112.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x34000000 /* 52.0.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x34020000 /* 52.2.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x34040000 /* 52.4.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x34080000 /* 52.8.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x34090000 /* 52.9.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x340A0000 /* 52.10.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x340C0000 /* 52.12.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x340E0000 /* 52.14.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x34100000 /* 52.16.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x34120000 /* 52.18.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x34140000 /* 52.20.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x34180000 /* 52.24.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x341C0000 /* 52.28.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x341D0000 /* 52.29.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x341E0000 /* 52.30.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x34200000 /* 52.32.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x34240000 /* 52.36.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x34280000 /* 52.40.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x342C0000 /* 52.44.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x342E0000 /* 52.46.0.0/18 */, 18, NDPI_PROTOCOL_AMAZON }, + { 0x342E5000 /* 52.46.80.0/21 */, 21, NDPI_PROTOCOL_AMAZON }, + { 0x342F0000 /* 52.47.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x34300000 /* 52.48.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x34340000 /* 52.52.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x34360000 /* 52.54.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x34380000 /* 52.56.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x34390000 /* 52.57.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x343A0000 /* 52.58.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x343C0000 /* 52.60.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x343E0000 /* 52.62.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x34400000 /* 52.64.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x34408000 /* 52.64.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x34410000 /* 52.65.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x34420000 /* 52.66.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x34430000 /* 52.67.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x34440000 /* 52.68.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x34460000 /* 52.70.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x34480000 /* 52.72.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x344A0000 /* 52.74.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x344C0000 /* 52.76.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x344C8000 /* 52.76.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x344D0000 /* 52.77.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x344E0000 /* 52.78.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x344F0000 /* 52.79.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x3452BB00 /* 52.82.187.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x34530000 /* 52.83.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x34540000 /* 52.84.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x34560000 /* 52.86.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x34580000 /* 52.88.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x345A0000 /* 52.90.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x345C0000 /* 52.92.0.0/20 */, 20, NDPI_PROTOCOL_AMAZON }, + { 0x345C1000 /* 52.92.16.0/20 */, 20, NDPI_PROTOCOL_AMAZON }, + { 0x345C2000 /* 52.92.32.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345C2800 /* 52.92.40.0/21 */, 21, NDPI_PROTOCOL_AMAZON }, + { 0x345C3000 /* 52.92.48.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345C3400 /* 52.92.52.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345C3800 /* 52.92.56.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345C3C00 /* 52.92.60.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345C4000 /* 52.92.64.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345C4400 /* 52.92.68.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345C4800 /* 52.92.72.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345C4C00 /* 52.92.76.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345C5400 /* 52.92.84.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345C5800 /* 52.92.88.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345CF800 /* 52.92.248.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345CFC00 /* 52.92.252.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345D0000 /* 52.93.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x345E0000 /* 52.94.0.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345E0400 /* 52.94.4.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345E0500 /* 52.94.5.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345E0600 /* 52.94.6.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345E0700 /* 52.94.7.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345E0800 /* 52.94.8.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345E0900 /* 52.94.9.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345E0A00 /* 52.94.10.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345E0B00 /* 52.94.11.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345E0C00 /* 52.94.12.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345E0D00 /* 52.94.13.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345E0E00 /* 52.94.14.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345E0F00 /* 52.94.15.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345E1100 /* 52.94.17.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345E1800 /* 52.94.24.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x345E1C00 /* 52.94.28.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x345E2000 /* 52.94.32.0/20 */, 20, NDPI_PROTOCOL_AMAZON }, + { 0x345E3000 /* 52.94.48.0/20 */, 20, NDPI_PROTOCOL_AMAZON }, + { 0x345E4000 /* 52.94.64.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345E5000 /* 52.94.80.0/20 */, 20, NDPI_PROTOCOL_AMAZON }, + { 0x345E6000 /* 52.94.96.0/20 */, 20, NDPI_PROTOCOL_AMAZON }, + { 0x345E7000 /* 52.94.112.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345ECC00 /* 52.94.204.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x345ECE00 /* 52.94.206.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x345ED000 /* 52.94.208.0/21 */, 21, NDPI_PROTOCOL_AMAZON }, + { 0x345ED800 /* 52.94.216.0/21 */, 21, NDPI_PROTOCOL_AMAZON }, + { 0x345EE000 /* 52.94.224.0/20 */, 20, NDPI_PROTOCOL_AMAZON }, + { 0x345EF000 /* 52.94.240.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345EFC00 /* 52.94.252.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x345EFE00 /* 52.94.254.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x345F0000 /* 52.95.0.0/21 */, 21, NDPI_PROTOCOL_AMAZON }, + { 0x345F0A00 /* 52.95.10.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x345F0C00 /* 52.95.12.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345F1000 /* 52.95.16.0/21 */, 21, NDPI_PROTOCOL_AMAZON }, + { 0x345F1800 /* 52.95.24.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345F1E00 /* 52.95.30.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x345F2200 /* 52.95.34.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345F2300 /* 52.95.35.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345F2400 /* 52.95.36.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345F3000 /* 52.95.48.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345F3400 /* 52.95.52.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345F3800 /* 52.95.56.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345F4000 /* 52.95.64.0/20 */, 20, NDPI_PROTOCOL_AMAZON }, + { 0x345F5000 /* 52.95.80.0/20 */, 20, NDPI_PROTOCOL_AMAZON }, + { 0x345F6000 /* 52.95.96.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345F6400 /* 52.95.100.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345F6800 /* 52.95.104.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345F6F00 /* 52.95.111.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345F8000 /* 52.95.128.0/19 */, 19, NDPI_PROTOCOL_AMAZON }, + { 0x345FA000 /* 52.95.160.0/19 */, 19, NDPI_PROTOCOL_AMAZON }, + { 0x345FC000 /* 52.95.192.0/20 */, 20, NDPI_PROTOCOL_AMAZON }, + { 0x345FD400 /* 52.95.212.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x345FE000 /* 52.95.224.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345FF000 /* 52.95.240.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345FF100 /* 52.95.241.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345FF200 /* 52.95.242.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345FF300 /* 52.95.243.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345FF400 /* 52.95.244.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345FF500 /* 52.95.245.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345FF600 /* 52.95.246.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345FF700 /* 52.95.247.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345FF800 /* 52.95.248.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345FF900 /* 52.95.249.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345FFA00 /* 52.95.250.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345FFB00 /* 52.95.251.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345FFC00 /* 52.95.252.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345FFD00 /* 52.95.253.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x345FFE00 /* 52.95.254.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x34778000 /* 52.119.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x347C8000 /* 52.124.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x34818000 /* 52.129.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x34908000 /* 52.144.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x34C00000 /* 52.192.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x34C40000 /* 52.196.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x34C80000 /* 52.200.0.0/13 */, 13, NDPI_PROTOCOL_AMAZON }, + { 0x34D00000 /* 52.208.0.0/13 */, 13, NDPI_PROTOCOL_AMAZON }, + { 0x34D80000 /* 52.216.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x34DA0000 /* 52.218.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x34DA8000 /* 52.218.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x34DB0000 /* 52.219.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x34DB8000 /* 52.219.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x34DC0000 /* 52.220.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x34DE0000 /* 52.222.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x34DE8000 /* 52.222.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36400000 /* 54.64.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x36420000 /* 54.66.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36428000 /* 54.66.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36430000 /* 54.67.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36440000 /* 54.68.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x36460000 /* 54.70.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x36480000 /* 54.72.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x36490000 /* 54.73.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x364A0000 /* 54.74.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x364C0000 /* 54.76.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x364E0000 /* 54.78.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x364F0000 /* 54.79.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x364F8000 /* 54.79.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36500000 /* 54.80.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x36540000 /* 54.84.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x36560000 /* 54.86.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x36570000 /* 54.87.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x36580000 /* 54.88.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x36590000 /* 54.89.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x365A0000 /* 54.90.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x365C0000 /* 54.92.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x365C8000 /* 54.92.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x365D0000 /* 54.93.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x365E0000 /* 54.94.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x365E8000 /* 54.94.128.0/18 */, 18, NDPI_PROTOCOL_AMAZON }, + { 0x365EC000 /* 54.94.192.0/18 */, 18, NDPI_PROTOCOL_AMAZON }, + { 0x365F0000 /* 54.95.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x365F8000 /* 54.95.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36900000 /* 54.144.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x36940000 /* 54.148.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x36960000 /* 54.150.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x36970000 /* 54.151.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36978000 /* 54.151.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36980000 /* 54.152.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x36990000 /* 54.153.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36998000 /* 54.153.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x369A0000 /* 54.154.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x369B0000 /* 54.155.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x369C0000 /* 54.156.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x36A00000 /* 54.160.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x36A40000 /* 54.164.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x36A60000 /* 54.166.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x36A80000 /* 54.168.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x36A90000 /* 54.169.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36A98000 /* 54.169.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36AA0000 /* 54.170.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x36AB0000 /* 54.171.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x36AC0000 /* 54.172.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x36AE0000 /* 54.174.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x36B00000 /* 54.176.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x36B20000 /* 54.178.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36B28000 /* 54.178.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36B30000 /* 54.179.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36B38000 /* 54.179.128.0/18 */, 18, NDPI_PROTOCOL_AMAZON }, + { 0x36B3C000 /* 54.179.192.0/18 */, 18, NDPI_PROTOCOL_AMAZON }, + { 0x36B60000 /* 54.182.0.0/21 */, 21, NDPI_PROTOCOL_AMAZON }, + { 0x36B60800 /* 54.182.8.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x36B61000 /* 54.182.16.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x36B68000 /* 54.182.128.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B68200 /* 54.182.130.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B68400 /* 54.182.132.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B68600 /* 54.182.134.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B68800 /* 54.182.136.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B68A00 /* 54.182.138.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B68C00 /* 54.182.140.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B68E00 /* 54.182.142.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B69000 /* 54.182.144.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B69200 /* 54.182.146.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B69400 /* 54.182.148.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B69600 /* 54.182.150.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B69800 /* 54.182.152.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B69A00 /* 54.182.154.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B69C00 /* 54.182.156.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B69E00 /* 54.182.158.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B6A200 /* 54.182.162.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B6A400 /* 54.182.164.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B6A600 /* 54.182.166.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B6A800 /* 54.182.168.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B6AA00 /* 54.182.170.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6AE00 /* 54.182.174.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B6B000 /* 54.182.176.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B6B200 /* 54.182.178.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B6B400 /* 54.182.180.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B6B600 /* 54.182.182.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B6B800 /* 54.182.184.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B6BA00 /* 54.182.186.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B6BF00 /* 54.182.191.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6C000 /* 54.182.192.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6C100 /* 54.182.193.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6C200 /* 54.182.194.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6C300 /* 54.182.195.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6C400 /* 54.182.196.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6C500 /* 54.182.197.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6C600 /* 54.182.198.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6C700 /* 54.182.199.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6C800 /* 54.182.200.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6C900 /* 54.182.201.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6CA00 /* 54.182.202.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6CB00 /* 54.182.203.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6CC00 /* 54.182.204.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6CD00 /* 54.182.205.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6CE00 /* 54.182.206.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6CF00 /* 54.182.207.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6D100 /* 54.182.209.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6D200 /* 54.182.210.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6D300 /* 54.182.211.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6D400 /* 54.182.212.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6D500 /* 54.182.213.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6D600 /* 54.182.214.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6D700 /* 54.182.215.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6D800 /* 54.182.216.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6D900 /* 54.182.217.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6DA00 /* 54.182.218.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6DB00 /* 54.182.219.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6DC00 /* 54.182.220.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6DD00 /* 54.182.221.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6DE00 /* 54.182.222.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6DF00 /* 54.182.223.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6E000 /* 54.182.224.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B6E200 /* 54.182.226.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B6E400 /* 54.182.228.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B6E600 /* 54.182.230.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6E700 /* 54.182.231.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6E800 /* 54.182.232.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6E900 /* 54.182.233.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6EA00 /* 54.182.234.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6EB00 /* 54.182.235.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6EC00 /* 54.182.236.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6ED00 /* 54.182.237.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6EE00 /* 54.182.238.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6EF00 /* 54.182.239.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6F000 /* 54.182.240.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B6F200 /* 54.182.242.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6F300 /* 54.182.243.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6F400 /* 54.182.244.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6F500 /* 54.182.245.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6F600 /* 54.182.246.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B6F800 /* 54.182.248.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B6FA00 /* 54.182.250.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x36B6FC00 /* 54.182.252.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6FD00 /* 54.182.253.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6FE00 /* 54.182.254.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B6FF00 /* 54.182.255.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, + { 0x36B70000 /* 54.183.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36B78000 /* 54.183.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36B80000 /* 54.184.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x36BA0000 /* 54.186.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x36BC0000 /* 54.188.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x36BE0000 /* 54.190.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x36BF0000 /* 54.191.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x36C00000 /* 54.192.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x36C10000 /* 54.193.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36C18000 /* 54.193.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36C20000 /* 54.194.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x36C30000 /* 54.195.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x36C40000 /* 54.196.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x36C60000 /* 54.198.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x36C70000 /* 54.199.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36C78000 /* 54.199.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36C80000 /* 54.200.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x36CA0000 /* 54.202.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x36CC0000 /* 54.204.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x36CE0000 /* 54.206.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36CE8000 /* 54.206.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36CF0000 /* 54.207.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36CF8000 /* 54.207.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36D00000 /* 54.208.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x36D20000 /* 54.210.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x36D30000 /* 54.211.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x36D40000 /* 54.212.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x36D50000 /* 54.213.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x36D60000 /* 54.214.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36D68000 /* 54.214.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36D70000 /* 54.215.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36D78000 /* 54.215.128.0/18 */, 18, NDPI_PROTOCOL_AMAZON }, + { 0x36D7C000 /* 54.215.192.0/18 */, 18, NDPI_PROTOCOL_AMAZON }, + { 0x36D80000 /* 54.216.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x36DA0000 /* 54.218.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36DA8000 /* 54.218.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36DB0000 /* 54.219.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x36DB8000 /* 54.219.128.0/18 */, 18, NDPI_PROTOCOL_AMAZON }, + { 0x36DBC000 /* 54.219.192.0/18 */, 18, NDPI_PROTOCOL_AMAZON }, + { 0x36DC0000 /* 54.220.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x36DD0000 /* 54.221.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0x36DF2000 /* 54.223.32.0/19 */, 19, NDPI_PROTOCOL_AMAZON }, + { 0x36DF4000 /* 54.223.64.0/18 */, 18, NDPI_PROTOCOL_AMAZON }, + { 0x36E00000 /* 54.224.0.0/12 */, 12, NDPI_PROTOCOL_AMAZON }, + { 0x36F00000 /* 54.240.0.0/12 */, 12, NDPI_PROTOCOL_AMAZON }, + { 0x3F5C0C00 /* 63.92.12.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x3FEE0C00 /* 63.238.12.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x3FEE1000 /* 63.238.16.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x42074000 /* 66.7.64.0/19 */, 19, NDPI_PROTOCOL_AMAZON }, + { 0x43CA0000 /* 67.202.0.0/18 */, 18, NDPI_PROTOCOL_AMAZON }, + { 0x4815C000 /* 72.21.192.0/19 */, 19, NDPI_PROTOCOL_AMAZON }, + { 0x482C2000 /* 72.44.32.0/19 */, 19, NDPI_PROTOCOL_AMAZON }, + { 0x4B658000 /* 75.101.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x4F7D0000 /* 79.125.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x57EE5000 /* 87.238.80.0/21 */, 21, NDPI_PROTOCOL_AMAZON }, + { 0x607F0000 /* 96.127.0.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0x67040800 /* 103.4.8.0/21 */, 21, NDPI_PROTOCOL_AMAZON }, + { 0x6708AC00 /* 103.8.172.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0x67F69400 /* 103.246.148.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x67F69600 /* 103.246.150.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0x6B140000 /* 107.20.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x7AF8C000 /* 122.248.192.0/18 */, 18, NDPI_PROTOCOL_AMAZON }, + { 0xAC606000 /* 172.96.96.0/20 */, 20, NDPI_PROTOCOL_AMAZON }, + { 0xAE810000 /* 174.129.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0xAF298000 /* 175.41.128.0/18 */, 18, NDPI_PROTOCOL_AMAZON }, + { 0xAF29C000 /* 175.41.192.0/18 */, 18, NDPI_PROTOCOL_AMAZON }, + { 0xB0204000 /* 176.32.64.0/19 */, 19, NDPI_PROTOCOL_AMAZON }, + { 0xB0206000 /* 176.32.96.0/21 */, 21, NDPI_PROTOCOL_AMAZON }, + { 0xB0206800 /* 176.32.104.0/21 */, 21, NDPI_PROTOCOL_AMAZON }, + { 0xB0207000 /* 176.32.112.0/21 */, 21, NDPI_PROTOCOL_AMAZON }, + { 0xB0207800 /* 176.32.120.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0xB0207E00 /* 176.32.126.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0xB0220000 /* 176.34.0.0/19 */, 19, NDPI_PROTOCOL_AMAZON }, + { 0xB0222000 /* 176.34.32.0/19 */, 19, NDPI_PROTOCOL_AMAZON }, + { 0xB0224000 /* 176.34.64.0/18 */, 18, NDPI_PROTOCOL_AMAZON }, + { 0xB0228000 /* 176.34.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0xB1478000 /* 177.71.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0xB148F000 /* 177.72.240.0/21 */, 21, NDPI_PROTOCOL_AMAZON }, + { 0xB2EC0000 /* 178.236.0.0/20 */, 20, NDPI_PROTOCOL_AMAZON }, + { 0xB8480000 /* 184.72.0.0/18 */, 18, NDPI_PROTOCOL_AMAZON }, + { 0xB8484000 /* 184.72.64.0/19 */, 19, NDPI_PROTOCOL_AMAZON }, + { 0xB8486000 /* 184.72.96.0/19 */, 19, NDPI_PROTOCOL_AMAZON }, + { 0xB8488000 /* 184.72.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0xB8490000 /* 184.73.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, + { 0xB8A98000 /* 184.169.128.0/17 */, 17, NDPI_PROTOCOL_AMAZON }, + { 0xB9307800 /* 185.48.120.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0xB98F1000 /* 185.143.16.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0xC77FE800 /* 199.127.232.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0xC7FFC000 /* 199.255.192.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0xCB53DC00 /* 203.83.220.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0xCCEC8000 /* 204.236.128.0/18 */, 18, NDPI_PROTOCOL_AMAZON }, + { 0xCCECC000 /* 204.236.192.0/18 */, 18, NDPI_PROTOCOL_AMAZON }, + { 0xCCF6A000 /* 204.246.160.0/19 */, 19, NDPI_PROTOCOL_AMAZON }, + { 0xCDFBC000 /* 205.251.192.0/18 */, 18, NDPI_PROTOCOL_AMAZON }, + { 0xCFABA000 /* 207.171.160.0/19 */, 19, NDPI_PROTOCOL_AMAZON }, + { 0xD02FF800 /* 208.47.248.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, + { 0xD1C96000 /* 209.201.96.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, + { 0xD8892000 /* 216.137.32.0/19 */, 19, NDPI_PROTOCOL_AMAZON }, + { 0xD8B6E000 /* 216.182.224.0/20 */, 20, NDPI_PROTOCOL_AMAZON }, - /* - Amazon-EU (also used by Netflix) - 176.34.184.0/21 + /* + Netflix Inc. / Netflix Streaming Services Inc. + origin AS2906, AS55095, AS40027 */ - { 0xB022B800 /* 176.34.184.0/21 */, 21, NDPI_PROTOCOL_AMAZON }, - - /* - Netflix - 23.246.0.0/18 - 23.21.190.124/32 - 69.53.224.0/19 - 108.175.32.0/20 - 185.2.220.0/22 - 185.9.188.0/22 - 192.173.64.0/18 - 198.38.96.0/19 - 198.45.48.0/20 - 37.77.184.0/21 - 45.57.0.0/17 - 66.197.128.0/17 - 64.120.128.0/17 - */ { 0x17F60000 /* 23.246.0.0/18 */, 18, NDPI_PROTOCOL_NETFLIX }, - { 0x1715BE7C /* 23.21.190.124/32 */, 32, NDPI_PROTOCOL_NETFLIX }, + { 0x254DB800 /* 37.77.184.0/21 */, 21, NDPI_PROTOCOL_NETFLIX }, + { 0x26487E00 /* 38.72.126.0/24 */, 24, NDPI_PROTOCOL_NETFLIX }, + { 0x2D390000 /* 45.57.0.0/17 */, 17, NDPI_PROTOCOL_NETFLIX }, + { 0x40788000 /* 64.120.128.0/17 */, 17, NDPI_PROTOCOL_NETFLIX }, + { 0x42C58000 /* 66.197.128.0/17 */, 17, NDPI_PROTOCOL_NETFLIX }, { 0x4535E000 /* 69.53.224.0/19 */, 19, NDPI_PROTOCOL_NETFLIX }, { 0x6CAF2000 /* 108.175.32.0/20 */, 20, NDPI_PROTOCOL_NETFLIX }, { 0xB902DC00 /* 185.2.220.0/22 */, 22, NDPI_PROTOCOL_NETFLIX }, @@ -196,38 +554,37 @@ static ndpi_network host_protocol_list[] = { { 0xC0AD4000 /* 192.173.64.0/18 */, 18, NDPI_PROTOCOL_NETFLIX }, { 0xC6266000 /* 198.38.96.0/19 */, 19, NDPI_PROTOCOL_NETFLIX }, { 0xC62D3000 /* 198.45.48.0/20 */, 20, NDPI_PROTOCOL_NETFLIX }, - { 0x254DB800 /* 37.77.184.0/21 */, 21, NDPI_PROTOCOL_NETFLIX }, - { 0x2D390000 /* 45.57.0.0/17 */, 17, NDPI_PROTOCOL_NETFLIX }, - { 0x42C58000 /* 66.197.128.0/17 */, 17, NDPI_PROTOCOL_NETFLIX }, - { 0x40788000 /* 64.120.128.0/17 */, 17, NDPI_PROTOCOL_NETFLIX }, - + { 0xD04B4C00 /* 208.75.76.0/22 */, 22, NDPI_PROTOCOL_NETFLIX }, /* - Cloudflare - 104.16.0.0/12 - 173.245.48.0/20 - 162.158.0.0/15 - 141.101.125.0/24 CLOUDFLARE-EU CDN network + Cloudflare, Inc. + origin AS13335, AS132892, AS203898, AS394536 */ + + { 0x4044C000 /* 64.68.192.0/24 */, 24, NDPI_PROTOCOL_CLOUDFLARE }, { 0x68100000 /* 104.16.0.0/12 */, 12, NDPI_PROTOCOL_CLOUDFLARE }, - { 0xADF53000 /* 173.245.48.0/20 */, 20, NDPI_PROTOCOL_CLOUDFLARE }, + { 0x6CA2C000 /* 108.162.192.0/18 */, 18, NDPI_PROTOCOL_CLOUDFLARE }, + { 0x8D654400 /* 141.101.68.0/24 */, 24, NDPI_PROTOCOL_CLOUDFLARE }, + { 0x8D654500 /* 141.101.69.0/24 */, 24, NDPI_PROTOCOL_CLOUDFLARE }, { 0xA29E0000 /* 162.158.0.0/15 */, 15, NDPI_PROTOCOL_CLOUDFLARE }, - { 0x8D657D00 /* 141.101.125.0/24 */, 24, NDPI_PROTOCOL_CLOUDFLARE }, + { 0xA2FB5200 /* 162.251.82.0/24 */, 24, NDPI_PROTOCOL_CLOUDFLARE }, + { 0xAC400000 /* 172.64.0.0/13 */, 13, NDPI_PROTOCOL_CLOUDFLARE }, + { 0xADF53000 /* 173.245.48.0/20 */, 20, NDPI_PROTOCOL_CLOUDFLARE }, + { 0xB97A0000 /* 185.122.0.0/22 */, 22, NDPI_PROTOCOL_CLOUDFLARE }, + { 0xBC726000 /* 188.114.96.0/22 */, 22, NDPI_PROTOCOL_CLOUDFLARE }, + { 0xBC726400 /* 188.114.100.0/22 */, 22, NDPI_PROTOCOL_CLOUDFLARE }, + { 0xBC726800 /* 188.114.104.0/24 */, 24, NDPI_PROTOCOL_CLOUDFLARE }, + { 0xBC726900 /* 188.114.105.0/24 */, 24, NDPI_PROTOCOL_CLOUDFLARE }, + { 0xBC726A00 /* 188.114.106.0/24 */, 24, NDPI_PROTOCOL_CLOUDFLARE }, + { 0xBC726B00 /* 188.114.107.0/24 */, 24, NDPI_PROTOCOL_CLOUDFLARE }, + { 0xBC726C00 /* 188.114.108.0/22 */, 22, NDPI_PROTOCOL_CLOUDFLARE }, + { 0xC6298000 /* 198.41.128.0/17 */, 17, NDPI_PROTOCOL_CLOUDFLARE }, + { 0xC71B8000 /* 199.27.128.0/21 */, 21, NDPI_PROTOCOL_CLOUDFLARE }, - /* + /* OFFICE 365 - 13.107.1.0/24 - 13.107.3.0/24 - 13.107.4.0/24 - 13.107.5.0/24 - 13.107.6.0/24 - 13.107.7.0/24 - 13.107.9.0/24 - 13.107.12.0/24 - 13.107.13.0/24 - 13.107.15.0/24 - 13.107.16.0/24 */ + { 0x0D6B0100 /* 13.107.1.0 */, 24 , NDPI_PROTOCOL_OFFICE_365 }, { 0x0D6B0300 /* 13.107.3.0 */, 24 , NDPI_PROTOCOL_OFFICE_365 }, { 0x0D6B0400 /* 13.107.4.0 */, 24 , NDPI_PROTOCOL_OFFICE_365 }, @@ -242,88 +599,86 @@ static ndpi_network host_protocol_list[] = { /* OCS GO (Orange Cinéma Séries) - 178.248.208.0/21 */ + { 0xB2F8D000 /* 178.248.208.0 */, 21, NDPI_PROTOCOL_OCS }, /* IFLIX services -by www.vizuamatix.com R&D team - 52.77.0.0/16 - 52.220.0.0/16 - 52.74.0.0/16 - 54.230.159.0/24 - 54.192.156.80/32 - 54.251.182.168/32 - 54.192.150.0/24 - 52.74.192.247/32 - 2.21.231.24/32 - */ - { 0x344D0000 /* 52.77.0.0 */, 16, NDPI_PROTOCOL_IFLIX }, - { 0x34DC0000 /* 52.220.0.0 */, 16, NDPI_PROTOCOL_IFLIX }, - { 0x344A0000 /* 52.74.0.0 */, 16, NDPI_PROTOCOL_IFLIX }, - { 0x36E69F00 /* 54.230.159.0 */, 24, NDPI_PROTOCOL_IFLIX }, - { 0x36C09C50 /* 54.192.156.80 */, 32, NDPI_PROTOCOL_IFLIX }, - { 0x36FBB6A8 /* 54.251.182.168 */, 32, NDPI_PROTOCOL_IFLIX }, - { 0x36C09600 /* 54.192.150.0 */, 24, NDPI_PROTOCOL_IFLIX }, - { 0x344AC0F7 /* 52.74.192.247 */, 32, NDPI_PROTOCOL_IFLIX }, - { 0x0215E718 /* 2.21.231.24 */, 32, NDPI_PROTOCOL_IFLIX }, + */ + + { 0x344D0000 /* 52.77.0.0 */, 16, NDPI_PROTOCOL_IFLIX }, + { 0x34DC0000 /* 52.220.0.0 */, 16, NDPI_PROTOCOL_IFLIX }, + { 0x344A0000 /* 52.74.0.0 */, 16, NDPI_PROTOCOL_IFLIX }, + { 0x36E69F00 /* 54.230.159.0 */, 24, NDPI_PROTOCOL_IFLIX }, + { 0x36C09C50 /* 54.192.156.80 */, 32, NDPI_PROTOCOL_IFLIX }, + { 0x36FBB6A8 /* 54.251.182.168 */, 32, NDPI_PROTOCOL_IFLIX }, + { 0x36C09600 /* 54.192.150.0 */, 24, NDPI_PROTOCOL_IFLIX }, + { 0x344AC0F7 /* 52.74.192.247 */, 32, NDPI_PROTOCOL_IFLIX }, + { 0x0215E718 /* 2.21.231.24 */, 32, NDPI_PROTOCOL_IFLIX }, /* Citrix GotoMeeting (AS16815, AS21866) - 216.115.208.0/20 - 216.219.112.0/20 */ + { 0xD873D000 /* 216.115.208.0 */, 20, NDPI_PROTOCOL_CITRIX_ONLINE }, { 0xD8DB7000 /* 216.219.112.0 */, 20, NDPI_PROTOCOL_CITRIX_ONLINE }, /* - Webex - 66.114.160.0/20 + Cisco Webex LLC + origin AS13445 */ - { 0x4272A000 /* 66.114.160.0 */, 20, NDPI_PROTOCOL_WEBEX }, + + { 0x0819C000 /* 8.25.192.0/24 */, 24, NDPI_PROTOCOL_WEBEX }, + { 0x3E6DC000 /* 62.109.192.0/18 */, 18, NDPI_PROTOCOL_WEBEX }, + { 0x40446000 /* 64.68.96.0/19 */, 19, NDPI_PROTOCOL_WEBEX }, + { 0x4272A000 /* 66.114.160.0/20 */, 20, NDPI_PROTOCOL_WEBEX }, + { 0x42A32000 /* 66.163.32.0/19 */, 19, NDPI_PROTOCOL_WEBEX }, + { 0x721DC000 /* 114.29.192.0/19 */, 19, NDPI_PROTOCOL_WEBEX }, + { 0xADF30000 /* 173.243.0.0/20 */, 20, NDPI_PROTOCOL_WEBEX }, + { 0xCFB6A000 /* 207.182.160.0/19 */, 19, NDPI_PROTOCOL_WEBEX }, + { 0xD0085100 /* 208.8.81.0/24 */, 24, NDPI_PROTOCOL_WEBEX }, + { 0xD1C5C000 /* 209.197.192.0/19 */, 19, NDPI_PROTOCOL_WEBEX }, + { 0xD204C000 /* 210.4.192.0/20 */, 20, NDPI_PROTOCOL_WEBEX }, /* - Viber Media AWS-VIBER-MEDIA (NET-54-169-63-160-1) 54.169.63.160 - 54.169.63.191 - Viber Media S a r l AWS-VIBER-MEDIA-S-A-R-L (NET-54-93-255-64-1) 54.93.255.64 - 54.93.255.127 - Crittercism AWS-VIBER-MEDIA (NET-52-0-252-0-1) 52.0.252.0 - 52.0.255.255 - 54.169.63.160/27 - 54.93.255.64/26 - 52.0.252.0/22 + Viber Media S.à r.l. + https://whois.arin.net/rest/nets;q=AWS-VIBER-MEDIA?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2 */ - { 0x36A93FA0 /* 54.169.63.160 */, 27, NDPI_PROTOCOL_VIBER }, - { 0x365DFF40 /* 54.93.255.64 */, 26, NDPI_PROTOCOL_VIBER }, - { 0x3400FC00 /* 52.0.252.0 */, 22, NDPI_PROTOCOL_VIBER }, + + { 0x3400FC00 /* 52.0.252.0/22 */, 22, NDPI_PROTOCOL_VIBER }, + { 0x3640BFF0 /* 54.64.191.240/28 */, 28, NDPI_PROTOCOL_VIBER }, + { 0x36A5FFD0 /* 54.165.255.208/28 */, 28, NDPI_PROTOCOL_VIBER }, + { 0x36A5FFE0 /* 54.165.255.224/27 */, 27, NDPI_PROTOCOL_VIBER }, + { 0x36A93FA0 /* 54.169.63.160/27 */, 27, NDPI_PROTOCOL_VIBER }, + { 0x36A93FC0 /* 54.169.63.192/26 */, 26, NDPI_PROTOCOL_VIBER }, + { 0x36DBBFA0 /* 54.219.191.160/28 */, 28, NDPI_PROTOCOL_VIBER }, + { 0x36E8FB90 /* 54.232.251.144/28 */, 28, NDPI_PROTOCOL_VIBER }, /* - Apple (FaceTime, iMessage,...) - 17.0.0.0/8 + Apple Inc. + origin AS714, AS6185 */ - { 0x11000000 /* 17.0.0.0 */, 8, NDPI_PROTOCOL_APPLE }, + + { 0x11000000 /* 17.0.0.0/8 */, 8, NDPI_PROTOCOL_APPLE }, + { 0xC0233200 /* 192.35.50.0/24 */, 24, NDPI_PROTOCOL_APPLE }, + { 0xC6B71000 /* 198.183.16.0/24 */, 24, NDPI_PROTOCOL_APPLE }, + { 0xC6B71100 /* 198.183.17.0/24 */, 24, NDPI_PROTOCOL_APPLE }, + { 0xCDB4AF00 /* 205.180.175.0/24 */, 24, NDPI_PROTOCOL_APPLE }, /* - Dropbox - 108.160.160.0/20 - 199.47.216.0/22 - 45.58.64.0/20 + Dropbox, Inc. + origin AS19679 */ - { 0x6CA0A000 /* 108.160.160.0 */, 20, NDPI_PROTOCOL_DROPBOX }, - { 0xC72FD800 /* 199.47.216.0 */, 22, NDPI_PROTOCOL_DROPBOX }, - { 0x2D3A4000 /* 45.58.64.0 */, 20, NDPI_PROTOCOL_DROPBOX }, + + { 0x2D3A4000 /* 45.58.64.0/20 */, 20, NDPI_PROTOCOL_DROPBOX }, + { 0x6CA0A000 /* 108.160.160.0/20 */, 20, NDPI_PROTOCOL_DROPBOX }, + { 0xA27D0000 /* 162.125.0.0/16 */, 16, NDPI_PROTOCOL_DROPBOX }, + { 0xB92D0800 /* 185.45.8.0/22 */, 22, NDPI_PROTOCOL_DROPBOX }, + { 0xC72FD800 /* 199.47.216.0/22 */, 22, NDPI_PROTOCOL_DROPBOX }, /* Skype (Microsoft CDN) - 157.56.135.64/26, 157.56.185.0/26, 157.56.52.0/26, - 157.56.53.128/25, 157.56.198.0/26 - 157.60.0.0/16, 157.54.0.0/15 - 13.107.3.128/32 - 13.107.3.129/32 - 13.64.0.0/11 - 111.221.64.0/18 - 91.190.216.0/21 (AS198015 Skype Communications Sarl) - 91.190.218.0/24 - 40.126.129.109/32 - 65.55.223.0/26 - 23.96.0.0/13 */ { 0x9D388740 /* 157.56.135.64 */, 26, NDPI_PROTOCOL_SKYPE }, { 0x9D38B900 /* 157.56.185.0 */, 26, NDPI_PROTOCOL_SKYPE }, @@ -343,7071 +698,7206 @@ static ndpi_network host_protocol_list[] = { { 0x17600000 /* 23.96.0.0 */, 13, NDPI_PROTOCOL_SKYPE }, /* - route: 5.42.160.0/19 - descr: Blizzard Entertainment, Inc - origin: AS57976 + Blizzard Entertainment, Inc + origin AS57976 */ - { 0x052AA000 /* 5.42.160.0 */, 19, NDPI_PROTOCOL_STARCRAFT }, + + { 0x052AA000 /* 5.42.160.0/19 */, 19, NDPI_PROTOCOL_STARCRAFT }, + { 0x0C81DE00 /* 12.129.222.0/23 */, 23, NDPI_PROTOCOL_STARCRAFT }, + { 0x0C81E400 /* 12.129.228.0/23 */, 23, NDPI_PROTOCOL_STARCRAFT }, + { 0x0C81EC00 /* 12.129.236.0/23 */, 23, NDPI_PROTOCOL_STARCRAFT }, + { 0x0C81FE00 /* 12.129.254.0/23 */, 23, NDPI_PROTOCOL_STARCRAFT }, + { 0x0C82F400 /* 12.130.244.0/22 */, 22, NDPI_PROTOCOL_STARCRAFT }, + { 0x18690000 /* 24.105.0.0/18 */, 18, NDPI_PROTOCOL_STARCRAFT }, + { 0x25F40000 /* 37.244.0.0/18 */, 18, NDPI_PROTOCOL_STARCRAFT }, + { 0x3B992800 /* 59.153.40.0/22 */, 22, NDPI_PROTOCOL_STARCRAFT }, + { 0x3E73F400 /* 62.115.244.0/22 */, 22, NDPI_PROTOCOL_STARCRAFT }, + { 0x50EFD000 /* 80.239.208.0/22 */, 22, NDPI_PROTOCOL_STARCRAFT }, + { 0x67047200 /* 103.4.114.0/23 */, 23, NDPI_PROTOCOL_STARCRAFT }, + { 0x67C62000 /* 103.198.32.0/23 */, 23, NDPI_PROTOCOL_STARCRAFT }, + { 0x89DD4000 /* 137.221.64.0/18 */, 18, NDPI_PROTOCOL_STARCRAFT }, + { 0xB93C7000 /* 185.60.112.0/22 */, 22, NDPI_PROTOCOL_STARCRAFT }, + { 0xC30CF400 /* 195.12.244.0/22 */, 22, NDPI_PROTOCOL_STARCRAFT }, + { 0xC76C2000 /* 199.108.32.0/20 */, 20, NDPI_PROTOCOL_STARCRAFT }, + { 0xC76C3000 /* 199.108.48.0/20 */, 20, NDPI_PROTOCOL_STARCRAFT }, + { 0xCA094200 /* 202.9.66.0/23 */, 23, NDPI_PROTOCOL_STARCRAFT }, /* - Google - 173.194.0.0/16 - 74.125.0.0/16 - 64.233.160.0/19 - 216.58.192.0/19 + Google Inc. / Google Switzerland GmbH / Google Ireland Limited + origin AS15169, AS36384, AS41264, AS43515, AS36039, AS36040, AS36492 */ - { 0xADC20000 /* 173.194.0.0 */, 16, NDPI_PROTOCOL_GOOGLE }, - { 0x4A7D0000 /* 74.125.0.0 */, 16, NDPI_PROTOCOL_GOOGLE }, - { 0x40E91600 /* 64.233.160.0 */, 19, NDPI_PROTOCOL_GOOGLE }, - { 0xD83AC000 /* 216.58.192.0 */, 19, NDPI_PROTOCOL_GOOGLE }, + + { 0x01000000 /* 1.0.0.0/24 */, 24, NDPI_PROTOCOL_GOOGLE }, + { 0x01010100 /* 1.1.1.0/24 */, 24, NDPI_PROTOCOL_GOOGLE }, + { 0x01020300 /* 1.2.3.0/24 */, 24, NDPI_PROTOCOL_GOOGLE }, + { 0x08063000 /* 8.6.48.0/21 */, 21, NDPI_PROTOCOL_GOOGLE }, + { 0x08080400 /* 8.8.4.0/24 */, 24, NDPI_PROTOCOL_GOOGLE }, + { 0x08080800 /* 8.8.8.0/24 */, 24, NDPI_PROTOCOL_GOOGLE }, + { 0x080FCA00 /* 8.15.202.0/24 */, 24, NDPI_PROTOCOL_GOOGLE }, + { 0x0822D000 /* 8.34.208.0/21 */, 21, NDPI_PROTOCOL_GOOGLE }, + { 0x0822D800 /* 8.34.216.0/21 */, 21, NDPI_PROTOCOL_GOOGLE }, + { 0x0823C000 /* 8.35.192.0/21 */, 21, NDPI_PROTOCOL_GOOGLE }, + { 0x0823C800 /* 8.35.200.0/21 */, 21, NDPI_PROTOCOL_GOOGLE }, + { 0x17EC3000 /* 23.236.48.0/20 */, 20, NDPI_PROTOCOL_GOOGLE }, + { 0x17FB8000 /* 23.251.128.0/19 */, 19, NDPI_PROTOCOL_GOOGLE }, + { 0x23B80000 /* 35.184.0.0/13 */, 13, NDPI_PROTOCOL_GOOGLE }, + { 0x2D79E400 /* 45.121.228.0/24 */, 24, NDPI_PROTOCOL_GOOGLE }, + { 0x2D79E500 /* 45.121.229.0/24 */, 24, NDPI_PROTOCOL_GOOGLE }, + { 0x2D79E600 /* 45.121.230.0/23 */, 23, NDPI_PROTOCOL_GOOGLE }, + { 0x2E1CF700 /* 46.28.247.0/24 */, 24, NDPI_PROTOCOL_GOOGLE }, + { 0x4009E000 /* 64.9.224.0/19 */, 19, NDPI_PROTOCOL_GOOGLE }, + { 0x400F7000 /* 64.15.112.0/20 */, 20, NDPI_PROTOCOL_GOOGLE }, + { 0x40E9A000 /* 64.233.160.0/19 */, 19, NDPI_PROTOCOL_GOOGLE }, + { 0x42660000 /* 66.102.0.0/20 */, 20, NDPI_PROTOCOL_GOOGLE }, + { 0x42F94000 /* 66.249.64.0/19 */, 19, NDPI_PROTOCOL_GOOGLE }, + { 0x46208000 /* 70.32.128.0/19 */, 19, NDPI_PROTOCOL_GOOGLE }, + { 0x480EC000 /* 72.14.192.0/18 */, 18, NDPI_PROTOCOL_GOOGLE }, + { 0x4A721800 /* 74.114.24.0/21 */, 21, NDPI_PROTOCOL_GOOGLE }, + { 0x4A7D0000 /* 74.125.0.0/16 */, 16, NDPI_PROTOCOL_GOOGLE }, + { 0x59CFE000 /* 89.207.224.0/21 */, 21, NDPI_PROTOCOL_GOOGLE }, + { 0x673E4000 /* 103.62.64.0/24 */, 24, NDPI_PROTOCOL_GOOGLE }, + { 0x673E4100 /* 103.62.65.0/24 */, 24, NDPI_PROTOCOL_GOOGLE }, + { 0x673E4200 /* 103.62.66.0/23 */, 23, NDPI_PROTOCOL_GOOGLE }, + { 0x68840000 /* 104.132.0.0/14 */, 14, NDPI_PROTOCOL_GOOGLE }, + { 0x689A0000 /* 104.154.0.0/15 */, 15, NDPI_PROTOCOL_GOOGLE }, + { 0x68C40000 /* 104.196.0.0/14 */, 14, NDPI_PROTOCOL_GOOGLE }, + { 0x68EDA000 /* 104.237.160.0/19 */, 19, NDPI_PROTOCOL_GOOGLE }, + { 0x6BA7A000 /* 107.167.160.0/19 */, 19, NDPI_PROTOCOL_GOOGLE }, + { 0x6BB2C000 /* 107.178.192.0/18 */, 18, NDPI_PROTOCOL_GOOGLE }, + { 0x6C3B5000 /* 108.59.80.0/20 */, 20, NDPI_PROTOCOL_GOOGLE }, + { 0x6CAAC000 /* 108.170.192.0/18 */, 18, NDPI_PROTOCOL_GOOGLE }, + { 0x6CB10000 /* 108.177.0.0/17 */, 17, NDPI_PROTOCOL_GOOGLE }, + { 0x71C56800 /* 113.197.104.0/22 */, 22, NDPI_PROTOCOL_GOOGLE }, + { 0x82D30000 /* 130.211.0.0/16 */, 16, NDPI_PROTOCOL_GOOGLE }, + { 0x8EFA0000 /* 142.250.0.0/15 */, 15, NDPI_PROTOCOL_GOOGLE }, + { 0x92940000 /* 146.148.0.0/17 */, 17, NDPI_PROTOCOL_GOOGLE }, + { 0xA2D89400 /* 162.216.148.0/22 */, 22, NDPI_PROTOCOL_GOOGLE }, + { 0xA2DEB000 /* 162.222.176.0/21 */, 21, NDPI_PROTOCOL_GOOGLE }, + { 0xAC660800 /* 172.102.8.0/21 */, 21, NDPI_PROTOCOL_GOOGLE }, + { 0xAC6E2000 /* 172.110.32.0/21 */, 21, NDPI_PROTOCOL_GOOGLE }, + { 0xACD90000 /* 172.217.0.0/16 */, 16, NDPI_PROTOCOL_GOOGLE }, + { 0xACFD0000 /* 172.253.0.0/16 */, 16, NDPI_PROTOCOL_GOOGLE }, + { 0xADC20000 /* 173.194.0.0/16 */, 16, NDPI_PROTOCOL_GOOGLE }, + { 0xADFF7000 /* 173.255.112.0/20 */, 20, NDPI_PROTOCOL_GOOGLE }, + { 0xB9191C00 /* 185.25.28.0/22 */, 22, NDPI_PROTOCOL_GOOGLE }, + { 0xB9969400 /* 185.150.148.0/22 */, 22, NDPI_PROTOCOL_GOOGLE }, + { 0xC068A000 /* 192.104.160.0/23 */, 23, NDPI_PROTOCOL_GOOGLE }, + { 0xC0771C00 /* 192.119.28.0/24 */, 24, NDPI_PROTOCOL_GOOGLE }, + { 0xC09E1C00 /* 192.158.28.0/22 */, 22, NDPI_PROTOCOL_GOOGLE }, + { 0xC0B20000 /* 192.178.0.0/15 */, 15, NDPI_PROTOCOL_GOOGLE }, + { 0xC1210400 /* 193.33.4.0/24 */, 24, NDPI_PROTOCOL_GOOGLE }, + { 0xC1210500 /* 193.33.5.0/24 */, 24, NDPI_PROTOCOL_GOOGLE }, + { 0xC1C8DE00 /* 193.200.222.0/24 */, 24, NDPI_PROTOCOL_GOOGLE }, + { 0xC27A5000 /* 194.122.80.0/22 */, 22, NDPI_PROTOCOL_GOOGLE }, + { 0xC7C07000 /* 199.192.112.0/22 */, 22, NDPI_PROTOCOL_GOOGLE }, + { 0xC7DFE800 /* 199.223.232.0/21 */, 21, NDPI_PROTOCOL_GOOGLE }, + { 0xCFDFA000 /* 207.223.160.0/20 */, 20, NDPI_PROTOCOL_GOOGLE }, + { 0xD0419800 /* 208.65.152.0/22 */, 22, NDPI_PROTOCOL_GOOGLE }, + { 0xD075E000 /* 208.117.224.0/19 */, 19, NDPI_PROTOCOL_GOOGLE }, + { 0xD1558000 /* 209.85.128.0/17 */, 17, NDPI_PROTOCOL_GOOGLE }, + { 0xD16BB000 /* 209.107.176.0/20 */, 20, NDPI_PROTOCOL_GOOGLE }, + { 0xD83AC000 /* 216.58.192.0/19 */, 19, NDPI_PROTOCOL_GOOGLE }, + { 0xD8495000 /* 216.73.80.0/20 */, 20, NDPI_PROTOCOL_GOOGLE }, + { 0xD8EF2000 /* 216.239.32.0/19 */, 19, NDPI_PROTOCOL_GOOGLE }, + { 0xD8FCDC00 /* 216.252.220.0/22 */, 22, NDPI_PROTOCOL_GOOGLE }, /* - Ubuntu One - 91.189.89.0/21 (255.255.248.0) + Canonical Ltd (Ubuntu) + origin AS41231 */ - { 0x5BBD5900 /* 91.189.89.0 */, 21, NDPI_PROTOCOL_UBUNTUONE}, + + { 0x5BBD5800 /* 91.189.88.0/21 */, 21, NDPI_PROTOCOL_UBUNTUONE }, + { 0xA2D52000 /* 162.213.32.0/22 */, 22, NDPI_PROTOCOL_UBUNTUONE }, + { 0xB97DBC00 /* 185.125.188.0/22 */, 22, NDPI_PROTOCOL_UBUNTUONE }, /* - Telegram - 149.154.164.0/22 - 149.154.168.0/22 - http://myip.ms/view/web_hosting/363906/Telegram_Messenger_Network.html + Telegram Messenger LLP + origin: AS62041, AS62014, AS59930 */ - { 0x959AA400 /* 149.154.164.0/22 */, 22, NDPI_PROTOCOL_TELEGRAM}, - { 0x959AA800 /* 149.154.168.0/22 */, 22, NDPI_PROTOCOL_TELEGRAM}, + + { 0x5B6C0400 /* 91.108.4.0/22 */, 22, NDPI_PROTOCOL_TELEGRAM }, + { 0x5B6C0800 /* 91.108.8.0/22 */, 22, NDPI_PROTOCOL_TELEGRAM }, + { 0x5B6C0C00 /* 91.108.12.0/22 */, 22, NDPI_PROTOCOL_TELEGRAM }, + { 0x5B6C1000 /* 91.108.16.0/22 */, 22, NDPI_PROTOCOL_TELEGRAM }, + { 0x5B6C3800 /* 91.108.56.0/22 */, 22, NDPI_PROTOCOL_TELEGRAM }, + { 0x959AA000 /* 149.154.160.0/20 */, 20, NDPI_PROTOCOL_TELEGRAM }, /* - TOR + Tor + http://torstatus.blutmagie.de/ip_list_all.php/Tor_ip_list_ALL.csv + From 02/17/2017 */ - { 0x012A1231, 32, NDPI_PROTOCOL_TOR }, - { 0x01E69FA1, 32, NDPI_PROTOCOL_TOR }, - { 0x020DE985, 32, NDPI_PROTOCOL_TOR }, - { 0x021D88C5, 32, NDPI_PROTOCOL_TOR }, - { 0x0221585B, 32, NDPI_PROTOCOL_TOR }, - { 0x023E1975, 32, NDPI_PROTOCOL_TOR }, - { 0x0255D62F, 32, NDPI_PROTOCOL_TOR }, - { 0x025B6A07, 32, NDPI_PROTOCOL_TOR }, - { 0x025CB2FE, 32, NDPI_PROTOCOL_TOR }, - { 0x025DFEE6, 32, NDPI_PROTOCOL_TOR }, - { 0x025E83A7, 32, NDPI_PROTOCOL_TOR }, - { 0x02683058, 32, NDPI_PROTOCOL_TOR }, - { 0x026AEE77, 32, NDPI_PROTOCOL_TOR }, - { 0x026B16BA, 32, NDPI_PROTOCOL_TOR }, - { 0x028BD8A9, 32, NDPI_PROTOCOL_TOR }, - { 0x02D9E930, 32, NDPI_PROTOCOL_TOR }, - { 0x02E18D86, 32, NDPI_PROTOCOL_TOR }, - { 0x02E1E75C, 32, NDPI_PROTOCOL_TOR }, - { 0x02E688B0, 32, NDPI_PROTOCOL_TOR }, - { 0x02E6A4FE, 32, NDPI_PROTOCOL_TOR }, - { 0x02E7F51D, 32, NDPI_PROTOCOL_TOR }, - { 0x02EAEAFB, 32, NDPI_PROTOCOL_TOR }, - { 0x02EB2A85, 32, NDPI_PROTOCOL_TOR }, - { 0x02F04269, 32, NDPI_PROTOCOL_TOR }, - { 0x02F0667E, 32, NDPI_PROTOCOL_TOR }, - { 0x02F0DA7F, 32, NDPI_PROTOCOL_TOR }, - { 0x02F183CC, 32, NDPI_PROTOCOL_TOR }, - { 0x02F1A8DE, 32, NDPI_PROTOCOL_TOR }, - { 0x02F2F217, 32, NDPI_PROTOCOL_TOR }, - { 0x02F2FBEB, 32, NDPI_PROTOCOL_TOR }, - { 0x02F4CD37, 32, NDPI_PROTOCOL_TOR }, - { 0x02F779C1, 32, NDPI_PROTOCOL_TOR }, - { 0x0422C8FD, 32, NDPI_PROTOCOL_TOR }, - { 0x0422C8FD, 32, NDPI_PROTOCOL_TOR }, - { 0x0501547D, 32, NDPI_PROTOCOL_TOR }, - { 0x05021027, 32, NDPI_PROTOCOL_TOR }, - { 0x050902CC, 32, NDPI_PROTOCOL_TOR }, - { 0x050906A3, 32, NDPI_PROTOCOL_TOR }, - { 0x05091513, 32, NDPI_PROTOCOL_TOR }, - { 0x05091ADB, 32, NDPI_PROTOCOL_TOR }, - { 0x05091ADB, 32, NDPI_PROTOCOL_TOR }, - { 0x0509254B, 32, NDPI_PROTOCOL_TOR }, - { 0x05092771, 32, NDPI_PROTOCOL_TOR }, - { 0x05092B03, 32, NDPI_PROTOCOL_TOR }, - { 0x05092B50, 32, NDPI_PROTOCOL_TOR }, - { 0x05093176, 32, NDPI_PROTOCOL_TOR }, - { 0x05093394, 32, NDPI_PROTOCOL_TOR }, - { 0x050933AE, 32, NDPI_PROTOCOL_TOR }, - { 0x0509362C, 32, NDPI_PROTOCOL_TOR }, - { 0x05093B4E, 32, NDPI_PROTOCOL_TOR }, - { 0x0509437C, 32, NDPI_PROTOCOL_TOR }, - { 0x05094F06, 32, NDPI_PROTOCOL_TOR }, - { 0x05094F9A, 32, NDPI_PROTOCOL_TOR }, - { 0x0509501C, 32, NDPI_PROTOCOL_TOR }, - { 0x050953CC, 32, NDPI_PROTOCOL_TOR }, - { 0x05095812, 32, NDPI_PROTOCOL_TOR }, - { 0x050959BD, 32, NDPI_PROTOCOL_TOR }, - { 0x05096C4A, 32, NDPI_PROTOCOL_TOR }, - { 0x05096C56, 32, NDPI_PROTOCOL_TOR }, - { 0x05096E85, 32, NDPI_PROTOCOL_TOR }, - { 0x05096EEC, 32, NDPI_PROTOCOL_TOR }, - { 0x050975D4, 32, NDPI_PROTOCOL_TOR }, - { 0x05097B51, 32, NDPI_PROTOCOL_TOR }, - { 0x050981DA, 32, NDPI_PROTOCOL_TOR }, - { 0x05098A9B, 32, NDPI_PROTOCOL_TOR }, - { 0x05098CC3, 32, NDPI_PROTOCOL_TOR }, - { 0x050997F1, 32, NDPI_PROTOCOL_TOR }, - { 0x05099C11, 32, NDPI_PROTOCOL_TOR }, - { 0x05099E44, 32, NDPI_PROTOCOL_TOR }, - { 0x05099E4B, 32, NDPI_PROTOCOL_TOR }, - { 0x0509A92E, 32, NDPI_PROTOCOL_TOR }, - { 0x0509A92E, 32, NDPI_PROTOCOL_TOR }, - { 0x0509BF34, 32, NDPI_PROTOCOL_TOR }, - { 0x0509C38C, 32, NDPI_PROTOCOL_TOR }, - { 0x0509D4CE, 32, NDPI_PROTOCOL_TOR }, - { 0x0509D642, 32, NDPI_PROTOCOL_TOR }, - { 0x0509E35E, 32, NDPI_PROTOCOL_TOR }, - { 0x0509EAEE, 32, NDPI_PROTOCOL_TOR }, - { 0x050D3E81, 32, NDPI_PROTOCOL_TOR }, - { 0x050E066C, 32, NDPI_PROTOCOL_TOR }, - { 0x050E30B4, 32, NDPI_PROTOCOL_TOR }, - { 0x050E476B, 32, NDPI_PROTOCOL_TOR }, - { 0x050ECAE6, 32, NDPI_PROTOCOL_TOR }, - { 0x0513A267, 32, NDPI_PROTOCOL_TOR }, - { 0x0513B30A, 32, NDPI_PROTOCOL_TOR }, - { 0x0513EC45, 32, NDPI_PROTOCOL_TOR }, - { 0x0522B70F, 32, NDPI_PROTOCOL_TOR }, - { 0x0522B7CD, 32, NDPI_PROTOCOL_TOR }, - { 0x0522B7CF, 32, NDPI_PROTOCOL_TOR }, - { 0x05272D98, 32, NDPI_PROTOCOL_TOR }, - { 0x05273CF1, 32, NDPI_PROTOCOL_TOR }, - { 0x0527465F, 32, NDPI_PROTOCOL_TOR }, - { 0x05274C24, 32, NDPI_PROTOCOL_TOR }, - { 0x05274CB6, 32, NDPI_PROTOCOL_TOR }, - { 0x05274DD0, 32, NDPI_PROTOCOL_TOR }, - { 0x05274E65, 32, NDPI_PROTOCOL_TOR }, - { 0x05274FB5, 32, NDPI_PROTOCOL_TOR }, - { 0x0527501C, 32, NDPI_PROTOCOL_TOR }, - { 0x05275087, 32, NDPI_PROTOCOL_TOR }, - { 0x05275087, 32, NDPI_PROTOCOL_TOR }, - { 0x052752C0, 32, NDPI_PROTOCOL_TOR }, - { 0x052753D9, 32, NDPI_PROTOCOL_TOR }, - { 0x052754D9, 32, NDPI_PROTOCOL_TOR }, - { 0x052756CE, 32, NDPI_PROTOCOL_TOR }, - { 0x0527579C, 32, NDPI_PROTOCOL_TOR }, - { 0x05275808, 32, NDPI_PROTOCOL_TOR }, - { 0x05275813, 32, NDPI_PROTOCOL_TOR }, - { 0x05275836, 32, NDPI_PROTOCOL_TOR }, - { 0x0527597C, 32, NDPI_PROTOCOL_TOR }, - { 0x05277240, 32, NDPI_PROTOCOL_TOR }, - { 0x05277A42, 32, NDPI_PROTOCOL_TOR }, - { 0x05277A42, 32, NDPI_PROTOCOL_TOR }, - { 0x052A0AE5, 32, NDPI_PROTOCOL_TOR }, - { 0x052C634D, 32, NDPI_PROTOCOL_TOR }, - { 0x052C63A1, 32, NDPI_PROTOCOL_TOR }, - { 0x052C6B17, 32, NDPI_PROTOCOL_TOR }, - { 0x052D4824, 32, NDPI_PROTOCOL_TOR }, - { 0x052D4909, 32, NDPI_PROTOCOL_TOR }, - { 0x052D4D11, 32, NDPI_PROTOCOL_TOR }, - { 0x052D617F, 32, NDPI_PROTOCOL_TOR }, - { 0x052D626F, 32, NDPI_PROTOCOL_TOR }, - { 0x052D634B, 32, NDPI_PROTOCOL_TOR }, - { 0x052D688D, 32, NDPI_PROTOCOL_TOR }, - { 0x052D6CBD, 32, NDPI_PROTOCOL_TOR }, - { 0x0536FAC4, 32, NDPI_PROTOCOL_TOR }, - { 0x0538E13D, 32, NDPI_PROTOCOL_TOR }, - { 0x0538E4D0, 32, NDPI_PROTOCOL_TOR }, - { 0x053D223F, 32, NDPI_PROTOCOL_TOR }, - { 0x053D260B, 32, NDPI_PROTOCOL_TOR }, - { 0x053DA005, 32, NDPI_PROTOCOL_TOR }, - { 0x054F44A1, 32, NDPI_PROTOCOL_TOR }, - { 0x054F44A1, 32, NDPI_PROTOCOL_TOR }, - { 0x054F47C3, 32, NDPI_PROTOCOL_TOR }, - { 0x054F4E61, 32, NDPI_PROTOCOL_TOR }, - { 0x054F51C0, 32, NDPI_PROTOCOL_TOR }, - { 0x054F56A8, 32, NDPI_PROTOCOL_TOR }, - { 0x056476A6, 32, NDPI_PROTOCOL_TOR }, - { 0x056565E9, 32, NDPI_PROTOCOL_TOR }, - { 0x05656652, 32, NDPI_PROTOCOL_TOR }, - { 0x05656746, 32, NDPI_PROTOCOL_TOR }, - { 0x0567688C, 32, NDPI_PROTOCOL_TOR }, - { 0x0567E82F, 32, NDPI_PROTOCOL_TOR }, - { 0x05685A1D, 32, NDPI_PROTOCOL_TOR }, - { 0x05686A26, 32, NDPI_PROTOCOL_TOR }, - { 0x0581F54D, 32, NDPI_PROTOCOL_TOR }, - { 0x0581FAAD, 32, NDPI_PROTOCOL_TOR }, - { 0x058706AC, 32, NDPI_PROTOCOL_TOR }, - { 0x05873DD1, 32, NDPI_PROTOCOL_TOR }, - { 0x05873DDA, 32, NDPI_PROTOCOL_TOR }, - { 0x05875517, 32, NDPI_PROTOCOL_TOR }, - { 0x05878F54, 32, NDPI_PROTOCOL_TOR }, - { 0x0587917D, 32, NDPI_PROTOCOL_TOR }, - { 0x058794AB, 32, NDPI_PROTOCOL_TOR }, - { 0x058798B2, 32, NDPI_PROTOCOL_TOR }, - { 0x058798D0, 32, NDPI_PROTOCOL_TOR }, - { 0x05879ACF, 32, NDPI_PROTOCOL_TOR }, - { 0x05879B79, 32, NDPI_PROTOCOL_TOR }, - { 0x05879E65, 32, NDPI_PROTOCOL_TOR }, - { 0x05879F04, 32, NDPI_PROTOCOL_TOR }, - { 0x05879F6E, 32, NDPI_PROTOCOL_TOR }, - { 0x05879FCF, 32, NDPI_PROTOCOL_TOR }, - { 0x0587A046, 32, NDPI_PROTOCOL_TOR }, - { 0x0587A21C, 32, NDPI_PROTOCOL_TOR }, - { 0x0587A2D9, 32, NDPI_PROTOCOL_TOR }, - { 0x0587A393, 32, NDPI_PROTOCOL_TOR }, - { 0x0587A5E1, 32, NDPI_PROTOCOL_TOR }, - { 0x0587B1B7, 32, NDPI_PROTOCOL_TOR }, - { 0x0587B209, 32, NDPI_PROTOCOL_TOR }, - { 0x0587B5D5, 32, NDPI_PROTOCOL_TOR }, - { 0x0587B818, 32, NDPI_PROTOCOL_TOR }, - { 0x0587B991, 32, NDPI_PROTOCOL_TOR }, - { 0x0587BA49, 32, NDPI_PROTOCOL_TOR }, - { 0x0587BA9D, 32, NDPI_PROTOCOL_TOR }, - { 0x058B66B7, 32, NDPI_PROTOCOL_TOR }, - { 0x0591316A, 32, NDPI_PROTOCOL_TOR }, - { 0x05922138, 32, NDPI_PROTOCOL_TOR }, - { 0x05930EA4, 32, NDPI_PROTOCOL_TOR }, - { 0x0593158F, 32, NDPI_PROTOCOL_TOR }, - { 0x05937036, 32, NDPI_PROTOCOL_TOR }, - { 0x0595FA35, 32, NDPI_PROTOCOL_TOR }, - { 0x0595FAA4, 32, NDPI_PROTOCOL_TOR }, - { 0x0595FE6D, 32, NDPI_PROTOCOL_TOR }, - { 0x0595FE72, 32, NDPI_PROTOCOL_TOR }, - { 0x0596CC95, 32, NDPI_PROTOCOL_TOR }, - { 0x0596D5F4, 32, NDPI_PROTOCOL_TOR }, - { 0x0596DE9A, 32, NDPI_PROTOCOL_TOR }, - { 0x0596EF88, 32, NDPI_PROTOCOL_TOR }, - { 0x05A4F0C9, 32, NDPI_PROTOCOL_TOR }, - { 0x05A6DDC2, 32, NDPI_PROTOCOL_TOR }, - { 0x05A72D58, 32, NDPI_PROTOCOL_TOR }, - { 0x05A76C53, 32, NDPI_PROTOCOL_TOR }, - { 0x05A79195, 32, NDPI_PROTOCOL_TOR }, - { 0x05AC8CC1, 32, NDPI_PROTOCOL_TOR }, - { 0x05AF714C, 32, NDPI_PROTOCOL_TOR }, - { 0x05AFC17A, 32, NDPI_PROTOCOL_TOR }, - { 0x05AFC245, 32, NDPI_PROTOCOL_TOR }, - { 0x05B256DC, 32, NDPI_PROTOCOL_TOR }, - { 0x05BD82BB, 32, NDPI_PROTOCOL_TOR }, - { 0x05BD8738, 32, NDPI_PROTOCOL_TOR }, - { 0x05C4007B, 32, NDPI_PROTOCOL_TOR }, - { 0x05C40181, 32, NDPI_PROTOCOL_TOR }, - { 0x05C404D0, 32, NDPI_PROTOCOL_TOR }, - { 0x05C40A96, 32, NDPI_PROTOCOL_TOR }, - { 0x05C40BD0, 32, NDPI_PROTOCOL_TOR }, - { 0x05C40C4F, 32, NDPI_PROTOCOL_TOR }, - { 0x05C40C9C, 32, NDPI_PROTOCOL_TOR }, - { 0x05C40C9F, 32, NDPI_PROTOCOL_TOR }, - { 0x05C40D1A, 32, NDPI_PROTOCOL_TOR }, - { 0x05C40E33, 32, NDPI_PROTOCOL_TOR }, - { 0x05C40EEA, 32, NDPI_PROTOCOL_TOR }, - { 0x05C41405, 32, NDPI_PROTOCOL_TOR }, - { 0x05C41455, 32, NDPI_PROTOCOL_TOR }, - { 0x05C41AC6, 32, NDPI_PROTOCOL_TOR }, - { 0x05C44134, 32, NDPI_PROTOCOL_TOR }, - { 0x05C441E9, 32, NDPI_PROTOCOL_TOR }, - { 0x05C4426D, 32, NDPI_PROTOCOL_TOR }, - { 0x05C469E5, 32, NDPI_PROTOCOL_TOR }, - { 0x05C4C4A8, 32, NDPI_PROTOCOL_TOR }, - { 0x05C4E3A1, 32, NDPI_PROTOCOL_TOR }, - { 0x05C4E51D, 32, NDPI_PROTOCOL_TOR }, - { 0x05C78181, 32, NDPI_PROTOCOL_TOR }, - { 0x05C782BC, 32, NDPI_PROTOCOL_TOR }, - { 0x05C785C1, 32, NDPI_PROTOCOL_TOR }, - { 0x05C78E5D, 32, NDPI_PROTOCOL_TOR }, - { 0x05C78E7C, 32, NDPI_PROTOCOL_TOR }, - { 0x05C78EC3, 32, NDPI_PROTOCOL_TOR }, - { 0x05C78EE6, 32, NDPI_PROTOCOL_TOR }, - { 0x05C78EEC, 32, NDPI_PROTOCOL_TOR }, - { 0x05C7A208, 32, NDPI_PROTOCOL_TOR }, - { 0x05C7A51B, 32, NDPI_PROTOCOL_TOR }, - { 0x05C7A621, 32, NDPI_PROTOCOL_TOR }, - { 0x05C7A78A, 32, NDPI_PROTOCOL_TOR }, - { 0x05E4618A, 32, NDPI_PROTOCOL_TOR }, - { 0x05E4CC86, 32, NDPI_PROTOCOL_TOR }, - { 0x05F6674A, 32, NDPI_PROTOCOL_TOR }, - { 0x05F91F00, 32, NDPI_PROTOCOL_TOR }, - { 0x05F99676, 32, NDPI_PROTOCOL_TOR }, - { 0x05FE818A, 32, NDPI_PROTOCOL_TOR }, - { 0x05FF57A9, 32, NDPI_PROTOCOL_TOR }, - { 0x05FF57D5, 32, NDPI_PROTOCOL_TOR }, - { 0x081C576C, 32, NDPI_PROTOCOL_TOR }, - { 0x0C845D90, 32, NDPI_PROTOCOL_TOR }, - { 0x0E20584A, 32, NDPI_PROTOCOL_TOR }, - { 0x0EA2AFC9, 32, NDPI_PROTOCOL_TOR }, - { 0x0EC771B3, 32, NDPI_PROTOCOL_TOR }, - { 0x0ECAE0FB, 32, NDPI_PROTOCOL_TOR }, - { 0x0ECAE0FB, 32, NDPI_PROTOCOL_TOR }, - { 0x0F7EF324, 32, NDPI_PROTOCOL_TOR }, - { 0x12520388, 32, NDPI_PROTOCOL_TOR }, - { 0x125203C4, 32, NDPI_PROTOCOL_TOR }, - { 0x125203CD, 32, NDPI_PROTOCOL_TOR }, - { 0x127D01DE, 32, NDPI_PROTOCOL_TOR }, - { 0x12B5051C, 32, NDPI_PROTOCOL_TOR }, - { 0x12B50525, 32, NDPI_PROTOCOL_TOR }, - { 0x12BB0144, 32, NDPI_PROTOCOL_TOR }, - { 0x12BD4791, 32, NDPI_PROTOCOL_TOR }, - { 0x12E400BC, 32, NDPI_PROTOCOL_TOR }, - { 0x12EE0155, 32, NDPI_PROTOCOL_TOR }, - { 0x12EE0255, 32, NDPI_PROTOCOL_TOR }, - { 0x12EF008C, 32, NDPI_PROTOCOL_TOR }, - { 0x12EF009B, 32, NDPI_PROTOCOL_TOR }, - { 0x12F3001E, 32, NDPI_PROTOCOL_TOR }, - { 0x17159AC2, 32, NDPI_PROTOCOL_TOR }, - { 0x17162143, 32, NDPI_PROTOCOL_TOR }, - { 0x17198709, 32, NDPI_PROTOCOL_TOR }, - { 0x1750E204, 32, NDPI_PROTOCOL_TOR }, - { 0x1758E805, 32, NDPI_PROTOCOL_TOR }, - { 0x175B15E5, 32, NDPI_PROTOCOL_TOR }, - { 0x175B420B, 32, NDPI_PROTOCOL_TOR }, - { 0x175C1308, 32, NDPI_PROTOCOL_TOR }, - { 0x175C144D, 32, NDPI_PROTOCOL_TOR }, - { 0x175C154A, 32, NDPI_PROTOCOL_TOR }, - { 0x175C1A72, 32, NDPI_PROTOCOL_TOR }, - { 0x175CDC55, 32, NDPI_PROTOCOL_TOR }, - { 0x175E1BE3, 32, NDPI_PROTOCOL_TOR }, - { 0x175E2B4C, 32, NDPI_PROTOCOL_TOR }, - { 0x175E3FA2, 32, NDPI_PROTOCOL_TOR }, - { 0x175E6595, 32, NDPI_PROTOCOL_TOR }, - { 0x175ED723, 32, NDPI_PROTOCOL_TOR }, - { 0x175F092F, 32, NDPI_PROTOCOL_TOR }, - { 0x175F2687, 32, NDPI_PROTOCOL_TOR }, - { 0x175F26A0, 32, NDPI_PROTOCOL_TOR }, - { 0x175F27A1, 32, NDPI_PROTOCOL_TOR }, - { 0x175F2B1D, 32, NDPI_PROTOCOL_TOR }, - { 0x175F2B49, 32, NDPI_PROTOCOL_TOR }, - { 0x175F2B4B, 32, NDPI_PROTOCOL_TOR }, - { 0x175F2B4C, 32, NDPI_PROTOCOL_TOR }, - { 0x175F2B4D, 32, NDPI_PROTOCOL_TOR }, - { 0x175F2B52, 32, NDPI_PROTOCOL_TOR }, - { 0x175F6E41, 32, NDPI_PROTOCOL_TOR }, - { 0x175F6F50, 32, NDPI_PROTOCOL_TOR }, - { 0x175F70C0, 32, NDPI_PROTOCOL_TOR }, - { 0x1763514C, 32, NDPI_PROTOCOL_TOR }, - { 0x1766A02E, 32, NDPI_PROTOCOL_TOR }, - { 0x177A8D00, 32, NDPI_PROTOCOL_TOR }, - { 0x17E283AF, 32, NDPI_PROTOCOL_TOR }, - { 0x17E28484, 32, NDPI_PROTOCOL_TOR }, - { 0x17E94164, 32, NDPI_PROTOCOL_TOR }, - { 0x17E96B78, 32, NDPI_PROTOCOL_TOR }, - { 0x17EE11E5, 32, NDPI_PROTOCOL_TOR }, - { 0x17EEE636, 32, NDPI_PROTOCOL_TOR }, - { 0x17EF045E, 32, NDPI_PROTOCOL_TOR }, - { 0x17EF0590, 32, NDPI_PROTOCOL_TOR }, - { 0x17EF0A90, 32, NDPI_PROTOCOL_TOR }, - { 0x17EF1378, 32, NDPI_PROTOCOL_TOR }, - { 0x17EF1378, 32, NDPI_PROTOCOL_TOR }, - { 0x17EF1399, 32, NDPI_PROTOCOL_TOR }, - { 0x17EF1B1C, 32, NDPI_PROTOCOL_TOR }, - { 0x17EF1D41, 32, NDPI_PROTOCOL_TOR }, - { 0x17EF1D41, 32, NDPI_PROTOCOL_TOR }, - { 0x17EF1DE2, 32, NDPI_PROTOCOL_TOR }, - { 0x17EF7165, 32, NDPI_PROTOCOL_TOR }, - { 0x17FA079F, 32, NDPI_PROTOCOL_TOR }, - { 0x17FC36AA, 32, NDPI_PROTOCOL_TOR }, - { 0x17FE8026, 32, NDPI_PROTOCOL_TOR }, - { 0x17FEA584, 32, NDPI_PROTOCOL_TOR }, - { 0x17FEA5FA, 32, NDPI_PROTOCOL_TOR }, - { 0x17FEA6DE, 32, NDPI_PROTOCOL_TOR }, - { 0x17FEA7E7, 32, NDPI_PROTOCOL_TOR }, - { 0x17FFC32F, 32, NDPI_PROTOCOL_TOR }, - { 0x17FFCC6C, 32, NDPI_PROTOCOL_TOR }, - { 0x17FFF26D, 32, NDPI_PROTOCOL_TOR }, - { 0x18015D49, 32, NDPI_PROTOCOL_TOR }, - { 0x18041FF9, 32, NDPI_PROTOCOL_TOR }, - { 0x18048A52, 32, NDPI_PROTOCOL_TOR }, - { 0x18084CAE, 32, NDPI_PROTOCOL_TOR }, - { 0x180AEB3E, 32, NDPI_PROTOCOL_TOR }, - { 0x180CFAC8, 32, NDPI_PROTOCOL_TOR }, - { 0x180D9384, 32, NDPI_PROTOCOL_TOR }, - { 0x1810444C, 32, NDPI_PROTOCOL_TOR }, - { 0x1811131D, 32, NDPI_PROTOCOL_TOR }, - { 0x18140EAF, 32, NDPI_PROTOCOL_TOR }, - { 0x18153FC2, 32, NDPI_PROTOCOL_TOR }, - { 0x18157F86, 32, NDPI_PROTOCOL_TOR }, - { 0x18158EEB, 32, NDPI_PROTOCOL_TOR }, - { 0x1815BE96, 32, NDPI_PROTOCOL_TOR }, - { 0x1815EACE, 32, NDPI_PROTOCOL_TOR }, - { 0x18166B48, 32, NDPI_PROTOCOL_TOR }, - { 0x1816B6B0, 32, NDPI_PROTOCOL_TOR }, - { 0x18228E2D, 32, NDPI_PROTOCOL_TOR }, - { 0x1833357C, 32, NDPI_PROTOCOL_TOR }, - { 0x1834CE43, 32, NDPI_PROTOCOL_TOR }, - { 0x1834DF47, 32, NDPI_PROTOCOL_TOR }, - { 0x1834F2AC, 32, NDPI_PROTOCOL_TOR }, - { 0x183E84AB, 32, NDPI_PROTOCOL_TOR }, - { 0x183ECD0A, 32, NDPI_PROTOCOL_TOR }, - { 0x18405FB8, 32, NDPI_PROTOCOL_TOR }, - { 0x18446509, 32, NDPI_PROTOCOL_TOR }, - { 0x185AC5F6, 32, NDPI_PROTOCOL_TOR }, - { 0x18601285, 32, NDPI_PROTOCOL_TOR }, - { 0x186339F8, 32, NDPI_PROTOCOL_TOR }, - { 0x1868D868, 32, NDPI_PROTOCOL_TOR }, - { 0x186BDA67, 32, NDPI_PROTOCOL_TOR }, - { 0x187950A5, 32, NDPI_PROTOCOL_TOR }, - { 0x1880EB2A, 32, NDPI_PROTOCOL_TOR }, - { 0x18815804, 32, NDPI_PROTOCOL_TOR }, - { 0x188628E9, 32, NDPI_PROTOCOL_TOR }, - { 0x1886424B, 32, NDPI_PROTOCOL_TOR }, - { 0x1886A34A, 32, NDPI_PROTOCOL_TOR }, - { 0x1887456F, 32, NDPI_PROTOCOL_TOR }, - { 0x188CE8A3, 32, NDPI_PROTOCOL_TOR }, - { 0x18943BB9, 32, NDPI_PROTOCOL_TOR }, - { 0x18973BA8, 32, NDPI_PROTOCOL_TOR }, - { 0x189C1043, 32, NDPI_PROTOCOL_TOR }, - { 0x18A0A2C8, 32, NDPI_PROTOCOL_TOR }, - { 0x18A2F56C, 32, NDPI_PROTOCOL_TOR }, - { 0x18A57BA7, 32, NDPI_PROTOCOL_TOR }, - { 0x18A6420B, 32, NDPI_PROTOCOL_TOR }, - { 0x18AA2AAE, 32, NDPI_PROTOCOL_TOR }, - { 0x18B5AF66, 32, NDPI_PROTOCOL_TOR }, - { 0x18B93E50, 32, NDPI_PROTOCOL_TOR }, - { 0x18BB1408, 32, NDPI_PROTOCOL_TOR }, - { 0x18BE411A, 32, NDPI_PROTOCOL_TOR }, - { 0x18C05C02, 32, NDPI_PROTOCOL_TOR }, - { 0x18C1E947, 32, NDPI_PROTOCOL_TOR }, - { 0x18C4398A, 32, NDPI_PROTOCOL_TOR }, - { 0x18CB1026, 32, NDPI_PROTOCOL_TOR }, - { 0x18CBAD0C, 32, NDPI_PROTOCOL_TOR }, - { 0x18D48CD3, 32, NDPI_PROTOCOL_TOR }, - { 0x18D67228, 32, NDPI_PROTOCOL_TOR }, - { 0x18D921A8, 32, NDPI_PROTOCOL_TOR }, - { 0x18DCAE5D, 32, NDPI_PROTOCOL_TOR }, - { 0x18E94A6F, 32, NDPI_PROTOCOL_TOR }, - { 0x18EFCCC4, 32, NDPI_PROTOCOL_TOR }, - { 0x18FBC42B, 32, NDPI_PROTOCOL_TOR }, - { 0x18FC70B1, 32, NDPI_PROTOCOL_TOR }, - { 0x1B6D75D6, 32, NDPI_PROTOCOL_TOR }, - { 0x1B78549C, 32, NDPI_PROTOCOL_TOR }, - { 0x1B7C7C7A, 32, NDPI_PROTOCOL_TOR }, - { 0x1F036525, 32, NDPI_PROTOCOL_TOR }, - { 0x1F07B826, 32, NDPI_PROTOCOL_TOR }, - { 0x1F07B84C, 32, NDPI_PROTOCOL_TOR }, - { 0x1F07BADF, 32, NDPI_PROTOCOL_TOR }, - { 0x1F088004, 32, NDPI_PROTOCOL_TOR }, - { 0x1F0A4D53, 32, NDPI_PROTOCOL_TOR }, - { 0x1F0B41C6, 32, NDPI_PROTOCOL_TOR }, - { 0x1F0BF184, 32, NDPI_PROTOCOL_TOR }, - { 0x1F1018A6, 32, NDPI_PROTOCOL_TOR }, - { 0x1F10AE02, 32, NDPI_PROTOCOL_TOR }, - { 0x1F11CDA0, 32, NDPI_PROTOCOL_TOR }, - { 0x1F1269A3, 32, NDPI_PROTOCOL_TOR }, - { 0x1F12A967, 32, NDPI_PROTOCOL_TOR }, - { 0x1F12B428, 32, NDPI_PROTOCOL_TOR }, - { 0x1F12FBBE, 32, NDPI_PROTOCOL_TOR }, - { 0x1F13D492, 32, NDPI_PROTOCOL_TOR }, - { 0x1F17E469, 32, NDPI_PROTOCOL_TOR }, - { 0x1F180C17, 32, NDPI_PROTOCOL_TOR }, - { 0x1F1979DC, 32, NDPI_PROTOCOL_TOR }, - { 0x1F1E2413, 32, NDPI_PROTOCOL_TOR }, - { 0x1F1E2E44, 32, NDPI_PROTOCOL_TOR }, - { 0x1F1F4A40, 32, NDPI_PROTOCOL_TOR }, - { 0x1F1F4A71, 32, NDPI_PROTOCOL_TOR }, - { 0x1F1F4B54, 32, NDPI_PROTOCOL_TOR }, - { 0x1F1F4BB5, 32, NDPI_PROTOCOL_TOR }, - { 0x1F1F4CA9, 32, NDPI_PROTOCOL_TOR }, - { 0x1F1F4DDE, 32, NDPI_PROTOCOL_TOR }, - { 0x1F1F4E31, 32, NDPI_PROTOCOL_TOR }, - { 0x1F1F4E8D, 32, NDPI_PROTOCOL_TOR }, - { 0x1F1F4F98, 32, NDPI_PROTOCOL_TOR }, - { 0x1F205448, 32, NDPI_PROTOCOL_TOR }, - { 0x1F21B915, 32, NDPI_PROTOCOL_TOR }, - { 0x1F22B6B1, 32, NDPI_PROTOCOL_TOR }, - { 0x1F2AA922, 32, NDPI_PROTOCOL_TOR }, - { 0x1F2CE29C, 32, NDPI_PROTOCOL_TOR }, - { 0x1F2D7B2D, 32, NDPI_PROTOCOL_TOR }, - { 0x1F30B0E8, 32, NDPI_PROTOCOL_TOR }, - { 0x1F326CF7, 32, NDPI_PROTOCOL_TOR }, - { 0x1F338AC8, 32, NDPI_PROTOCOL_TOR }, - { 0x1F81A64E, 32, NDPI_PROTOCOL_TOR }, - { 0x1F86556D, 32, NDPI_PROTOCOL_TOR }, - { 0x1FAC1FCF, 32, NDPI_PROTOCOL_TOR }, - { 0x1FB29AE6, 32, NDPI_PROTOCOL_TOR }, - { 0x1FB8C367, 32, NDPI_PROTOCOL_TOR }, - { 0x1FB8C370, 32, NDPI_PROTOCOL_TOR }, - { 0x1FB91BCB, 32, NDPI_PROTOCOL_TOR }, - { 0x1FC06934, 32, NDPI_PROTOCOL_TOR }, - { 0x1FC06C42, 32, NDPI_PROTOCOL_TOR }, - { 0x1FC0E4B9, 32, NDPI_PROTOCOL_TOR }, - { 0x1FC18B0E, 32, NDPI_PROTOCOL_TOR }, - { 0x1FC9B5F1, 32, NDPI_PROTOCOL_TOR }, - { 0x1FCC966A, 32, NDPI_PROTOCOL_TOR }, - { 0x1FCC968A, 32, NDPI_PROTOCOL_TOR }, - { 0x1FCC9866, 32, NDPI_PROTOCOL_TOR }, - { 0x1FCF8399, 32, NDPI_PROTOCOL_TOR }, - { 0x1FCFF1A8, 32, NDPI_PROTOCOL_TOR }, - { 0x1FD2636A, 32, NDPI_PROTOCOL_TOR }, - { 0x1FD263D2, 32, NDPI_PROTOCOL_TOR }, - { 0x1FD2694A, 32, NDPI_PROTOCOL_TOR }, - { 0x1FD269BA, 32, NDPI_PROTOCOL_TOR }, - { 0x1FD26E3A, 32, NDPI_PROTOCOL_TOR }, - { 0x1FD26E82, 32, NDPI_PROTOCOL_TOR }, - { 0x1FD27FBA, 32, NDPI_PROTOCOL_TOR }, - { 0x1FDC0580, 32, NDPI_PROTOCOL_TOR }, - { 0x1FDC0586, 32, NDPI_PROTOCOL_TOR }, - { 0x1FDC0599, 32, NDPI_PROTOCOL_TOR }, - { 0x1FDC05C8, 32, NDPI_PROTOCOL_TOR }, - { 0x1FDC073F, 32, NDPI_PROTOCOL_TOR }, - { 0x1FDC078F, 32, NDPI_PROTOCOL_TOR }, - { 0x1FDC07C9, 32, NDPI_PROTOCOL_TOR }, - { 0x1FDC2AC2, 32, NDPI_PROTOCOL_TOR }, - { 0x1FDC326D, 32, NDPI_PROTOCOL_TOR }, - { 0x20D7A24A, 32, NDPI_PROTOCOL_TOR }, - { 0x23007F34, 32, NDPI_PROTOCOL_TOR }, - { 0x23007F34, 32, NDPI_PROTOCOL_TOR }, - { 0x2437F025, 32, NDPI_PROTOCOL_TOR }, - { 0x2450B024, 32, NDPI_PROTOCOL_TOR }, - { 0x25007B98, 32, NDPI_PROTOCOL_TOR }, - { 0x25007BCF, 32, NDPI_PROTOCOL_TOR }, - { 0x2501C2B6, 32, NDPI_PROTOCOL_TOR }, - { 0x2501D288, 32, NDPI_PROTOCOL_TOR }, - { 0x2501D569, 32, NDPI_PROTOCOL_TOR }, - { 0x2501D799, 32, NDPI_PROTOCOL_TOR }, - { 0x25041A62, 32, NDPI_PROTOCOL_TOR }, - { 0x25041BED, 32, NDPI_PROTOCOL_TOR }, - { 0x2505A41C, 32, NDPI_PROTOCOL_TOR }, - { 0x250B231C, 32, NDPI_PROTOCOL_TOR }, - { 0x250B231C, 32, NDPI_PROTOCOL_TOR }, - { 0x250B480D, 32, NDPI_PROTOCOL_TOR }, - { 0x2511AD98, 32, NDPI_PROTOCOL_TOR }, - { 0x251816D1, 32, NDPI_PROTOCOL_TOR }, - { 0x2518F260, 32, NDPI_PROTOCOL_TOR }, - { 0x25223476, 32, NDPI_PROTOCOL_TOR }, - { 0x25223A38, 32, NDPI_PROTOCOL_TOR }, - { 0x252C2C0B, 32, NDPI_PROTOCOL_TOR }, - { 0x252EB809, 32, NDPI_PROTOCOL_TOR }, - { 0x25304046, 32, NDPI_PROTOCOL_TOR }, - { 0x2530417A, 32, NDPI_PROTOCOL_TOR }, - { 0x2530417A, 32, NDPI_PROTOCOL_TOR }, - { 0x253043AA, 32, NDPI_PROTOCOL_TOR }, - { 0x25304A4B, 32, NDPI_PROTOCOL_TOR }, - { 0x25304E9F, 32, NDPI_PROTOCOL_TOR }, - { 0x25305130, 32, NDPI_PROTOCOL_TOR }, - { 0x253056A0, 32, NDPI_PROTOCOL_TOR }, - { 0x25305A99, 32, NDPI_PROTOCOL_TOR }, - { 0x2530782F, 32, NDPI_PROTOCOL_TOR }, - { 0x253078C4, 32, NDPI_PROTOCOL_TOR }, - { 0x253110CB, 32, NDPI_PROTOCOL_TOR }, - { 0x253A70B2, 32, NDPI_PROTOCOL_TOR }, - { 0x253B0227, 32, NDPI_PROTOCOL_TOR }, - { 0x253B02BC, 32, NDPI_PROTOCOL_TOR }, - { 0x253B0EC9, 32, NDPI_PROTOCOL_TOR }, - { 0x253B1D49, 32, NDPI_PROTOCOL_TOR }, - { 0x253B24C6, 32, NDPI_PROTOCOL_TOR }, - { 0x253B2675, 32, NDPI_PROTOCOL_TOR }, - { 0x253B2E9F, 32, NDPI_PROTOCOL_TOR }, - { 0x253B2F1B, 32, NDPI_PROTOCOL_TOR }, - { 0x253B2F1B, 32, NDPI_PROTOCOL_TOR }, - { 0x253B4365, 32, NDPI_PROTOCOL_TOR }, - { 0x253B6052, 32, NDPI_PROTOCOL_TOR }, - { 0x253B60BF, 32, NDPI_PROTOCOL_TOR }, - { 0x253B63BF, 32, NDPI_PROTOCOL_TOR }, - { 0x253B640B, 32, NDPI_PROTOCOL_TOR }, - { 0x253B69D6, 32, NDPI_PROTOCOL_TOR }, - { 0x253B69E8, 32, NDPI_PROTOCOL_TOR }, - { 0x253B6FC0, 32, NDPI_PROTOCOL_TOR }, - { 0x253B704A, 32, NDPI_PROTOCOL_TOR }, - { 0x253B7493, 32, NDPI_PROTOCOL_TOR }, - { 0x253B7614, 32, NDPI_PROTOCOL_TOR }, - { 0x253B7662, 32, NDPI_PROTOCOL_TOR }, - { 0x253B76F6, 32, NDPI_PROTOCOL_TOR }, - { 0x253B794E, 32, NDPI_PROTOCOL_TOR }, - { 0x253B7B8E, 32, NDPI_PROTOCOL_TOR }, - { 0x253B7D1D, 32, NDPI_PROTOCOL_TOR }, - { 0x253B85D0, 32, NDPI_PROTOCOL_TOR }, - { 0x253B9010, 32, NDPI_PROTOCOL_TOR }, - { 0x253BA2DA, 32, NDPI_PROTOCOL_TOR }, - { 0x254BA34C, 32, NDPI_PROTOCOL_TOR }, - { 0x254CCFC4, 32, NDPI_PROTOCOL_TOR }, - { 0x256E0D88, 32, NDPI_PROTOCOL_TOR }, - { 0x256E3C0F, 32, NDPI_PROTOCOL_TOR }, - { 0x256EF1F9, 32, NDPI_PROTOCOL_TOR }, - { 0x25718DEE, 32, NDPI_PROTOCOL_TOR }, - { 0x2571B30C, 32, NDPI_PROTOCOL_TOR }, - { 0x25723407, 32, NDPI_PROTOCOL_TOR }, - { 0x25780229, 32, NDPI_PROTOCOL_TOR }, - { 0x25784275, 32, NDPI_PROTOCOL_TOR }, - { 0x2578A080, 32, NDPI_PROTOCOL_TOR }, - { 0x2578AC86, 32, NDPI_PROTOCOL_TOR }, - { 0x2578AC88, 32, NDPI_PROTOCOL_TOR }, - { 0x2578ACF2, 32, NDPI_PROTOCOL_TOR }, - { 0x257B700E, 32, NDPI_PROTOCOL_TOR }, - { 0x257B70FD, 32, NDPI_PROTOCOL_TOR }, - { 0x257B756F, 32, NDPI_PROTOCOL_TOR }, - { 0x257B924B, 32, NDPI_PROTOCOL_TOR }, - { 0x2582E385, 32, NDPI_PROTOCOL_TOR }, - { 0x2582E386, 32, NDPI_PROTOCOL_TOR }, - { 0x2585814C, 32, NDPI_PROTOCOL_TOR }, - { 0x25869E3E, 32, NDPI_PROTOCOL_TOR }, - { 0x258B03AB, 32, NDPI_PROTOCOL_TOR }, - { 0x258B03E7, 32, NDPI_PROTOCOL_TOR }, - { 0x258B0C33, 32, NDPI_PROTOCOL_TOR }, - { 0x258B0D4E, 32, NDPI_PROTOCOL_TOR }, - { 0x258B166E, 32, NDPI_PROTOCOL_TOR }, - { 0x258F094A, 32, NDPI_PROTOCOL_TOR }, - { 0x25904351, 32, NDPI_PROTOCOL_TOR }, - { 0x2591FF60, 32, NDPI_PROTOCOL_TOR }, - { 0x259267E1, 32, NDPI_PROTOCOL_TOR }, - { 0x25928712, 32, NDPI_PROTOCOL_TOR }, - { 0x25929590, 32, NDPI_PROTOCOL_TOR }, - { 0x25939A1B, 32, NDPI_PROTOCOL_TOR }, - { 0x2599010A, 32, NDPI_PROTOCOL_TOR }, - { 0x25993585, 32, NDPI_PROTOCOL_TOR }, - { 0x259DA955, 32, NDPI_PROTOCOL_TOR }, - { 0x259DC059, 32, NDPI_PROTOCOL_TOR }, - { 0x259DC2D2, 32, NDPI_PROTOCOL_TOR }, - { 0x259DC30D, 32, NDPI_PROTOCOL_TOR }, - { 0x259DC353, 32, NDPI_PROTOCOL_TOR }, - { 0x259DC38F, 32, NDPI_PROTOCOL_TOR }, - { 0x259DC3B2, 32, NDPI_PROTOCOL_TOR }, - { 0x259DC4DB, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB0012, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB007E, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB0255, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB02E5, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB02E6, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB0303, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB0408, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB04DB, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB052C, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB056D, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB074A, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB094F, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB115F, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB122B, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB122B, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB126D, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB12B4, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB143B, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB144F, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB151C, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB159D, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB15B4, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB1657, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB1683, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB17E8, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB17E8, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB1E4E, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB1F27, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB2693, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB27D2, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB33D2, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB3F72, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB4275, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB604E, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB611F, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB615F, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB62B9, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB638F, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB63C1, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB666C, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB66BA, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB675B, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB679C, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB692B, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB6941, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB6944, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB6B5B, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB6BD2, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB6BD2, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB6C50, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB6D13, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB6D3A, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB6D45, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB6E3F, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB6ED8, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB7224, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB728C, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB732F, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB7487, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB76EC, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB7C84, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB7CC6, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB7DCF, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB7DCF, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB7DE4, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB7E15, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB8244, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB82E2, 32, NDPI_PROTOCOL_TOR }, - { 0x25BB89E1, 32, NDPI_PROTOCOL_TOR }, - { 0x25BBB023, 32, NDPI_PROTOCOL_TOR }, - { 0x25BBB040, 32, NDPI_PROTOCOL_TOR }, - { 0x25BBB404, 32, NDPI_PROTOCOL_TOR }, - { 0x25BBB41C, 32, NDPI_PROTOCOL_TOR }, - { 0x25BBB441, 32, NDPI_PROTOCOL_TOR }, - { 0x25BBC635, 32, NDPI_PROTOCOL_TOR }, - { 0x25BBC69F, 32, NDPI_PROTOCOL_TOR }, - { 0x25BBEFBF, 32, NDPI_PROTOCOL_TOR }, - { 0x25BBF36D, 32, NDPI_PROTOCOL_TOR }, - { 0x25BBF428, 32, NDPI_PROTOCOL_TOR }, - { 0x25BBF6DD, 32, NDPI_PROTOCOL_TOR }, - { 0x25BC44E4, 32, NDPI_PROTOCOL_TOR }, - { 0x25BED50A, 32, NDPI_PROTOCOL_TOR }, - { 0x25BF8A2B, 32, NDPI_PROTOCOL_TOR }, - { 0x25C08768, 32, NDPI_PROTOCOL_TOR }, - { 0x25C2350B, 32, NDPI_PROTOCOL_TOR }, - { 0x25C3C530, 32, NDPI_PROTOCOL_TOR }, - { 0x25C86205, 32, NDPI_PROTOCOL_TOR }, - { 0x25C863FB, 32, NDPI_PROTOCOL_TOR }, - { 0x25C939D9, 32, NDPI_PROTOCOL_TOR }, - { 0x25C98337, 32, NDPI_PROTOCOL_TOR }, - { 0x25C9DF9D, 32, NDPI_PROTOCOL_TOR }, - { 0x25CCA01C, 32, NDPI_PROTOCOL_TOR }, - { 0x25CD0983, 32, NDPI_PROTOCOL_TOR }, - { 0x25CD0B95, 32, NDPI_PROTOCOL_TOR }, - { 0x25D13BC6, 32, NDPI_PROTOCOL_TOR }, - { 0x25D14A11, 32, NDPI_PROTOCOL_TOR }, - { 0x25D16FE5, 32, NDPI_PROTOCOL_TOR }, - { 0x25D3561F, 32, NDPI_PROTOCOL_TOR }, - { 0x25DC233D, 32, NDPI_PROTOCOL_TOR }, - { 0x25DDA125, 32, NDPI_PROTOCOL_TOR }, - { 0x25DDA137, 32, NDPI_PROTOCOL_TOR }, - { 0x25DDA2E2, 32, NDPI_PROTOCOL_TOR }, - { 0x25DDA2E2, 32, NDPI_PROTOCOL_TOR }, - { 0x25DDA5E5, 32, NDPI_PROTOCOL_TOR }, - { 0x25DDA5F6, 32, NDPI_PROTOCOL_TOR }, - { 0x25DDC114, 32, NDPI_PROTOCOL_TOR }, - { 0x25DDC5B7, 32, NDPI_PROTOCOL_TOR }, - { 0x25E48203, 32, NDPI_PROTOCOL_TOR }, - { 0x25E48424, 32, NDPI_PROTOCOL_TOR }, - { 0x25E60143, 32, NDPI_PROTOCOL_TOR }, - { 0x25EB30F7, 32, NDPI_PROTOCOL_TOR }, - { 0x25EB312E, 32, NDPI_PROTOCOL_TOR }, - { 0x25EB317C, 32, NDPI_PROTOCOL_TOR }, - { 0x25EB3443, 32, NDPI_PROTOCOL_TOR }, - { 0x25EB3753, 32, NDPI_PROTOCOL_TOR }, - { 0x25EB3C39, 32, NDPI_PROTOCOL_TOR }, - { 0x25EB3C3C, 32, NDPI_PROTOCOL_TOR }, - { 0x25EB3E07, 32, NDPI_PROTOCOL_TOR }, - { 0x25F71635, 32, NDPI_PROTOCOL_TOR }, - { 0x25F732A7, 32, NDPI_PROTOCOL_TOR }, - { 0x25F7348C, 32, NDPI_PROTOCOL_TOR }, - { 0x25F735A2, 32, NDPI_PROTOCOL_TOR }, - { 0x25FC0CBA, 32, NDPI_PROTOCOL_TOR }, - { 0x25FCBE85, 32, NDPI_PROTOCOL_TOR }, - { 0x264D16FB, 32, NDPI_PROTOCOL_TOR }, - { 0x266C0A8C, 32, NDPI_PROTOCOL_TOR }, - { 0x26825026, 32, NDPI_PROTOCOL_TOR }, - { 0x26825039, 32, NDPI_PROTOCOL_TOR }, - { 0x26E5001C, 32, NDPI_PROTOCOL_TOR }, - { 0x26E5001D, 32, NDPI_PROTOCOL_TOR }, - { 0x26E54621, 32, NDPI_PROTOCOL_TOR }, - { 0x26E54622, 32, NDPI_PROTOCOL_TOR }, - { 0x26E5462A, 32, NDPI_PROTOCOL_TOR }, - { 0x26E5462A, 32, NDPI_PROTOCOL_TOR }, - { 0x26E54633, 32, NDPI_PROTOCOL_TOR }, - { 0x26E54634, 32, NDPI_PROTOCOL_TOR }, - { 0x26E54635, 32, NDPI_PROTOCOL_TOR }, - { 0x26E54636, 32, NDPI_PROTOCOL_TOR }, - { 0x26E5463D, 32, NDPI_PROTOCOL_TOR }, - { 0x26E54F02, 32, NDPI_PROTOCOL_TOR }, - { 0x27775DC9, 32, NDPI_PROTOCOL_TOR }, - { 0x294885AE, 32, NDPI_PROTOCOL_TOR }, - { 0x294D88FA, 32, NDPI_PROTOCOL_TOR }, - { 0x2985828E, 32, NDPI_PROTOCOL_TOR }, - { 0x29B619B5, 32, NDPI_PROTOCOL_TOR }, - { 0x29D4257A, 32, NDPI_PROTOCOL_TOR }, - { 0x29D7F1EA, 32, NDPI_PROTOCOL_TOR }, - { 0x29DF358D, 32, NDPI_PROTOCOL_TOR }, - { 0x29F201F2, 32, NDPI_PROTOCOL_TOR }, - { 0x2A02EFEA, 32, NDPI_PROTOCOL_TOR }, - { 0x2A7010C4, 32, NDPI_PROTOCOL_TOR }, - { 0x2A701341, 32, NDPI_PROTOCOL_TOR }, - { 0x2A7013C9, 32, NDPI_PROTOCOL_TOR }, - { 0x2BFA082A, 32, NDPI_PROTOCOL_TOR }, - { 0x2BFA0842, 32, NDPI_PROTOCOL_TOR }, - { 0x2E04009C, 32, NDPI_PROTOCOL_TOR }, - { 0x2E0418A8, 32, NDPI_PROTOCOL_TOR }, - { 0x2E0419D6, 32, NDPI_PROTOCOL_TOR }, - { 0x2E0422F2, 32, NDPI_PROTOCOL_TOR }, - { 0x2E0427EB, 32, NDPI_PROTOCOL_TOR }, - { 0x2E0437B1, 32, NDPI_PROTOCOL_TOR }, - { 0x2E043C6A, 32, NDPI_PROTOCOL_TOR }, - { 0x2E0457AC, 32, NDPI_PROTOCOL_TOR }, - { 0x2E046723, 32, NDPI_PROTOCOL_TOR }, - { 0x2E046A12, 32, NDPI_PROTOCOL_TOR }, - { 0x2E046ACF, 32, NDPI_PROTOCOL_TOR }, - { 0x2E046F7C, 32, NDPI_PROTOCOL_TOR }, - { 0x2E0474B0, 32, NDPI_PROTOCOL_TOR }, - { 0x2E047AA2, 32, NDPI_PROTOCOL_TOR }, - { 0x2E047AAD, 32, NDPI_PROTOCOL_TOR }, - { 0x2E04AE34, 32, NDPI_PROTOCOL_TOR }, - { 0x2E04B777, 32, NDPI_PROTOCOL_TOR }, - { 0x2E04FDC2, 32, NDPI_PROTOCOL_TOR }, - { 0x2E051DC4, 32, NDPI_PROTOCOL_TOR }, - { 0x2E051E05, 32, NDPI_PROTOCOL_TOR }, - { 0x2E055F13, 32, NDPI_PROTOCOL_TOR }, - { 0x2E059971, 32, NDPI_PROTOCOL_TOR }, - { 0x2E09C314, 32, NDPI_PROTOCOL_TOR }, - { 0x2E0ACDFC, 32, NDPI_PROTOCOL_TOR }, - { 0x2E0EF5CE, 32, NDPI_PROTOCOL_TOR }, - { 0x2E10EA83, 32, NDPI_PROTOCOL_TOR }, - { 0x2E113FD6, 32, NDPI_PROTOCOL_TOR }, - { 0x2E138E1D, 32, NDPI_PROTOCOL_TOR }, - { 0x2E138E7E, 32, NDPI_PROTOCOL_TOR }, - { 0x2E14F675, 32, NDPI_PROTOCOL_TOR }, - { 0x2E167BDE, 32, NDPI_PROTOCOL_TOR }, - { 0x2E1746C3, 32, NDPI_PROTOCOL_TOR }, - { 0x2E17551F, 32, NDPI_PROTOCOL_TOR }, - { 0x2E1C449E, 32, NDPI_PROTOCOL_TOR }, - { 0x2E1C4581, 32, NDPI_PROTOCOL_TOR }, - { 0x2E1C6E81, 32, NDPI_PROTOCOL_TOR }, - { 0x2E1C6EF4, 32, NDPI_PROTOCOL_TOR }, - { 0x2E1CCAD6, 32, NDPI_PROTOCOL_TOR }, - { 0x2E1CCF78, 32, NDPI_PROTOCOL_TOR }, - { 0x2E20E8EE, 32, NDPI_PROTOCOL_TOR }, - { 0x2E20EABD, 32, NDPI_PROTOCOL_TOR }, - { 0x2E2423D5, 32, NDPI_PROTOCOL_TOR }, - { 0x2E24251B, 32, NDPI_PROTOCOL_TOR }, - { 0x2E2425B7, 32, NDPI_PROTOCOL_TOR }, - { 0x2E2425D6, 32, NDPI_PROTOCOL_TOR }, - { 0x2E24271A, 32, NDPI_PROTOCOL_TOR }, - { 0x2E2639C4, 32, NDPI_PROTOCOL_TOR }, - { 0x2E263E1E, 32, NDPI_PROTOCOL_TOR }, - { 0x2E263F07, 32, NDPI_PROTOCOL_TOR }, - { 0x2E26E9F2, 32, NDPI_PROTOCOL_TOR }, - { 0x2E26FA27, 32, NDPI_PROTOCOL_TOR }, - { 0x2E2779BC, 32, NDPI_PROTOCOL_TOR }, - { 0x2E298244, 32, NDPI_PROTOCOL_TOR }, - { 0x2E298454, 32, NDPI_PROTOCOL_TOR }, - { 0x2E2B325C, 32, NDPI_PROTOCOL_TOR }, - { 0x2E2D0F7B, 32, NDPI_PROTOCOL_TOR }, - { 0x2E2F133A, 32, NDPI_PROTOCOL_TOR }, - { 0x2E37146D, 32, NDPI_PROTOCOL_TOR }, - { 0x2E3B27B9, 32, NDPI_PROTOCOL_TOR }, - { 0x2E3B3A75, 32, NDPI_PROTOCOL_TOR }, - { 0x2E3B8EEC, 32, NDPI_PROTOCOL_TOR }, - { 0x2E3B9439, 32, NDPI_PROTOCOL_TOR }, - { 0x2E3B9998, 32, NDPI_PROTOCOL_TOR }, - { 0x2E3BB9D7, 32, NDPI_PROTOCOL_TOR }, - { 0x2E3BF04E, 32, NDPI_PROTOCOL_TOR }, - { 0x2E48594D, 32, NDPI_PROTOCOL_TOR }, - { 0x2E49F960, 32, NDPI_PROTOCOL_TOR }, - { 0x2E691148, 32, NDPI_PROTOCOL_TOR }, - { 0x2E6960BE, 32, NDPI_PROTOCOL_TOR }, - { 0x2E69AC56, 32, NDPI_PROTOCOL_TOR }, - { 0x2E69E8BC, 32, NDPI_PROTOCOL_TOR }, - { 0x2E6C27DB, 32, NDPI_PROTOCOL_TOR }, - { 0x2E76110C, 32, NDPI_PROTOCOL_TOR }, - { 0x2E762709, 32, NDPI_PROTOCOL_TOR }, - { 0x2E76A38F, 32, NDPI_PROTOCOL_TOR }, - { 0x2E76E5C9, 32, NDPI_PROTOCOL_TOR }, - { 0x2E7E47AA, 32, NDPI_PROTOCOL_TOR }, - { 0x2E7FC664, 32, NDPI_PROTOCOL_TOR }, - { 0x2E7FCB2F, 32, NDPI_PROTOCOL_TOR }, - { 0x2E7FD0F8, 32, NDPI_PROTOCOL_TOR }, - { 0x2E800457, 32, NDPI_PROTOCOL_TOR }, - { 0x2E802D63, 32, NDPI_PROTOCOL_TOR }, - { 0x2E802D76, 32, NDPI_PROTOCOL_TOR }, - { 0x2E80D52B, 32, NDPI_PROTOCOL_TOR }, - { 0x2E81138F, 32, NDPI_PROTOCOL_TOR }, - { 0x2E8115E6, 32, NDPI_PROTOCOL_TOR }, - { 0x2E817C16, 32, NDPI_PROTOCOL_TOR }, - { 0x2E84BCDD, 32, NDPI_PROTOCOL_TOR }, - { 0x2E92E027, 32, NDPI_PROTOCOL_TOR }, - { 0x2E95120A, 32, NDPI_PROTOCOL_TOR }, - { 0x2E97D0D5, 32, NDPI_PROTOCOL_TOR }, - { 0x2EA25245, 32, NDPI_PROTOCOL_TOR }, - { 0x2EA26191, 32, NDPI_PROTOCOL_TOR }, - { 0x2EA340CA, 32, NDPI_PROTOCOL_TOR }, - { 0x2EA341A0, 32, NDPI_PROTOCOL_TOR }, - { 0x2EA3449C, 32, NDPI_PROTOCOL_TOR }, - { 0x2EA34C20, 32, NDPI_PROTOCOL_TOR }, - { 0x2EA34CFA, 32, NDPI_PROTOCOL_TOR }, - { 0x2EA3DB56, 32, NDPI_PROTOCOL_TOR }, - { 0x2EA5C560, 32, NDPI_PROTOCOL_TOR }, - { 0x2EA5DDA6, 32, NDPI_PROTOCOL_TOR }, - { 0x2EA5DDA6, 32, NDPI_PROTOCOL_TOR }, - { 0x2EA5DFD6, 32, NDPI_PROTOCOL_TOR }, - { 0x2EA5DFD9, 32, NDPI_PROTOCOL_TOR }, - { 0x2EA5DFE3, 32, NDPI_PROTOCOL_TOR }, - { 0x2EA5F08F, 32, NDPI_PROTOCOL_TOR }, - { 0x2EA5F2A6, 32, NDPI_PROTOCOL_TOR }, - { 0x2EA5F9E4, 32, NDPI_PROTOCOL_TOR }, - { 0x2EA5FAEB, 32, NDPI_PROTOCOL_TOR }, - { 0x2EA6A127, 32, NDPI_PROTOCOL_TOR }, - { 0x2EA7F533, 32, NDPI_PROTOCOL_TOR }, - { 0x2EA7F545, 32, NDPI_PROTOCOL_TOR }, - { 0x2EA7F5AC, 32, NDPI_PROTOCOL_TOR }, - { 0x2EB5EEA4, 32, NDPI_PROTOCOL_TOR }, - { 0x2EB61224, 32, NDPI_PROTOCOL_TOR }, - { 0x2EB6126F, 32, NDPI_PROTOCOL_TOR }, - { 0x2EB612F5, 32, NDPI_PROTOCOL_TOR }, - { 0x2EB61303, 32, NDPI_PROTOCOL_TOR }, - { 0x2EB61563, 32, NDPI_PROTOCOL_TOR }, - { 0x2EB66ABE, 32, NDPI_PROTOCOL_TOR }, - { 0x2EB6845A, 32, NDPI_PROTOCOL_TOR }, - { 0x2EB6D01C, 32, NDPI_PROTOCOL_TOR }, - { 0x2EB7D9F4, 32, NDPI_PROTOCOL_TOR }, - { 0x2EB7DA8D, 32, NDPI_PROTOCOL_TOR }, - { 0x2EB7DBC4, 32, NDPI_PROTOCOL_TOR }, - { 0x2EB7DC84, 32, NDPI_PROTOCOL_TOR }, - { 0x2EB9E185, 32, NDPI_PROTOCOL_TOR }, - { 0x2EBB039C, 32, NDPI_PROTOCOL_TOR }, - { 0x2EBC0425, 32, NDPI_PROTOCOL_TOR }, - { 0x2EBC0A17, 32, NDPI_PROTOCOL_TOR }, - { 0x2EBC2510, 32, NDPI_PROTOCOL_TOR }, - { 0x2EBC2AB0, 32, NDPI_PROTOCOL_TOR }, - { 0x2EC29854, 32, NDPI_PROTOCOL_TOR }, - { 0x2ED80D2F, 32, NDPI_PROTOCOL_TOR }, - { 0x2EDF485B, 32, NDPI_PROTOCOL_TOR }, - { 0x2EDF4FDF, 32, NDPI_PROTOCOL_TOR }, - { 0x2EDF8DA7, 32, NDPI_PROTOCOL_TOR }, - { 0x2EDFCD19, 32, NDPI_PROTOCOL_TOR }, - { 0x2EDFF71E, 32, NDPI_PROTOCOL_TOR }, - { 0x2EE26D30, 32, NDPI_PROTOCOL_TOR }, - { 0x2EE26EB9, 32, NDPI_PROTOCOL_TOR }, - { 0x2EE360DA, 32, NDPI_PROTOCOL_TOR }, - { 0x2EE4045B, 32, NDPI_PROTOCOL_TOR }, - { 0x2EE4C713, 32, NDPI_PROTOCOL_TOR }, - { 0x2EE5EEAC, 32, NDPI_PROTOCOL_TOR }, - { 0x2EE90046, 32, NDPI_PROTOCOL_TOR }, - { 0x2EE9EDBB, 32, NDPI_PROTOCOL_TOR }, - { 0x2EEBE346, 32, NDPI_PROTOCOL_TOR }, - { 0x2EEC95E0, 32, NDPI_PROTOCOL_TOR }, - { 0x2EEF62AC, 32, NDPI_PROTOCOL_TOR }, - { 0x2EEF6472, 32, NDPI_PROTOCOL_TOR }, - { 0x2EEF6B4A, 32, NDPI_PROTOCOL_TOR }, - { 0x2EEF6CC2, 32, NDPI_PROTOCOL_TOR }, - { 0x2EEF75B4, 32, NDPI_PROTOCOL_TOR }, - { 0x2EF2623D, 32, NDPI_PROTOCOL_TOR }, - { 0x2EF48AFB, 32, NDPI_PROTOCOL_TOR }, - { 0x2EF5C841, 32, NDPI_PROTOCOL_TOR }, - { 0x2EF61484, 32, NDPI_PROTOCOL_TOR }, - { 0x2EF6220C, 32, NDPI_PROTOCOL_TOR }, - { 0x2EF623E5, 32, NDPI_PROTOCOL_TOR }, - { 0x2EF62E1B, 32, NDPI_PROTOCOL_TOR }, - { 0x2EF659A9, 32, NDPI_PROTOCOL_TOR }, - { 0x2EF66CAE, 32, NDPI_PROTOCOL_TOR }, - { 0x2EF66FCF, 32, NDPI_PROTOCOL_TOR }, - { 0x2EF9258F, 32, NDPI_PROTOCOL_TOR }, - { 0x2EFC1838, 32, NDPI_PROTOCOL_TOR }, - { 0x2EFC18F6, 32, NDPI_PROTOCOL_TOR }, - { 0x2EFC19F9, 32, NDPI_PROTOCOL_TOR }, - { 0x2EFC1A02, 32, NDPI_PROTOCOL_TOR }, - { 0x2EFC98C0, 32, NDPI_PROTOCOL_TOR }, - { 0x2EFE4BA8, 32, NDPI_PROTOCOL_TOR }, - { 0x2F376EBC, 32, NDPI_PROTOCOL_TOR }, - { 0x31CD342B, 32, NDPI_PROTOCOL_TOR }, - { 0x31D4A626, 32, NDPI_PROTOCOL_TOR }, - { 0x31D4ADDE, 32, NDPI_PROTOCOL_TOR }, - { 0x31D4C271, 32, NDPI_PROTOCOL_TOR }, - { 0x320163E9, 32, NDPI_PROTOCOL_TOR }, - { 0x32070872, 32, NDPI_PROTOCOL_TOR }, - { 0x32073D6A, 32, NDPI_PROTOCOL_TOR }, - { 0x3207A1DA, 32, NDPI_PROTOCOL_TOR }, - { 0x3207B03B, 32, NDPI_PROTOCOL_TOR }, - { 0x3207B03B, 32, NDPI_PROTOCOL_TOR }, - { 0x3207B03C, 32, NDPI_PROTOCOL_TOR }, - { 0x3207B03D, 32, NDPI_PROTOCOL_TOR }, - { 0x3207B03D, 32, NDPI_PROTOCOL_TOR }, - { 0x3207B03E, 32, NDPI_PROTOCOL_TOR }, - { 0x3207B83A, 32, NDPI_PROTOCOL_TOR }, - { 0x3207C27A, 32, NDPI_PROTOCOL_TOR }, - { 0x3207D2DA, 32, NDPI_PROTOCOL_TOR }, - { 0x3207F36B, 32, NDPI_PROTOCOL_TOR }, - { 0x3207F36B, 32, NDPI_PROTOCOL_TOR }, - { 0x32092FEE, 32, NDPI_PROTOCOL_TOR }, - { 0x321F4CC3, 32, NDPI_PROTOCOL_TOR }, - { 0x321FFF5E, 32, NDPI_PROTOCOL_TOR }, - { 0x322300F4, 32, NDPI_PROTOCOL_TOR }, - { 0x322554A1, 32, NDPI_PROTOCOL_TOR }, - { 0x322B0AF0, 32, NDPI_PROTOCOL_TOR }, - { 0x322B38B6, 32, NDPI_PROTOCOL_TOR }, - { 0x322EF39B, 32, NDPI_PROTOCOL_TOR }, - { 0x32354A02, 32, NDPI_PROTOCOL_TOR }, - { 0x32355AFB, 32, NDPI_PROTOCOL_TOR }, - { 0x323995CC, 32, NDPI_PROTOCOL_TOR }, - { 0x3245A0C6, 32, NDPI_PROTOCOL_TOR }, - { 0x3248C4CE, 32, NDPI_PROTOCOL_TOR }, - { 0x324C9FDA, 32, NDPI_PROTOCOL_TOR }, - { 0x324EC501, 32, NDPI_PROTOCOL_TOR }, - { 0x324F2036, 32, NDPI_PROTOCOL_TOR }, - { 0x32511947, 32, NDPI_PROTOCOL_TOR }, - { 0x32532059, 32, NDPI_PROTOCOL_TOR }, - { 0x32582849, 32, NDPI_PROTOCOL_TOR }, - { 0x3258C0F5, 32, NDPI_PROTOCOL_TOR }, - { 0x325A0246, 32, NDPI_PROTOCOL_TOR }, - { 0x325DF89A, 32, NDPI_PROTOCOL_TOR }, - { 0x325DF9E4, 32, NDPI_PROTOCOL_TOR }, - { 0x326F05DE, 32, NDPI_PROTOCOL_TOR }, - { 0x326FC86F, 32, NDPI_PROTOCOL_TOR }, - { 0x32710FAD, 32, NDPI_PROTOCOL_TOR }, - { 0x327375B9, 32, NDPI_PROTOCOL_TOR }, - { 0x32737A44, 32, NDPI_PROTOCOL_TOR }, - { 0x3273E93E, 32, NDPI_PROTOCOL_TOR }, - { 0x32740095, 32, NDPI_PROTOCOL_TOR }, - { 0x327403DF, 32, NDPI_PROTOCOL_TOR }, - { 0x3274048D, 32, NDPI_PROTOCOL_TOR }, - { 0x32740599, 32, NDPI_PROTOCOL_TOR }, - { 0x32740AF2, 32, NDPI_PROTOCOL_TOR }, - { 0x327415AC, 32, NDPI_PROTOCOL_TOR }, - { 0x32741D36, 32, NDPI_PROTOCOL_TOR }, - { 0x32741D36, 32, NDPI_PROTOCOL_TOR }, - { 0x327420D9, 32, NDPI_PROTOCOL_TOR }, - { 0x3274222C, 32, NDPI_PROTOCOL_TOR }, - { 0x32742806, 32, NDPI_PROTOCOL_TOR }, - { 0x32742AF5, 32, NDPI_PROTOCOL_TOR }, - { 0x32742E14, 32, NDPI_PROTOCOL_TOR }, - { 0x32742FAB, 32, NDPI_PROTOCOL_TOR }, - { 0x3274312E, 32, NDPI_PROTOCOL_TOR }, - { 0x3274320C, 32, NDPI_PROTOCOL_TOR }, - { 0x3274320C, 32, NDPI_PROTOCOL_TOR }, - { 0x32743687, 32, NDPI_PROTOCOL_TOR }, - { 0x32743830, 32, NDPI_PROTOCOL_TOR }, - { 0x327556D3, 32, NDPI_PROTOCOL_TOR }, - { 0x328293BF, 32, NDPI_PROTOCOL_TOR }, - { 0x328C5DDF, 32, NDPI_PROTOCOL_TOR }, - { 0x328F6411, 32, NDPI_PROTOCOL_TOR }, - { 0x3294BED5, 32, NDPI_PROTOCOL_TOR }, - { 0x3298F1C6, 32, NDPI_PROTOCOL_TOR }, - { 0x32A4685A, 32, NDPI_PROTOCOL_TOR }, - { 0x32A84435, 32, NDPI_PROTOCOL_TOR }, - { 0x32B12972, 32, NDPI_PROTOCOL_TOR }, - { 0x32B1AF1A, 32, NDPI_PROTOCOL_TOR }, - { 0x32B5B129, 32, NDPI_PROTOCOL_TOR }, - { 0x32C18F2A, 32, NDPI_PROTOCOL_TOR }, - { 0x32C701B2, 32, NDPI_PROTOCOL_TOR }, - { 0x32F11E91, 32, NDPI_PROTOCOL_TOR }, - { 0x32F57C83, 32, NDPI_PROTOCOL_TOR }, - { 0x32F74BCD, 32, NDPI_PROTOCOL_TOR }, - { 0x32F7C37C, 32, NDPI_PROTOCOL_TOR }, - { 0x32F90236, 32, NDPI_PROTOCOL_TOR }, - { 0x32FAC9FE, 32, NDPI_PROTOCOL_TOR }, - { 0x32FAD011, 32, NDPI_PROTOCOL_TOR }, - { 0x32FADAA1, 32, NDPI_PROTOCOL_TOR }, - { 0x32FF615D, 32, NDPI_PROTOCOL_TOR }, - { 0x340A7D8C, 32, NDPI_PROTOCOL_TOR }, - { 0x364023F4, 32, NDPI_PROTOCOL_TOR }, - { 0x3640E586, 32, NDPI_PROTOCOL_TOR }, - { 0x3641ACFE, 32, NDPI_PROTOCOL_TOR }, - { 0x3641CE17, 32, NDPI_PROTOCOL_TOR }, - { 0x3641CE2C, 32, NDPI_PROTOCOL_TOR }, - { 0x3641CE34, 32, NDPI_PROTOCOL_TOR }, - { 0x3641CE39, 32, NDPI_PROTOCOL_TOR }, - { 0x3641CE3C, 32, NDPI_PROTOCOL_TOR }, - { 0x3641CE43, 32, NDPI_PROTOCOL_TOR }, - { 0x3641CE4A, 32, NDPI_PROTOCOL_TOR }, - { 0x3641CE4F, 32, NDPI_PROTOCOL_TOR }, - { 0x3642A01A, 32, NDPI_PROTOCOL_TOR }, - { 0x3642ED8D, 32, NDPI_PROTOCOL_TOR }, - { 0x36431231, 32, NDPI_PROTOCOL_TOR }, - { 0x36441DAA, 32, NDPI_PROTOCOL_TOR }, - { 0x3645C64F, 32, NDPI_PROTOCOL_TOR }, - { 0x3649DA8A, 32, NDPI_PROTOCOL_TOR }, - { 0x364D068C, 32, NDPI_PROTOCOL_TOR }, - { 0x364D6EBC, 32, NDPI_PROTOCOL_TOR }, - { 0x364D7868, 32, NDPI_PROTOCOL_TOR }, - { 0x364D7DC1, 32, NDPI_PROTOCOL_TOR }, - { 0x364F7EC5, 32, NDPI_PROTOCOL_TOR }, - { 0x3652C35E, 32, NDPI_PROTOCOL_TOR }, - { 0x36542A9B, 32, NDPI_PROTOCOL_TOR }, - { 0x36546A29, 32, NDPI_PROTOCOL_TOR }, - { 0x36568324, 32, NDPI_PROTOCOL_TOR }, - { 0x36571DA1, 32, NDPI_PROTOCOL_TOR }, - { 0x36583B2D, 32, NDPI_PROTOCOL_TOR }, - { 0x36583F17, 32, NDPI_PROTOCOL_TOR }, - { 0x3658A5E5, 32, NDPI_PROTOCOL_TOR }, - { 0x365D2B6D, 32, NDPI_PROTOCOL_TOR }, - { 0x365E89A4, 32, NDPI_PROTOCOL_TOR }, - { 0x365E8BA7, 32, NDPI_PROTOCOL_TOR }, - { 0x365EF005, 32, NDPI_PROTOCOL_TOR }, - { 0x365EF097, 32, NDPI_PROTOCOL_TOR }, - { 0x365EF100, 32, NDPI_PROTOCOL_TOR }, - { 0x365EF1A2, 32, NDPI_PROTOCOL_TOR }, - { 0x365EF1A8, 32, NDPI_PROTOCOL_TOR }, - { 0x365EF1AB, 32, NDPI_PROTOCOL_TOR }, - { 0x365EF1B5, 32, NDPI_PROTOCOL_TOR }, - { 0x365EF1B8, 32, NDPI_PROTOCOL_TOR }, - { 0x3692143E, 32, NDPI_PROTOCOL_TOR }, - { 0x3692CB7D, 32, NDPI_PROTOCOL_TOR }, - { 0x36941FE1, 32, NDPI_PROTOCOL_TOR }, - { 0x36946DAA, 32, NDPI_PROTOCOL_TOR }, - { 0x36949610, 32, NDPI_PROTOCOL_TOR }, - { 0x3695F2AE, 32, NDPI_PROTOCOL_TOR }, - { 0x369A0E1A, 32, NDPI_PROTOCOL_TOR }, - { 0x36A49C46, 32, NDPI_PROTOCOL_TOR }, - { 0x36AB5EF9, 32, NDPI_PROTOCOL_TOR }, - { 0x36AD6890, 32, NDPI_PROTOCOL_TOR }, - { 0x36AF0DB5, 32, NDPI_PROTOCOL_TOR }, - { 0x36AF5145, 32, NDPI_PROTOCOL_TOR }, - { 0x36B9A3E2, 32, NDPI_PROTOCOL_TOR }, - { 0x36BB371D, 32, NDPI_PROTOCOL_TOR }, - { 0x36BBEF10, 32, NDPI_PROTOCOL_TOR }, - { 0x36BF1132, 32, NDPI_PROTOCOL_TOR }, - { 0x36BF7203, 32, NDPI_PROTOCOL_TOR }, - { 0x36BF80E4, 32, NDPI_PROTOCOL_TOR }, - { 0x36C25AB0, 32, NDPI_PROTOCOL_TOR }, - { 0x36D05F8F, 32, NDPI_PROTOCOL_TOR }, - { 0x36D5A676, 32, NDPI_PROTOCOL_TOR }, - { 0x36E035C2, 32, NDPI_PROTOCOL_TOR }, - { 0x36E44160, 32, NDPI_PROTOCOL_TOR }, - { 0x36E8A7C8, 32, NDPI_PROTOCOL_TOR }, - { 0x36EBF7DC, 32, NDPI_PROTOCOL_TOR }, - { 0x36EDB868, 32, NDPI_PROTOCOL_TOR }, - { 0x36FBC11C, 32, NDPI_PROTOCOL_TOR }, - { 0x36FBD0B4, 32, NDPI_PROTOCOL_TOR }, - { 0x36FC6132, 32, NDPI_PROTOCOL_TOR }, - { 0x3A0775BC, 32, NDPI_PROTOCOL_TOR }, - { 0x3A604E5D, 32, NDPI_PROTOCOL_TOR }, - { 0x3AB78278, 32, NDPI_PROTOCOL_TOR }, - { 0x3B656242, 32, NDPI_PROTOCOL_TOR }, - { 0x3BA79B3B, 32, NDPI_PROTOCOL_TOR }, - { 0x3BB14C69, 32, NDPI_PROTOCOL_TOR }, - { 0x3C230879, 32, NDPI_PROTOCOL_TOR }, - { 0x3CEA7764, 32, NDPI_PROTOCOL_TOR }, - { 0x3CF2B70F, 32, NDPI_PROTOCOL_TOR }, - { 0x3CF8A2B3, 32, NDPI_PROTOCOL_TOR }, - { 0x3D56E640, 32, NDPI_PROTOCOL_TOR }, - { 0x3D5A3C79, 32, NDPI_PROTOCOL_TOR }, - { 0x3DCD303F, 32, NDPI_PROTOCOL_TOR }, - { 0x3DDB7725, 32, NDPI_PROTOCOL_TOR }, - { 0x3DE6AE3B, 32, NDPI_PROTOCOL_TOR }, - { 0x3DE6C615, 32, NDPI_PROTOCOL_TOR }, - { 0x3E040D0D, 32, NDPI_PROTOCOL_TOR }, - { 0x3E1E7D29, 32, NDPI_PROTOCOL_TOR }, - { 0x3E2BAF76, 32, NDPI_PROTOCOL_TOR }, - { 0x3E2C7FB8, 32, NDPI_PROTOCOL_TOR }, - { 0x3E315C96, 32, NDPI_PROTOCOL_TOR }, - { 0x3E3F9D4E, 32, NDPI_PROTOCOL_TOR }, - { 0x3E3FEFD7, 32, NDPI_PROTOCOL_TOR }, - { 0x3E4B8EA6, 32, NDPI_PROTOCOL_TOR }, - { 0x3E4B8FA7, 32, NDPI_PROTOCOL_TOR }, - { 0x3E4B9617, 32, NDPI_PROTOCOL_TOR }, - { 0x3E4B9DC5, 32, NDPI_PROTOCOL_TOR }, - { 0x3E4B9FF9, 32, NDPI_PROTOCOL_TOR }, - { 0x3E4BB91A, 32, NDPI_PROTOCOL_TOR }, - { 0x3E4BBB2A, 32, NDPI_PROTOCOL_TOR }, - { 0x3E4BD198, 32, NDPI_PROTOCOL_TOR }, - { 0x3E4BEBDE, 32, NDPI_PROTOCOL_TOR }, - { 0x3E4BF147, 32, NDPI_PROTOCOL_TOR }, - { 0x3E4BF17F, 32, NDPI_PROTOCOL_TOR }, - { 0x3E4BF74A, 32, NDPI_PROTOCOL_TOR }, - { 0x3E4BFB9D, 32, NDPI_PROTOCOL_TOR }, - { 0x3E4BFDF7, 32, NDPI_PROTOCOL_TOR }, - { 0x3E4C20B3, 32, NDPI_PROTOCOL_TOR }, - { 0x3E4C2C95, 32, NDPI_PROTOCOL_TOR }, - { 0x3E4D554A, 32, NDPI_PROTOCOL_TOR }, - { 0x3E5C6F2D, 32, NDPI_PROTOCOL_TOR }, - { 0x3E6C249B, 32, NDPI_PROTOCOL_TOR }, - { 0x3E6C2530, 32, NDPI_PROTOCOL_TOR }, - { 0x3E6CAB4C, 32, NDPI_PROTOCOL_TOR }, - { 0x3E70C338, 32, NDPI_PROTOCOL_TOR }, - { 0x3E71DF9A, 32, NDPI_PROTOCOL_TOR }, - { 0x3E71FA27, 32, NDPI_PROTOCOL_TOR }, - { 0x3E71FAB4, 32, NDPI_PROTOCOL_TOR }, - { 0x3E7A36A1, 32, NDPI_PROTOCOL_TOR }, - { 0x3E8D24D5, 32, NDPI_PROTOCOL_TOR }, - { 0x3E8D251E, 32, NDPI_PROTOCOL_TOR }, - { 0x3E8D2574, 32, NDPI_PROTOCOL_TOR }, - { 0x3E8D2CCE, 32, NDPI_PROTOCOL_TOR }, - { 0x3E8D2E36, 32, NDPI_PROTOCOL_TOR }, - { 0x3E8D2EC1, 32, NDPI_PROTOCOL_TOR }, - { 0x3E8F7968, 32, NDPI_PROTOCOL_TOR }, - { 0x3E8F8DEE, 32, NDPI_PROTOCOL_TOR }, - { 0x3E8F91BE, 32, NDPI_PROTOCOL_TOR }, - { 0x3E8FDE16, 32, NDPI_PROTOCOL_TOR }, - { 0x3E92842F, 32, NDPI_PROTOCOL_TOR }, - { 0x3E93FB15, 32, NDPI_PROTOCOL_TOR }, - { 0x3E9502BC, 32, NDPI_PROTOCOL_TOR }, - { 0x3E950D39, 32, NDPI_PROTOCOL_TOR }, - { 0x3E982BCB, 32, NDPI_PROTOCOL_TOR }, - { 0x3EA803D4, 32, NDPI_PROTOCOL_TOR }, - { 0x3EB0EFE5, 32, NDPI_PROTOCOL_TOR }, - { 0x3EB287DB, 32, NDPI_PROTOCOL_TOR }, - { 0x3EB5EEBA, 32, NDPI_PROTOCOL_TOR }, - { 0x3EB63D99, 32, NDPI_PROTOCOL_TOR }, - { 0x3EC5289B, 32, NDPI_PROTOCOL_TOR }, - { 0x3ECA279D, 32, NDPI_PROTOCOL_TOR }, - { 0x3ECB0AE6, 32, NDPI_PROTOCOL_TOR }, - { 0x3ECC6EC6, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED22410, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED22552, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED24579, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED245EC, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED24A37, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED24A89, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED24A8F, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED24ABA, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED24AC9, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED24C60, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED2522C, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED252A9, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED252B1, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED25404, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED25414, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED25C0B, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED25C0B, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED28438, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED28990, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED289E6, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED289E6, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED2AA0A, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED2AA1B, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED2AA8F, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED2AC5E, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED2B6BC, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED2B6EF, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED2BCDA, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED2BD22, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED2C698, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED2CC3D, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED2CE19, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED2CE19, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED2CE35, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED2D3ED, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED2ECAE, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED2ED55, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED2EE32, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED2F088, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED2F3A7, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED2F3B1, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED2FCAF, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED448F3, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED45233, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED454E5, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED45975, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED6063D, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED8D048, 32, NDPI_PROTOCOL_TOR }, - { 0x3ED97CFD, 32, NDPI_PROTOCOL_TOR }, - { 0x3EDA4B01, 32, NDPI_PROTOCOL_TOR }, - { 0x3EDB2E85, 32, NDPI_PROTOCOL_TOR }, - { 0x3EDBB62A, 32, NDPI_PROTOCOL_TOR }, - { 0x3EDC8781, 32, NDPI_PROTOCOL_TOR }, - { 0x3EDC88FD, 32, NDPI_PROTOCOL_TOR }, - { 0x3EDC9457, 32, NDPI_PROTOCOL_TOR }, - { 0x3EDC945E, 32, NDPI_PROTOCOL_TOR }, - { 0x3EDC9460, 32, NDPI_PROTOCOL_TOR }, - { 0x3EDC9461, 32, NDPI_PROTOCOL_TOR }, - { 0x3EDCB113, 32, NDPI_PROTOCOL_TOR }, - { 0x3EE1CA01, 32, NDPI_PROTOCOL_TOR }, - { 0x3EE2FA55, 32, NDPI_PROTOCOL_TOR }, - { 0x3EE47585, 32, NDPI_PROTOCOL_TOR }, - { 0x3EF1F052, 32, NDPI_PROTOCOL_TOR }, - { 0x3EFF6FC3, 32, NDPI_PROTOCOL_TOR }, - { 0x3F770D78, 32, NDPI_PROTOCOL_TOR }, - { 0x3F8EF878, 32, NDPI_PROTOCOL_TOR }, - { 0x3FE761E4, 32, NDPI_PROTOCOL_TOR }, - { 0x3FE7B589, 32, NDPI_PROTOCOL_TOR }, - { 0x3FF95AF8, 32, NDPI_PROTOCOL_TOR }, - { 0x400535AF, 32, NDPI_PROTOCOL_TOR }, - { 0x40167D28, 32, NDPI_PROTOCOL_TOR }, - { 0x4022A5ED, 32, NDPI_PROTOCOL_TOR }, - { 0x403AC85C, 32, NDPI_PROTOCOL_TOR }, - { 0x403EF9DE, 32, NDPI_PROTOCOL_TOR }, - { 0x404552A0, 32, NDPI_PROTOCOL_TOR }, - { 0x40478F7C, 32, NDPI_PROTOCOL_TOR }, - { 0x404A7772, 32, NDPI_PROTOCOL_TOR }, - { 0x404E969E, 32, NDPI_PROTOCOL_TOR }, - { 0x405713F4, 32, NDPI_PROTOCOL_TOR }, - { 0x405F3C4B, 32, NDPI_PROTOCOL_TOR }, - { 0x4071201D, 32, NDPI_PROTOCOL_TOR }, - { 0x40712CCE, 32, NDPI_PROTOCOL_TOR }, - { 0x407E2B54, 32, NDPI_PROTOCOL_TOR }, - { 0x40801EE8, 32, NDPI_PROTOCOL_TOR }, - { 0x4096D384, 32, NDPI_PROTOCOL_TOR }, - { 0x40ED332E, 32, NDPI_PROTOCOL_TOR }, - { 0x40FB0E11, 32, NDPI_PROTOCOL_TOR }, - { 0x4113B2B1, 32, NDPI_PROTOCOL_TOR }, - { 0x411DE8C4, 32, NDPI_PROTOCOL_TOR }, - { 0x4124628D, 32, NDPI_PROTOCOL_TOR }, - { 0x4132CB05, 32, NDPI_PROTOCOL_TOR }, - { 0x415E2693, 32, NDPI_PROTOCOL_TOR }, - { 0x416FBA42, 32, NDPI_PROTOCOL_TOR }, - { 0x41B57080, 32, NDPI_PROTOCOL_TOR }, - { 0x41B57159, 32, NDPI_PROTOCOL_TOR }, - { 0x41B57188, 32, NDPI_PROTOCOL_TOR }, - { 0x41B57BFE, 32, NDPI_PROTOCOL_TOR }, - { 0x41B57F76, 32, NDPI_PROTOCOL_TOR }, - { 0x41BF4B1E, 32, NDPI_PROTOCOL_TOR }, - { 0x4207CDA4, 32, NDPI_PROTOCOL_TOR }, - { 0x42088235, 32, NDPI_PROTOCOL_TOR }, - { 0x4208A63E, 32, NDPI_PROTOCOL_TOR }, - { 0x421F2F84, 32, NDPI_PROTOCOL_TOR }, - { 0x421FD0F6, 32, NDPI_PROTOCOL_TOR }, - { 0x422DF72A, 32, NDPI_PROTOCOL_TOR }, - { 0x424217DA, 32, NDPI_PROTOCOL_TOR }, - { 0x4244A7E8, 32, NDPI_PROTOCOL_TOR }, - { 0x42558348, 32, NDPI_PROTOCOL_TOR }, - { 0x426CCBC5, 32, NDPI_PROTOCOL_TOR }, - { 0x426D18CC, 32, NDPI_PROTOCOL_TOR }, - { 0x426F0210, 32, NDPI_PROTOCOL_TOR }, - { 0x426F0214, 32, NDPI_PROTOCOL_TOR }, - { 0x42746CB3, 32, NDPI_PROTOCOL_TOR }, - { 0x4275090A, 32, NDPI_PROTOCOL_TOR }, - { 0x4283C0D3, 32, NDPI_PROTOCOL_TOR }, - { 0x4289E293, 32, NDPI_PROTOCOL_TOR }, - { 0x4292C11F, 32, NDPI_PROTOCOL_TOR }, - { 0x4294745A, 32, NDPI_PROTOCOL_TOR }, - { 0x42AB5188, 32, NDPI_PROTOCOL_TOR }, - { 0x42ABB3C2, 32, NDPI_PROTOCOL_TOR }, - { 0x42AC0A43, 32, NDPI_PROTOCOL_TOR }, - { 0x42AC0CAE, 32, NDPI_PROTOCOL_TOR }, - { 0x42AC0CFE, 32, NDPI_PROTOCOL_TOR }, - { 0x42AC216A, 32, NDPI_PROTOCOL_TOR }, - { 0x42AC21DC, 32, NDPI_PROTOCOL_TOR }, - { 0x42AFD3F2, 32, NDPI_PROTOCOL_TOR }, - { 0x42AFD3F9, 32, NDPI_PROTOCOL_TOR }, - { 0x42AFD695, 32, NDPI_PROTOCOL_TOR }, - { 0x42AFD695, 32, NDPI_PROTOCOL_TOR }, - { 0x42AFD94E, 32, NDPI_PROTOCOL_TOR }, - { 0x42AFDC99, 32, NDPI_PROTOCOL_TOR }, - { 0x42AFDD18, 32, NDPI_PROTOCOL_TOR }, - { 0x42AFDF91, 32, NDPI_PROTOCOL_TOR }, - { 0x42B4C1DB, 32, NDPI_PROTOCOL_TOR }, - { 0x42C428FC, 32, NDPI_PROTOCOL_TOR }, - { 0x42DC03B3, 32, NDPI_PROTOCOL_TOR }, - { 0x42E421F8, 32, NDPI_PROTOCOL_TOR }, - { 0x42E42752, 32, NDPI_PROTOCOL_TOR }, - { 0x42E42772, 32, NDPI_PROTOCOL_TOR }, - { 0x42E42CCC, 32, NDPI_PROTOCOL_TOR }, - { 0x42E42FFE, 32, NDPI_PROTOCOL_TOR }, - { 0x42E436C3, 32, NDPI_PROTOCOL_TOR }, - { 0x42E43B18, 32, NDPI_PROTOCOL_TOR }, - { 0x42E43E5B, 32, NDPI_PROTOCOL_TOR }, - { 0x42F64BA7, 32, NDPI_PROTOCOL_TOR }, - { 0x42F8CC47, 32, NDPI_PROTOCOL_TOR }, - { 0x4300A951, 32, NDPI_PROTOCOL_TOR }, - { 0x4301F94A, 32, NDPI_PROTOCOL_TOR }, - { 0x43125C8D, 32, NDPI_PROTOCOL_TOR }, - { 0x43172B2E, 32, NDPI_PROTOCOL_TOR }, - { 0x4317B5ED, 32, NDPI_PROTOCOL_TOR }, - { 0x4355853B, 32, NDPI_PROTOCOL_TOR }, - { 0x43564FB9, 32, NDPI_PROTOCOL_TOR }, - { 0x4395F029, 32, NDPI_PROTOCOL_TOR }, - { 0x439EE2CA, 32, NDPI_PROTOCOL_TOR }, - { 0x43A58EE2, 32, NDPI_PROTOCOL_TOR }, - { 0x43A864B7, 32, NDPI_PROTOCOL_TOR }, - { 0x43A92D7F, 32, NDPI_PROTOCOL_TOR }, - { 0x43AD3984, 32, NDPI_PROTOCOL_TOR }, - { 0x43AD4C19, 32, NDPI_PROTOCOL_TOR }, - { 0x43B43F19, 32, NDPI_PROTOCOL_TOR }, - { 0x43B799D5, 32, NDPI_PROTOCOL_TOR }, - { 0x43CD598E, 32, NDPI_PROTOCOL_TOR }, - { 0x43CD704A, 32, NDPI_PROTOCOL_TOR }, - { 0x43D7FF8C, 32, NDPI_PROTOCOL_TOR }, - { 0x43DC16BF, 32, NDPI_PROTOCOL_TOR }, - { 0x43F43639, 32, NDPI_PROTOCOL_TOR }, - { 0x43F98A71, 32, NDPI_PROTOCOL_TOR }, - { 0x43FDF527, 32, NDPI_PROTOCOL_TOR }, - { 0x43FF09CB, 32, NDPI_PROTOCOL_TOR }, - { 0x440440C6, 32, NDPI_PROTOCOL_TOR }, - { 0x440859BD, 32, NDPI_PROTOCOL_TOR }, - { 0x44094F72, 32, NDPI_PROTOCOL_TOR }, - { 0x440FB66B, 32, NDPI_PROTOCOL_TOR }, - { 0x442300D4, 32, NDPI_PROTOCOL_TOR }, - { 0x44238420, 32, NDPI_PROTOCOL_TOR }, - { 0x44240EFA, 32, NDPI_PROTOCOL_TOR }, - { 0x44342124, 32, NDPI_PROTOCOL_TOR }, - { 0x4434AFBE, 32, NDPI_PROTOCOL_TOR }, - { 0x443A307C, 32, NDPI_PROTOCOL_TOR }, - { 0x4440A1EE, 32, NDPI_PROTOCOL_TOR }, - { 0x44416405, 32, NDPI_PROTOCOL_TOR }, - { 0x44429AD6, 32, NDPI_PROTOCOL_TOR }, - { 0x44432303, 32, NDPI_PROTOCOL_TOR }, - { 0x44472E8A, 32, NDPI_PROTOCOL_TOR }, - { 0x445011A0, 32, NDPI_PROTOCOL_TOR }, - { 0x44590067, 32, NDPI_PROTOCOL_TOR }, - { 0x4461BFC0, 32, NDPI_PROTOCOL_TOR }, - { 0x44669EA3, 32, NDPI_PROTOCOL_TOR }, - { 0x4468364B, 32, NDPI_PROTOCOL_TOR }, - { 0x44706295, 32, NDPI_PROTOCOL_TOR }, - { 0x4471943A, 32, NDPI_PROTOCOL_TOR }, - { 0x4494A2D8, 32, NDPI_PROTOCOL_TOR }, - { 0x449528B7, 32, NDPI_PROTOCOL_TOR }, - { 0x44B7A9A7, 32, NDPI_PROTOCOL_TOR }, - { 0x44BB40FC, 32, NDPI_PROTOCOL_TOR }, - { 0x44E003CC, 32, NDPI_PROTOCOL_TOR }, - { 0x44E003CC, 32, NDPI_PROTOCOL_TOR }, - { 0x44E4F314, 32, NDPI_PROTOCOL_TOR }, - { 0x44E7DBD4, 32, NDPI_PROTOCOL_TOR }, - { 0x44E9EBD9, 32, NDPI_PROTOCOL_TOR }, - { 0x450C569F, 32, NDPI_PROTOCOL_TOR }, - { 0x450D2623, 32, NDPI_PROTOCOL_TOR }, - { 0x451B5416, 32, NDPI_PROTOCOL_TOR }, - { 0x451C5230, 32, NDPI_PROTOCOL_TOR }, - { 0x451C5A69, 32, NDPI_PROTOCOL_TOR }, - { 0x452731C9, 32, NDPI_PROTOCOL_TOR }, - { 0x4532A549, 32, NDPI_PROTOCOL_TOR }, - { 0x453EA2B2, 32, NDPI_PROTOCOL_TOR }, - { 0x45402255, 32, NDPI_PROTOCOL_TOR }, - { 0x454027B4, 32, NDPI_PROTOCOL_TOR }, - { 0x454030A8, 32, NDPI_PROTOCOL_TOR }, - { 0x45403430, 32, NDPI_PROTOCOL_TOR }, - { 0x4543FC87, 32, NDPI_PROTOCOL_TOR }, - { 0x45596485, 32, NDPI_PROTOCOL_TOR }, - { 0x455A97E5, 32, NDPI_PROTOCOL_TOR }, - { 0x455D7F39, 32, NDPI_PROTOCOL_TOR }, - { 0x45722B5C, 32, NDPI_PROTOCOL_TOR }, - { 0x45733217, 32, NDPI_PROTOCOL_TOR }, - { 0x4573C28D, 32, NDPI_PROTOCOL_TOR }, - { 0x4588E954, 32, NDPI_PROTOCOL_TOR }, - { 0x458A00E2, 32, NDPI_PROTOCOL_TOR }, - { 0x458AB189, 32, NDPI_PROTOCOL_TOR }, - { 0x458D2BC5, 32, NDPI_PROTOCOL_TOR }, - { 0x45928DBA, 32, NDPI_PROTOCOL_TOR }, - { 0x45A26B05, 32, NDPI_PROTOCOL_TOR }, - { 0x45A28B09, 32, NDPI_PROTOCOL_TOR }, - { 0x45A323DE, 32, NDPI_PROTOCOL_TOR }, - { 0x45A3640C, 32, NDPI_PROTOCOL_TOR }, - { 0x45A4C3F0, 32, NDPI_PROTOCOL_TOR }, - { 0x45A4C4EE, 32, NDPI_PROTOCOL_TOR }, - { 0x45A4C524, 32, NDPI_PROTOCOL_TOR }, - { 0x45A4C620, 32, NDPI_PROTOCOL_TOR }, - { 0x45A4C696, 32, NDPI_PROTOCOL_TOR }, - { 0x45A4CD93, 32, NDPI_PROTOCOL_TOR }, - { 0x45A4CEB0, 32, NDPI_PROTOCOL_TOR }, - { 0x45A4CFEA, 32, NDPI_PROTOCOL_TOR }, - { 0x45A4D108, 32, NDPI_PROTOCOL_TOR }, - { 0x45A4D197, 32, NDPI_PROTOCOL_TOR }, - { 0x45A4D312, 32, NDPI_PROTOCOL_TOR }, - { 0x45A4D4B4, 32, NDPI_PROTOCOL_TOR }, - { 0x45A4D6FA, 32, NDPI_PROTOCOL_TOR }, - { 0x45A4D852, 32, NDPI_PROTOCOL_TOR }, - { 0x45A4DD41, 32, NDPI_PROTOCOL_TOR }, - { 0x45A4DD4E, 32, NDPI_PROTOCOL_TOR }, - { 0x45A4DD99, 32, NDPI_PROTOCOL_TOR }, - { 0x45AC94F2, 32, NDPI_PROTOCOL_TOR }, - { 0x45AC9C67, 32, NDPI_PROTOCOL_TOR }, - { 0x45ACE727, 32, NDPI_PROTOCOL_TOR }, - { 0x45B57E1B, 32, NDPI_PROTOCOL_TOR }, - { 0x45C38CAE, 32, NDPI_PROTOCOL_TOR }, - { 0x45C456D6, 32, NDPI_PROTOCOL_TOR }, - { 0x45C4AE92, 32, NDPI_PROTOCOL_TOR }, - { 0x45C5AF23, 32, NDPI_PROTOCOL_TOR }, - { 0x45C5AF24, 32, NDPI_PROTOCOL_TOR }, - { 0x45F5523E, 32, NDPI_PROTOCOL_TOR }, - { 0x460F3C1D, 32, NDPI_PROTOCOL_TOR }, - { 0x4618CF2E, 32, NDPI_PROTOCOL_TOR }, - { 0x462438C6, 32, NDPI_PROTOCOL_TOR }, - { 0x46261F79, 32, NDPI_PROTOCOL_TOR }, - { 0x462C2054, 32, NDPI_PROTOCOL_TOR }, - { 0x463D61E4, 32, NDPI_PROTOCOL_TOR }, - { 0x463D61E5, 32, NDPI_PROTOCOL_TOR }, - { 0x463FAA56, 32, NDPI_PROTOCOL_TOR }, - { 0x46551FF2, 32, NDPI_PROTOCOL_TOR }, - { 0x4663CC61, 32, NDPI_PROTOCOL_TOR }, - { 0x4670A038, 32, NDPI_PROTOCOL_TOR }, - { 0x4670A341, 32, NDPI_PROTOCOL_TOR }, - { 0x467176E8, 32, NDPI_PROTOCOL_TOR }, - { 0x46721018, 32, NDPI_PROTOCOL_TOR }, - { 0x46A22F33, 32, NDPI_PROTOCOL_TOR }, - { 0x46A2595A, 32, NDPI_PROTOCOL_TOR }, - { 0x46A56AAE, 32, NDPI_PROTOCOL_TOR }, - { 0x46A923AD, 32, NDPI_PROTOCOL_TOR }, - { 0x46B5013D, 32, NDPI_PROTOCOL_TOR }, - { 0x46BB9A33, 32, NDPI_PROTOCOL_TOR }, - { 0x46BED043, 32, NDPI_PROTOCOL_TOR }, - { 0x470EB6E8, 32, NDPI_PROTOCOL_TOR }, - { 0x47139515, 32, NDPI_PROTOCOL_TOR }, - { 0x4713954E, 32, NDPI_PROTOCOL_TOR }, - { 0x47139BBB, 32, NDPI_PROTOCOL_TOR }, - { 0x47139D7F, 32, NDPI_PROTOCOL_TOR }, - { 0x47139DD5, 32, NDPI_PROTOCOL_TOR }, - { 0x47236A50, 32, NDPI_PROTOCOL_TOR }, - { 0x4738B62B, 32, NDPI_PROTOCOL_TOR }, - { 0x474BC940, 32, NDPI_PROTOCOL_TOR }, - { 0x474F591F, 32, NDPI_PROTOCOL_TOR }, - { 0x474F9691, 32, NDPI_PROTOCOL_TOR }, - { 0x475ACDF8, 32, NDPI_PROTOCOL_TOR }, - { 0x475F28FC, 32, NDPI_PROTOCOL_TOR }, - { 0x47872D47, 32, NDPI_PROTOCOL_TOR }, - { 0x47A59723, 32, NDPI_PROTOCOL_TOR }, - { 0x47A79A15, 32, NDPI_PROTOCOL_TOR }, - { 0x47AE3E2D, 32, NDPI_PROTOCOL_TOR }, - { 0x47B1E232, 32, NDPI_PROTOCOL_TOR }, - { 0x47B76C25, 32, NDPI_PROTOCOL_TOR }, - { 0x47B8FBE9, 32, NDPI_PROTOCOL_TOR }, - { 0x47B9233B, 32, NDPI_PROTOCOL_TOR }, - { 0x47B9AB0D, 32, NDPI_PROTOCOL_TOR }, - { 0x47C3DB07, 32, NDPI_PROTOCOL_TOR }, - { 0x47C5EB05, 32, NDPI_PROTOCOL_TOR }, - { 0x47C5FE48, 32, NDPI_PROTOCOL_TOR }, - { 0x47C772A6, 32, NDPI_PROTOCOL_TOR }, - { 0x47CAB8E5, 32, NDPI_PROTOCOL_TOR }, - { 0x47CC7AF0, 32, NDPI_PROTOCOL_TOR }, - { 0x47D7CE97, 32, NDPI_PROTOCOL_TOR }, - { 0x47DBB265, 32, NDPI_PROTOCOL_TOR }, - { 0x47DE7EC5, 32, NDPI_PROTOCOL_TOR }, - { 0x47E0883A, 32, NDPI_PROTOCOL_TOR }, - { 0x47E6FD44, 32, NDPI_PROTOCOL_TOR }, - { 0x47E7BE7B, 32, NDPI_PROTOCOL_TOR }, - { 0x47EB4AB7, 32, NDPI_PROTOCOL_TOR }, - { 0x47F5506C, 32, NDPI_PROTOCOL_TOR }, - { 0x47FB9E4B, 32, NDPI_PROTOCOL_TOR }, - { 0x4800E332, 32, NDPI_PROTOCOL_TOR }, - { 0x480EB0AC, 32, NDPI_PROTOCOL_TOR }, - { 0x480EB1A4, 32, NDPI_PROTOCOL_TOR }, - { 0x480EB30A, 32, NDPI_PROTOCOL_TOR }, - { 0x480EB3A3, 32, NDPI_PROTOCOL_TOR }, - { 0x480EB552, 32, NDPI_PROTOCOL_TOR }, - { 0x480EB83D, 32, NDPI_PROTOCOL_TOR }, - { 0x480EBAE2, 32, NDPI_PROTOCOL_TOR }, - { 0x481AD093, 32, NDPI_PROTOCOL_TOR }, - { 0x481DA212, 32, NDPI_PROTOCOL_TOR }, - { 0x482E9BBA, 32, NDPI_PROTOCOL_TOR }, - { 0x48332350, 32, NDPI_PROTOCOL_TOR }, - { 0x48344B1B, 32, NDPI_PROTOCOL_TOR }, - { 0x48345B16, 32, NDPI_PROTOCOL_TOR }, - { 0x48345B1D, 32, NDPI_PROTOCOL_TOR }, - { 0x48345B1E, 32, NDPI_PROTOCOL_TOR }, - { 0x48358586, 32, NDPI_PROTOCOL_TOR }, - { 0x484200E9, 32, NDPI_PROTOCOL_TOR }, - { 0x4845E5D5, 32, NDPI_PROTOCOL_TOR }, - { 0x4845F863, 32, NDPI_PROTOCOL_TOR }, - { 0x484E8BB9, 32, NDPI_PROTOCOL_TOR }, - { 0x48531759, 32, NDPI_PROTOCOL_TOR }, - { 0x4859E93A, 32, NDPI_PROTOCOL_TOR }, - { 0x485DF597, 32, NDPI_PROTOCOL_TOR }, - { 0x488184C2, 32, NDPI_PROTOCOL_TOR }, - { 0x488313EC, 32, NDPI_PROTOCOL_TOR }, - { 0x48A0F076, 32, NDPI_PROTOCOL_TOR }, - { 0x48AEAC8D, 32, NDPI_PROTOCOL_TOR }, - { 0x48B13B6E, 32, NDPI_PROTOCOL_TOR }, - { 0x48C0D011, 32, NDPI_PROTOCOL_TOR }, - { 0x48C105B0, 32, NDPI_PROTOCOL_TOR }, - { 0x48C5C123, 32, NDPI_PROTOCOL_TOR }, - { 0x48D1B426, 32, NDPI_PROTOCOL_TOR }, - { 0x48D1DB9A, 32, NDPI_PROTOCOL_TOR }, - { 0x48D8ECC2, 32, NDPI_PROTOCOL_TOR }, - { 0x48DCAD6B, 32, NDPI_PROTOCOL_TOR }, - { 0x48DE8A0C, 32, NDPI_PROTOCOL_TOR }, - { 0x48E1295B, 32, NDPI_PROTOCOL_TOR }, - { 0x48EFE271, 32, NDPI_PROTOCOL_TOR }, - { 0x48F9B964, 32, NDPI_PROTOCOL_TOR }, - { 0x48FAD50D, 32, NDPI_PROTOCOL_TOR }, - { 0x48FD5C2C, 32, NDPI_PROTOCOL_TOR }, - { 0x49041E43, 32, NDPI_PROTOCOL_TOR }, - { 0x49043472, 32, NDPI_PROTOCOL_TOR }, - { 0x4906D179, 32, NDPI_PROTOCOL_TOR }, - { 0x4908B6E5, 32, NDPI_PROTOCOL_TOR }, - { 0x490B9E26, 32, NDPI_PROTOCOL_TOR }, - { 0x490F96AC, 32, NDPI_PROTOCOL_TOR }, - { 0x490FFEF1, 32, NDPI_PROTOCOL_TOR }, - { 0x49134ECD, 32, NDPI_PROTOCOL_TOR }, - { 0x491610C3, 32, NDPI_PROTOCOL_TOR }, - { 0x492574A8, 32, NDPI_PROTOCOL_TOR }, - { 0x4926F8B6, 32, NDPI_PROTOCOL_TOR }, - { 0x49274DA6, 32, NDPI_PROTOCOL_TOR }, - { 0x492C8639, 32, NDPI_PROTOCOL_TOR }, - { 0x492D254B, 32, NDPI_PROTOCOL_TOR }, - { 0x492FF6DF, 32, NDPI_PROTOCOL_TOR }, - { 0x49304E30, 32, NDPI_PROTOCOL_TOR }, - { 0x49308BE2, 32, NDPI_PROTOCOL_TOR }, - { 0x498400F7, 32, NDPI_PROTOCOL_TOR }, - { 0x4984FA0B, 32, NDPI_PROTOCOL_TOR }, - { 0x49A3EC5F, 32, NDPI_PROTOCOL_TOR }, - { 0x49A5F4EE, 32, NDPI_PROTOCOL_TOR }, - { 0x49A64EFD, 32, NDPI_PROTOCOL_TOR }, - { 0x49A69CAC, 32, NDPI_PROTOCOL_TOR }, - { 0x49AA0647, 32, NDPI_PROTOCOL_TOR }, - { 0x49AC98E6, 32, NDPI_PROTOCOL_TOR }, - { 0x49C08B3F, 32, NDPI_PROTOCOL_TOR }, - { 0x49C0E718, 32, NDPI_PROTOCOL_TOR }, - { 0x49C6A499, 32, NDPI_PROTOCOL_TOR }, - { 0x49C7CBB9, 32, NDPI_PROTOCOL_TOR }, - { 0x49CAE19F, 32, NDPI_PROTOCOL_TOR }, - { 0x49D03060, 32, NDPI_PROTOCOL_TOR }, - { 0x49D0409E, 32, NDPI_PROTOCOL_TOR }, - { 0x49D0A2E1, 32, NDPI_PROTOCOL_TOR }, - { 0x49D932BB, 32, NDPI_PROTOCOL_TOR }, - { 0x49DE0E0A, 32, NDPI_PROTOCOL_TOR }, - { 0x4A03A527, 32, NDPI_PROTOCOL_TOR }, - { 0x4A323644, 32, NDPI_PROTOCOL_TOR }, - { 0x4A3BA760, 32, NDPI_PROTOCOL_TOR }, - { 0x4A3BCC47, 32, NDPI_PROTOCOL_TOR }, - { 0x4A436379, 32, NDPI_PROTOCOL_TOR }, - { 0x4A47FA54, 32, NDPI_PROTOCOL_TOR }, - { 0x4A5203E0, 32, NDPI_PROTOCOL_TOR }, - { 0x4A536574, 32, NDPI_PROTOCOL_TOR }, - { 0x4A561813, 32, NDPI_PROTOCOL_TOR }, - { 0x4A5B1B8D, 32, NDPI_PROTOCOL_TOR }, - { 0x4A5B1B8E, 32, NDPI_PROTOCOL_TOR }, - { 0x4A5E43C4, 32, NDPI_PROTOCOL_TOR }, - { 0x4A5FBB69, 32, NDPI_PROTOCOL_TOR }, - { 0x4A60E7B2, 32, NDPI_PROTOCOL_TOR }, - { 0x4A621760, 32, NDPI_PROTOCOL_TOR }, - { 0x4A65C9F9, 32, NDPI_PROTOCOL_TOR }, - { 0x4A677F7F, 32, NDPI_PROTOCOL_TOR }, - { 0x4A6DF071, 32, NDPI_PROTOCOL_TOR }, - { 0x4A74BA78, 32, NDPI_PROTOCOL_TOR }, - { 0x4A79B693, 32, NDPI_PROTOCOL_TOR }, - { 0x4A7CAB14, 32, NDPI_PROTOCOL_TOR }, - { 0x4A8AA23A, 32, NDPI_PROTOCOL_TOR }, - { 0x4AB9DBC9, 32, NDPI_PROTOCOL_TOR }, - { 0x4AC09417, 32, NDPI_PROTOCOL_TOR }, - { 0x4AC14C45, 32, NDPI_PROTOCOL_TOR }, - { 0x4ACEB5A4, 32, NDPI_PROTOCOL_TOR }, - { 0x4ACFE03F, 32, NDPI_PROTOCOL_TOR }, - { 0x4ACFE03F, 32, NDPI_PROTOCOL_TOR }, - { 0x4ACFE7BA, 32, NDPI_PROTOCOL_TOR }, - { 0x4ACFE7FA, 32, NDPI_PROTOCOL_TOR }, - { 0x4ACFE998, 32, NDPI_PROTOCOL_TOR }, - { 0x4ACFECC5, 32, NDPI_PROTOCOL_TOR }, - { 0x4ACFED2C, 32, NDPI_PROTOCOL_TOR }, - { 0x4ACFEDA7, 32, NDPI_PROTOCOL_TOR }, - { 0x4ACFEDA7, 32, NDPI_PROTOCOL_TOR }, - { 0x4ACFF207, 32, NDPI_PROTOCOL_TOR }, - { 0x4ACFF86E, 32, NDPI_PROTOCOL_TOR }, - { 0x4ACFF9A9, 32, NDPI_PROTOCOL_TOR }, - { 0x4ACFFB6D, 32, NDPI_PROTOCOL_TOR }, - { 0x4AD045C2, 32, NDPI_PROTOCOL_TOR }, - { 0x4AD04E82, 32, NDPI_PROTOCOL_TOR }, - { 0x4AD2C50C, 32, NDPI_PROTOCOL_TOR }, - { 0x4B013890, 32, NDPI_PROTOCOL_TOR }, - { 0x4B09754D, 32, NDPI_PROTOCOL_TOR }, - { 0x4B435766, 32, NDPI_PROTOCOL_TOR }, - { 0x4B451E4D, 32, NDPI_PROTOCOL_TOR }, - { 0x4B488B38, 32, NDPI_PROTOCOL_TOR }, - { 0x4B4F23FE, 32, NDPI_PROTOCOL_TOR }, - { 0x4B50A0EC, 32, NDPI_PROTOCOL_TOR }, - { 0x4B5169DB, 32, NDPI_PROTOCOL_TOR }, - { 0x4B52A04D, 32, NDPI_PROTOCOL_TOR }, - { 0x4B54A327, 32, NDPI_PROTOCOL_TOR }, - { 0x4B6189EA, 32, NDPI_PROTOCOL_TOR }, - { 0x4B642932, 32, NDPI_PROTOCOL_TOR }, - { 0x4B65602F, 32, NDPI_PROTOCOL_TOR }, - { 0x4B7650AB, 32, NDPI_PROTOCOL_TOR }, - { 0x4B76EED4, 32, NDPI_PROTOCOL_TOR }, - { 0x4B77E8C9, 32, NDPI_PROTOCOL_TOR }, - { 0x4B7F0F49, 32, NDPI_PROTOCOL_TOR }, - { 0x4B82033A, 32, NDPI_PROTOCOL_TOR }, - { 0x4B849247, 32, NDPI_PROTOCOL_TOR }, - { 0x4B8567ED, 32, NDPI_PROTOCOL_TOR }, - { 0x4B8FB432, 32, NDPI_PROTOCOL_TOR }, - { 0x4B91CDB1, 32, NDPI_PROTOCOL_TOR }, - { 0x4B965B14, 32, NDPI_PROTOCOL_TOR }, - { 0x4B965B15, 32, NDPI_PROTOCOL_TOR }, - { 0x4BA665D5, 32, NDPI_PROTOCOL_TOR }, - { 0x4BB117FE, 32, NDPI_PROTOCOL_TOR }, - { 0x4BB38B1A, 32, NDPI_PROTOCOL_TOR }, - { 0x4BB3AFC4, 32, NDPI_PROTOCOL_TOR }, - { 0x4BB66C77, 32, NDPI_PROTOCOL_TOR }, - { 0x4BB93208, 32, NDPI_PROTOCOL_TOR }, - { 0x4C0A8078, 32, NDPI_PROTOCOL_TOR }, - { 0x4C0CDB68, 32, NDPI_PROTOCOL_TOR }, - { 0x4C17D13D, 32, NDPI_PROTOCOL_TOR }, - { 0x4C1ACBF3, 32, NDPI_PROTOCOL_TOR }, - { 0x4C1CD1A5, 32, NDPI_PROTOCOL_TOR }, - { 0x4C1CEA17, 32, NDPI_PROTOCOL_TOR }, - { 0x4C400D9B, 32, NDPI_PROTOCOL_TOR }, - { 0x4C490364, 32, NDPI_PROTOCOL_TOR }, - { 0x4C4903AE, 32, NDPI_PROTOCOL_TOR }, - { 0x4C493996, 32, NDPI_PROTOCOL_TOR }, - { 0x4C4AB2F6, 32, NDPI_PROTOCOL_TOR }, - { 0x4C4ADB8A, 32, NDPI_PROTOCOL_TOR }, - { 0x4C4C08E8, 32, NDPI_PROTOCOL_TOR }, - { 0x4C4F2E66, 32, NDPI_PROTOCOL_TOR }, - { 0x4C55CFD4, 32, NDPI_PROTOCOL_TOR }, - { 0x4C5BCBA2, 32, NDPI_PROTOCOL_TOR }, - { 0x4C5BE269, 32, NDPI_PROTOCOL_TOR }, - { 0x4C5CE1D8, 32, NDPI_PROTOCOL_TOR }, - { 0x4C5DD733, 32, NDPI_PROTOCOL_TOR }, - { 0x4C63DE9C, 32, NDPI_PROTOCOL_TOR }, - { 0x4C66C7AA, 32, NDPI_PROTOCOL_TOR }, - { 0x4C6A2761, 32, NDPI_PROTOCOL_TOR }, - { 0x4C702F3C, 32, NDPI_PROTOCOL_TOR }, - { 0x4C7153C2, 32, NDPI_PROTOCOL_TOR }, - { 0x4C732D7C, 32, NDPI_PROTOCOL_TOR }, - { 0x4C73829B, 32, NDPI_PROTOCOL_TOR }, - { 0x4C778735, 32, NDPI_PROTOCOL_TOR }, - { 0x4C7A13E6, 32, NDPI_PROTOCOL_TOR }, - { 0x4C7BBBD2, 32, NDPI_PROTOCOL_TOR }, - { 0x4C7C660E, 32, NDPI_PROTOCOL_TOR }, - { 0x4C7CAF69, 32, NDPI_PROTOCOL_TOR }, - { 0x4C7E0D52, 32, NDPI_PROTOCOL_TOR }, - { 0x4CAA4864, 32, NDPI_PROTOCOL_TOR }, - { 0x4CAEFDD2, 32, NDPI_PROTOCOL_TOR }, - { 0x4CB28C0E, 32, NDPI_PROTOCOL_TOR }, - { 0x4CB9120F, 32, NDPI_PROTOCOL_TOR }, - { 0x4CBAB2BC, 32, NDPI_PROTOCOL_TOR }, - { 0x4CBC4252, 32, NDPI_PROTOCOL_TOR }, - { 0x4CBFD7D7, 32, NDPI_PROTOCOL_TOR }, - { 0x4CD11461, 32, NDPI_PROTOCOL_TOR }, - { 0x4CD90D94, 32, NDPI_PROTOCOL_TOR }, - { 0x4CD90D94, 32, NDPI_PROTOCOL_TOR }, - { 0x4CD995F0, 32, NDPI_PROTOCOL_TOR }, - { 0x4D00C9A3, 32, NDPI_PROTOCOL_TOR }, - { 0x4D01045C, 32, NDPI_PROTOCOL_TOR }, - { 0x4D04EB00, 32, NDPI_PROTOCOL_TOR }, - { 0x4D06EDF4, 32, NDPI_PROTOCOL_TOR }, - { 0x4D0A7CF0, 32, NDPI_PROTOCOL_TOR }, - { 0x4D0AAEE8, 32, NDPI_PROTOCOL_TOR }, - { 0x4D0AD0A5, 32, NDPI_PROTOCOL_TOR }, - { 0x4D0C1CB8, 32, NDPI_PROTOCOL_TOR }, - { 0x4D0C1CB8, 32, NDPI_PROTOCOL_TOR }, - { 0x4D0C65BB, 32, NDPI_PROTOCOL_TOR }, - { 0x4D0C84CC, 32, NDPI_PROTOCOL_TOR }, - { 0x4D0DB854, 32, NDPI_PROTOCOL_TOR }, - { 0x4D0DBCEF, 32, NDPI_PROTOCOL_TOR }, - { 0x4D142DA8, 32, NDPI_PROTOCOL_TOR }, - { 0x4D1430C4, 32, NDPI_PROTOCOL_TOR }, - { 0x4D145762, 32, NDPI_PROTOCOL_TOR }, - { 0x4D149215, 32, NDPI_PROTOCOL_TOR }, - { 0x4D149784, 32, NDPI_PROTOCOL_TOR }, - { 0x4D14C9D3, 32, NDPI_PROTOCOL_TOR }, - { 0x4D1505EA, 32, NDPI_PROTOCOL_TOR }, - { 0x4D15295E, 32, NDPI_PROTOCOL_TOR }, - { 0x4D154971, 32, NDPI_PROTOCOL_TOR }, - { 0x4D154D67, 32, NDPI_PROTOCOL_TOR }, - { 0x4D15D971, 32, NDPI_PROTOCOL_TOR }, - { 0x4D170724, 32, NDPI_PROTOCOL_TOR }, - { 0x4D170A99, 32, NDPI_PROTOCOL_TOR }, - { 0x4D171AE2, 32, NDPI_PROTOCOL_TOR }, - { 0x4D176F1E, 32, NDPI_PROTOCOL_TOR }, - { 0x4D250CBF, 32, NDPI_PROTOCOL_TOR }, - { 0x4D2588A5, 32, NDPI_PROTOCOL_TOR }, - { 0x4D25B87E, 32, NDPI_PROTOCOL_TOR }, - { 0x4D25DA91, 32, NDPI_PROTOCOL_TOR }, - { 0x4D25F08E, 32, NDPI_PROTOCOL_TOR }, - { 0x4D292F5B, 32, NDPI_PROTOCOL_TOR }, - { 0x4D2DFD87, 32, NDPI_PROTOCOL_TOR }, - { 0x4D2F7D6F, 32, NDPI_PROTOCOL_TOR }, - { 0x4D2FD16E, 32, NDPI_PROTOCOL_TOR }, - { 0x4D32EB4C, 32, NDPI_PROTOCOL_TOR }, - { 0x4D343FC5, 32, NDPI_PROTOCOL_TOR }, - { 0x4D3856DC, 32, NDPI_PROTOCOL_TOR }, - { 0x4D396860, 32, NDPI_PROTOCOL_TOR }, - { 0x4D3A033E, 32, NDPI_PROTOCOL_TOR }, - { 0x4D3AD4A9, 32, NDPI_PROTOCOL_TOR }, - { 0x4D40D46F, 32, NDPI_PROTOCOL_TOR }, - { 0x4D422DE3, 32, NDPI_PROTOCOL_TOR }, - { 0x4D422E18, 32, NDPI_PROTOCOL_TOR }, - { 0x4D44245D, 32, NDPI_PROTOCOL_TOR }, - { 0x4D463F8D, 32, NDPI_PROTOCOL_TOR }, - { 0x4D48932F, 32, NDPI_PROTOCOL_TOR }, - { 0x4D489696, 32, NDPI_PROTOCOL_TOR }, - { 0x4D4E77D3, 32, NDPI_PROTOCOL_TOR }, - { 0x4D51F029, 32, NDPI_PROTOCOL_TOR }, - { 0x4D56C546, 32, NDPI_PROTOCOL_TOR }, - { 0x4D56CC64, 32, NDPI_PROTOCOL_TOR }, - { 0x4D6220E9, 32, NDPI_PROTOCOL_TOR }, - { 0x4D66D762, 32, NDPI_PROTOCOL_TOR }, - { 0x4D69D0D9, 32, NDPI_PROTOCOL_TOR }, - { 0x4D6D8A2A, 32, NDPI_PROTOCOL_TOR }, - { 0x4D6D8A2B, 32, NDPI_PROTOCOL_TOR }, - { 0x4D6D8A2C, 32, NDPI_PROTOCOL_TOR }, - { 0x4D6D8B1A, 32, NDPI_PROTOCOL_TOR }, - { 0x4D6D8B1B, 32, NDPI_PROTOCOL_TOR }, - { 0x4D6D8B1C, 32, NDPI_PROTOCOL_TOR }, - { 0x4D6D8B57, 32, NDPI_PROTOCOL_TOR }, - { 0x4D6D8D8A, 32, NDPI_PROTOCOL_TOR }, - { 0x4D6D8D8B, 32, NDPI_PROTOCOL_TOR }, - { 0x4D6D8D8C, 32, NDPI_PROTOCOL_TOR }, - { 0x4D6DB99C, 32, NDPI_PROTOCOL_TOR }, - { 0x4D765894, 32, NDPI_PROTOCOL_TOR }, - { 0x4D7B5606, 32, NDPI_PROTOCOL_TOR }, - { 0x4D834130, 32, NDPI_PROTOCOL_TOR }, - { 0x4D86A910, 32, NDPI_PROTOCOL_TOR }, - { 0x4D98FB30, 32, NDPI_PROTOCOL_TOR }, - { 0x4DAA0102, 32, NDPI_PROTOCOL_TOR }, - { 0x4DAE88F2, 32, NDPI_PROTOCOL_TOR }, - { 0x4DAEB4C5, 32, NDPI_PROTOCOL_TOR }, - { 0x4DAEF986, 32, NDPI_PROTOCOL_TOR }, - { 0x4DC5A34D, 32, NDPI_PROTOCOL_TOR }, - { 0x4DCBDD5B, 32, NDPI_PROTOCOL_TOR }, - { 0x4DCF4DB2, 32, NDPI_PROTOCOL_TOR }, - { 0x4DCF6FCE, 32, NDPI_PROTOCOL_TOR }, - { 0x4DDF4BCF, 32, NDPI_PROTOCOL_TOR }, - { 0x4DE4A752, 32, NDPI_PROTOCOL_TOR }, - { 0x4DE4AF4A, 32, NDPI_PROTOCOL_TOR }, - { 0x4DE9EE82, 32, NDPI_PROTOCOL_TOR }, - { 0x4DEA31CE, 32, NDPI_PROTOCOL_TOR }, - { 0x4DEA947A, 32, NDPI_PROTOCOL_TOR }, - { 0x4DF30962, 32, NDPI_PROTOCOL_TOR }, - { 0x4DF4FEE3, 32, NDPI_PROTOCOL_TOR }, - { 0x4DF4FEE4, 32, NDPI_PROTOCOL_TOR }, - { 0x4DF4FEE5, 32, NDPI_PROTOCOL_TOR }, - { 0x4DF4FEE6, 32, NDPI_PROTOCOL_TOR }, - { 0x4DF6D813, 32, NDPI_PROTOCOL_TOR }, - { 0x4DF7B5A2, 32, NDPI_PROTOCOL_TOR }, - { 0x4DF7B5A3, 32, NDPI_PROTOCOL_TOR }, - { 0x4DF7B5A3, 32, NDPI_PROTOCOL_TOR }, - { 0x4DF7B5A4, 32, NDPI_PROTOCOL_TOR }, - { 0x4DF7B5A5, 32, NDPI_PROTOCOL_TOR }, - { 0x4DF7B5A5, 32, NDPI_PROTOCOL_TOR }, - { 0x4DF7B5A6, 32, NDPI_PROTOCOL_TOR }, - { 0x4DFB6AF8, 32, NDPI_PROTOCOL_TOR }, - { 0x4DFEAE40, 32, NDPI_PROTOCOL_TOR }, - { 0x4E08A504, 32, NDPI_PROTOCOL_TOR }, - { 0x4E0D3D36, 32, NDPI_PROTOCOL_TOR }, - { 0x4E1506A1, 32, NDPI_PROTOCOL_TOR }, - { 0x4E18DA8A, 32, NDPI_PROTOCOL_TOR }, - { 0x4E1B6E57, 32, NDPI_PROTOCOL_TOR }, - { 0x4E1FA429, 32, NDPI_PROTOCOL_TOR }, - { 0x4E227847, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2917A2, 32, NDPI_PROTOCOL_TOR }, - { 0x4E29E9C0, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2A9D62, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2B689D, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2B752E, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2B8EB1, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2D136A, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2E1188, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2E2BDD, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2E2DF2, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2E337C, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2E350B, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2E3C1E, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2E40F5, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2E4229, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2E50F7, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2E512D, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2E5F14, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2E69F1, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2E6A6F, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2E6B0F, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2E70DB, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2E7B22, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2E7BAC, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2E943A, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2E970B, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2E9713, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2E989E, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2EA78D, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2EB0A9, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2EC54B, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2EDA0B, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2EDC82, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2EDD7D, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2EE185, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2EEFB7, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2EF724, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2EF729, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F0406, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F10A6, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F126E, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F1BF6, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F2323, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F273C, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F27BC, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F297D, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F2CBC, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F2CD4, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F31EB, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F325C, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F35B7, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F3DDE, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F405B, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F49B6, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F5462, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F5699, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F5D0C, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F5DC8, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F5F9C, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F8606, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F8B62, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F9199, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F94AE, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2F963D, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2FA559, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2FA844, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2FABA6, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2FACF4, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2FAE9B, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2FBAF3, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2FBC04, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2FBFDD, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2FC5AC, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2FD81C, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2FDABE, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2FDBA6, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2FDE4A, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2FE0DB, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2FE208, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2FE568, 32, NDPI_PROTOCOL_TOR }, - { 0x4E2FE56B, 32, NDPI_PROTOCOL_TOR }, - { 0x4E301266, 32, NDPI_PROTOCOL_TOR }, - { 0x4E30213F, 32, NDPI_PROTOCOL_TOR }, - { 0x4E30E5E7, 32, NDPI_PROTOCOL_TOR }, - { 0x4E314714, 32, NDPI_PROTOCOL_TOR }, - { 0x4E337866, 32, NDPI_PROTOCOL_TOR }, - { 0x4E339FA4, 32, NDPI_PROTOCOL_TOR }, - { 0x4E341CCA, 32, NDPI_PROTOCOL_TOR }, - { 0x4E344588, 32, NDPI_PROTOCOL_TOR }, - { 0x4E345BC2, 32, NDPI_PROTOCOL_TOR }, - { 0x4E34709C, 32, NDPI_PROTOCOL_TOR }, - { 0x4E3500BA, 32, NDPI_PROTOCOL_TOR }, - { 0x4E3543BB, 32, NDPI_PROTOCOL_TOR }, - { 0x4E3578C0, 32, NDPI_PROTOCOL_TOR }, - { 0x4E35D113, 32, NDPI_PROTOCOL_TOR }, - { 0x4E36B32D, 32, NDPI_PROTOCOL_TOR }, - { 0x4E36B849, 32, NDPI_PROTOCOL_TOR }, - { 0x4E37167F, 32, NDPI_PROTOCOL_TOR }, - { 0x4E371BD3, 32, NDPI_PROTOCOL_TOR }, - { 0x4E37EECD, 32, NDPI_PROTOCOL_TOR }, - { 0x4E382816, 32, NDPI_PROTOCOL_TOR }, - { 0x4E38837E, 32, NDPI_PROTOCOL_TOR }, - { 0x4E448EF1, 32, NDPI_PROTOCOL_TOR }, - { 0x4E455699, 32, NDPI_PROTOCOL_TOR }, - { 0x4E460AE6, 32, NDPI_PROTOCOL_TOR }, - { 0x4E559863, 32, NDPI_PROTOCOL_TOR }, - { 0x4E55C395, 32, NDPI_PROTOCOL_TOR }, - { 0x4E582ECD, 32, NDPI_PROTOCOL_TOR }, - { 0x4E5A0FE5, 32, NDPI_PROTOCOL_TOR }, - { 0x4E5A8252, 32, NDPI_PROTOCOL_TOR }, - { 0x4E5E71A9, 32, NDPI_PROTOCOL_TOR }, - { 0x4E5EC2DB, 32, NDPI_PROTOCOL_TOR }, - { 0x4E5EFD61, 32, NDPI_PROTOCOL_TOR }, - { 0x4E66CF73, 32, NDPI_PROTOCOL_TOR }, - { 0x4E6A9813, 32, NDPI_PROTOCOL_TOR }, - { 0x4E6BE9E5, 32, NDPI_PROTOCOL_TOR }, - { 0x4E6BED10, 32, NDPI_PROTOCOL_TOR }, - { 0x4E6BEFD5, 32, NDPI_PROTOCOL_TOR }, - { 0x4E6BFE79, 32, NDPI_PROTOCOL_TOR }, - { 0x4E6C3F2C, 32, NDPI_PROTOCOL_TOR }, - { 0x4E6C3F2E, 32, NDPI_PROTOCOL_TOR }, - { 0x4E6EA0B9, 32, NDPI_PROTOCOL_TOR }, - { 0x4E6F4E8C, 32, NDPI_PROTOCOL_TOR }, - { 0x4E6FEE6B, 32, NDPI_PROTOCOL_TOR }, - { 0x4E73B49D, 32, NDPI_PROTOCOL_TOR }, - { 0x4E787A3F, 32, NDPI_PROTOCOL_TOR }, - { 0x4E81891C, 32, NDPI_PROTOCOL_TOR }, - { 0x4E81A639, 32, NDPI_PROTOCOL_TOR }, - { 0x4E81B421, 32, NDPI_PROTOCOL_TOR }, - { 0x4E833886, 32, NDPI_PROTOCOL_TOR }, - { 0x4E8B7228, 32, NDPI_PROTOCOL_TOR }, - { 0x4E8D50EC, 32, NDPI_PROTOCOL_TOR }, - { 0x4E8E8EF6, 32, NDPI_PROTOCOL_TOR }, - { 0x4E8E918D, 32, NDPI_PROTOCOL_TOR }, - { 0x4E8EAF46, 32, NDPI_PROTOCOL_TOR }, - { 0x4E91349D, 32, NDPI_PROTOCOL_TOR }, - { 0x4E9BA97A, 32, NDPI_PROTOCOL_TOR }, - { 0x4E9C75EC, 32, NDPI_PROTOCOL_TOR }, - { 0x4E9C77C8, 32, NDPI_PROTOCOL_TOR }, - { 0x4E9DC871, 32, NDPI_PROTOCOL_TOR }, - { 0x4E9F3CC3, 32, NDPI_PROTOCOL_TOR }, - { 0x4EC0BD4C, 32, NDPI_PROTOCOL_TOR }, - { 0x4EC0F14B, 32, NDPI_PROTOCOL_TOR }, - { 0x4EC1067E, 32, NDPI_PROTOCOL_TOR }, - { 0x4EC128CD, 32, NDPI_PROTOCOL_TOR }, - { 0x4EC128FE, 32, NDPI_PROTOCOL_TOR }, - { 0x4EC14F78, 32, NDPI_PROTOCOL_TOR }, - { 0x4EC15603, 32, NDPI_PROTOCOL_TOR }, - { 0x4EC1674D, 32, NDPI_PROTOCOL_TOR }, - { 0x4EC1A442, 32, NDPI_PROTOCOL_TOR }, - { 0x4EC6B4CD, 32, NDPI_PROTOCOL_TOR }, - { 0x4ECD5081, 32, NDPI_PROTOCOL_TOR }, - { 0x4EDA527F, 32, NDPI_PROTOCOL_TOR }, - { 0x4EDD8C72, 32, NDPI_PROTOCOL_TOR }, - { 0x4EE030F7, 32, NDPI_PROTOCOL_TOR }, - { 0x4EE0F0C4, 32, NDPI_PROTOCOL_TOR }, - { 0x4EE2A060, 32, NDPI_PROTOCOL_TOR }, - { 0x4EE588B8, 32, NDPI_PROTOCOL_TOR }, - { 0x4EE96597, 32, NDPI_PROTOCOL_TOR }, - { 0x4EEC369E, 32, NDPI_PROTOCOL_TOR }, - { 0x4EEF7556, 32, NDPI_PROTOCOL_TOR }, - { 0x4EF7B665, 32, NDPI_PROTOCOL_TOR }, - { 0x4EF8D759, 32, NDPI_PROTOCOL_TOR }, - { 0x4F4771F0, 32, NDPI_PROTOCOL_TOR }, - { 0x4F501132, 32, NDPI_PROTOCOL_TOR }, - { 0x4F59660B, 32, NDPI_PROTOCOL_TOR }, - { 0x4F621F2A, 32, NDPI_PROTOCOL_TOR }, - { 0x4F660402, 32, NDPI_PROTOCOL_TOR }, - { 0x4F6D109F, 32, NDPI_PROTOCOL_TOR }, - { 0x4F6D94CB, 32, NDPI_PROTOCOL_TOR }, - { 0x4F6F13C2, 32, NDPI_PROTOCOL_TOR }, - { 0x4F6F51A0, 32, NDPI_PROTOCOL_TOR }, - { 0x4F6FDA32, 32, NDPI_PROTOCOL_TOR }, - { 0x4F700984, 32, NDPI_PROTOCOL_TOR }, - { 0x4F716914, 32, NDPI_PROTOCOL_TOR }, - { 0x4F780A62, 32, NDPI_PROTOCOL_TOR }, - { 0x4F78282D, 32, NDPI_PROTOCOL_TOR }, - { 0x4F7851B7, 32, NDPI_PROTOCOL_TOR }, - { 0x4F825F7B, 32, NDPI_PROTOCOL_TOR }, - { 0x4F861BFF, 32, NDPI_PROTOCOL_TOR }, - { 0x4F86EAC8, 32, NDPI_PROTOCOL_TOR }, - { 0x4F86EB05, 32, NDPI_PROTOCOL_TOR }, - { 0x4F86FF23, 32, NDPI_PROTOCOL_TOR }, - { 0x4F87465A, 32, NDPI_PROTOCOL_TOR }, - { 0x4F881D2B, 32, NDPI_PROTOCOL_TOR }, - { 0x4F882ABE, 32, NDPI_PROTOCOL_TOR }, - { 0x4F8BBDB9, 32, NDPI_PROTOCOL_TOR }, - { 0x4F8C27CA, 32, NDPI_PROTOCOL_TOR }, - { 0x4F8C2975, 32, NDPI_PROTOCOL_TOR }, - { 0x4F8C2976, 32, NDPI_PROTOCOL_TOR }, - { 0x4F8C4005, 32, NDPI_PROTOCOL_TOR }, - { 0x4F8E6A54, 32, NDPI_PROTOCOL_TOR }, - { 0x4F8FB36A, 32, NDPI_PROTOCOL_TOR }, - { 0x4F8FB572, 32, NDPI_PROTOCOL_TOR }, - { 0x4F8FBC46, 32, NDPI_PROTOCOL_TOR }, - { 0x4FA04C99, 32, NDPI_PROTOCOL_TOR }, - { 0x4FA0A26A, 32, NDPI_PROTOCOL_TOR }, - { 0x4FA438F1, 32, NDPI_PROTOCOL_TOR }, - { 0x4FA45FB4, 32, NDPI_PROTOCOL_TOR }, - { 0x4FA5B4F3, 32, NDPI_PROTOCOL_TOR }, - { 0x4FA5DFD1, 32, NDPI_PROTOCOL_TOR }, - { 0x4FAC1212, 32, NDPI_PROTOCOL_TOR }, - { 0x4FAC1CCD, 32, NDPI_PROTOCOL_TOR }, - { 0x4FACC120, 32, NDPI_PROTOCOL_TOR }, - { 0x4FACCC24, 32, NDPI_PROTOCOL_TOR }, - { 0x4FACF908, 32, NDPI_PROTOCOL_TOR }, - { 0x4FB73E97, 32, NDPI_PROTOCOL_TOR }, - { 0x4FBD0233, 32, NDPI_PROTOCOL_TOR }, - { 0x4FC17B35, 32, NDPI_PROTOCOL_TOR }, - { 0x4FC3BA9D, 32, NDPI_PROTOCOL_TOR }, - { 0x4FC5C597, 32, NDPI_PROTOCOL_TOR }, - { 0x4FC8C7B3, 32, NDPI_PROTOCOL_TOR }, - { 0x4FCA6B3A, 32, NDPI_PROTOCOL_TOR }, - { 0x4FCB519B, 32, NDPI_PROTOCOL_TOR }, - { 0x4FD446F9, 32, NDPI_PROTOCOL_TOR }, - { 0x4FD62F35, 32, NDPI_PROTOCOL_TOR }, - { 0x4FD6C9C2, 32, NDPI_PROTOCOL_TOR }, - { 0x4FD6E742, 32, NDPI_PROTOCOL_TOR }, - { 0x4FD7DEA0, 32, NDPI_PROTOCOL_TOR }, - { 0x4FDCC79F, 32, NDPI_PROTOCOL_TOR }, - { 0x4FE25CA4, 32, NDPI_PROTOCOL_TOR }, - { 0x4FE2CDCD, 32, NDPI_PROTOCOL_TOR }, - { 0x4FE2DAE6, 32, NDPI_PROTOCOL_TOR }, - { 0x4FE3BBBF, 32, NDPI_PROTOCOL_TOR }, - { 0x4FE478A5, 32, NDPI_PROTOCOL_TOR }, - { 0x4FE4EA15, 32, NDPI_PROTOCOL_TOR }, - { 0x4FE5C024, 32, NDPI_PROTOCOL_TOR }, - { 0x4FE755CF, 32, NDPI_PROTOCOL_TOR }, - { 0x4FEA50ED, 32, NDPI_PROTOCOL_TOR }, - { 0x4FEB63B5, 32, NDPI_PROTOCOL_TOR }, - { 0x4FEC5A62, 32, NDPI_PROTOCOL_TOR }, - { 0x4FECD8B0, 32, NDPI_PROTOCOL_TOR }, - { 0x4FF15810, 32, NDPI_PROTOCOL_TOR }, - { 0x4FF19FF7, 32, NDPI_PROTOCOL_TOR }, - { 0x4FF1D2DC, 32, NDPI_PROTOCOL_TOR }, - { 0x4FF1D690, 32, NDPI_PROTOCOL_TOR }, - { 0x4FF2515A, 32, NDPI_PROTOCOL_TOR }, - { 0x4FF35735, 32, NDPI_PROTOCOL_TOR }, - { 0x4FF5435F, 32, NDPI_PROTOCOL_TOR }, - { 0x4FF58FAB, 32, NDPI_PROTOCOL_TOR }, - { 0x4FF6CF32, 32, NDPI_PROTOCOL_TOR }, - { 0x4FF77321, 32, NDPI_PROTOCOL_TOR }, - { 0x4FF87986, 32, NDPI_PROTOCOL_TOR }, - { 0x4FFBF5CA, 32, NDPI_PROTOCOL_TOR }, - { 0x4FFF9947, 32, NDPI_PROTOCOL_TOR }, - { 0x50025741, 32, NDPI_PROTOCOL_TOR }, - { 0x5004F810, 32, NDPI_PROTOCOL_TOR }, - { 0x500593F5, 32, NDPI_PROTOCOL_TOR }, - { 0x500C5EB8, 32, NDPI_PROTOCOL_TOR }, - { 0x502A9965, 32, NDPI_PROTOCOL_TOR }, - { 0x502AA456, 32, NDPI_PROTOCOL_TOR }, - { 0x50390AA9, 32, NDPI_PROTOCOL_TOR }, - { 0x50393FB3, 32, NDPI_PROTOCOL_TOR }, - { 0x50397C3A, 32, NDPI_PROTOCOL_TOR }, - { 0x5042877B, 32, NDPI_PROTOCOL_TOR }, - { 0x5043AC13, 32, NDPI_PROTOCOL_TOR }, - { 0x504459B6, 32, NDPI_PROTOCOL_TOR }, - { 0x50445CF9, 32, NDPI_PROTOCOL_TOR }, - { 0x50478577, 32, NDPI_PROTOCOL_TOR }, - { 0x504786B5, 32, NDPI_PROTOCOL_TOR }, - { 0x5049D3D9, 32, NDPI_PROTOCOL_TOR }, - { 0x5049F28E, 32, NDPI_PROTOCOL_TOR }, - { 0x504EF251, 32, NDPI_PROTOCOL_TOR }, - { 0x504EF656, 32, NDPI_PROTOCOL_TOR }, - { 0x504F1707, 32, NDPI_PROTOCOL_TOR }, - { 0x5051111F, 32, NDPI_PROTOCOL_TOR }, - { 0x5051F378, 32, NDPI_PROTOCOL_TOR }, - { 0x5051F3E2, 32, NDPI_PROTOCOL_TOR }, - { 0x5051F3EB, 32, NDPI_PROTOCOL_TOR }, - { 0x5052D7D2, 32, NDPI_PROTOCOL_TOR }, - { 0x50555448, 32, NDPI_PROTOCOL_TOR }, - { 0x505554DE, 32, NDPI_PROTOCOL_TOR }, - { 0x505554F0, 32, NDPI_PROTOCOL_TOR }, - { 0x50565329, 32, NDPI_PROTOCOL_TOR }, - { 0x50565CB5, 32, NDPI_PROTOCOL_TOR }, - { 0x50565D80, 32, NDPI_PROTOCOL_TOR }, - { 0x5059C09E, 32, NDPI_PROTOCOL_TOR }, - { 0x505A2B81, 32, NDPI_PROTOCOL_TOR }, - { 0x505A2BDD, 32, NDPI_PROTOCOL_TOR }, - { 0x50631FF8, 32, NDPI_PROTOCOL_TOR }, - { 0x5063FE73, 32, NDPI_PROTOCOL_TOR }, - { 0x50642620, 32, NDPI_PROTOCOL_TOR }, - { 0x50642CDB, 32, NDPI_PROTOCOL_TOR }, - { 0x50642CFD, 32, NDPI_PROTOCOL_TOR }, - { 0x50642D9C, 32, NDPI_PROTOCOL_TOR }, - { 0x50648003, 32, NDPI_PROTOCOL_TOR }, - { 0x5064BD03, 32, NDPI_PROTOCOL_TOR }, - { 0x5064CC04, 32, NDPI_PROTOCOL_TOR }, - { 0x5064CE96, 32, NDPI_PROTOCOL_TOR }, - { 0x506573AA, 32, NDPI_PROTOCOL_TOR }, - { 0x506C8F13, 32, NDPI_PROTOCOL_TOR }, - { 0x506DA2EA, 32, NDPI_PROTOCOL_TOR }, - { 0x506DE134, 32, NDPI_PROTOCOL_TOR }, - { 0x506E2316, 32, NDPI_PROTOCOL_TOR }, - { 0x506E37C4, 32, NDPI_PROTOCOL_TOR }, - { 0x506FEC0F, 32, NDPI_PROTOCOL_TOR }, - { 0x50709921, 32, NDPI_PROTOCOL_TOR }, - { 0x5071010B, 32, NDPI_PROTOCOL_TOR }, - { 0x50743860, 32, NDPI_PROTOCOL_TOR }, - { 0x50764CC5, 32, NDPI_PROTOCOL_TOR }, - { 0x50807E83, 32, NDPI_PROTOCOL_TOR }, - { 0x50814072, 32, NDPI_PROTOCOL_TOR }, - { 0x50868F7F, 32, NDPI_PROTOCOL_TOR }, - { 0x5087E176, 32, NDPI_PROTOCOL_TOR }, - { 0x508874C1, 32, NDPI_PROTOCOL_TOR }, - { 0x50894240, 32, NDPI_PROTOCOL_TOR }, - { 0x508AEC03, 32, NDPI_PROTOCOL_TOR }, - { 0x508AEFF3, 32, NDPI_PROTOCOL_TOR }, - { 0x508B637B, 32, NDPI_PROTOCOL_TOR }, - { 0x508B727D, 32, NDPI_PROTOCOL_TOR }, - { 0x508C6003, 32, NDPI_PROTOCOL_TOR }, - { 0x508F6A3C, 32, NDPI_PROTOCOL_TOR }, - { 0x5093219D, 32, NDPI_PROTOCOL_TOR }, - { 0x509325F7, 32, NDPI_PROTOCOL_TOR }, - { 0x5098EF17, 32, NDPI_PROTOCOL_TOR }, - { 0x50990704, 32, NDPI_PROTOCOL_TOR }, - { 0x50A19C30, 32, NDPI_PROTOCOL_TOR }, - { 0x50A20720, 32, NDPI_PROTOCOL_TOR }, - { 0x50A32958, 32, NDPI_PROTOCOL_TOR }, - { 0x50A770EE, 32, NDPI_PROTOCOL_TOR }, - { 0x50AB1353, 32, NDPI_PROTOCOL_TOR }, - { 0x50AB285B, 32, NDPI_PROTOCOL_TOR }, - { 0x50C3B7F0, 32, NDPI_PROTOCOL_TOR }, - { 0x50CAAF5A, 32, NDPI_PROTOCOL_TOR }, - { 0x50CAEE20, 32, NDPI_PROTOCOL_TOR }, - { 0x50CB102E, 32, NDPI_PROTOCOL_TOR }, - { 0x50D4A2ED, 32, NDPI_PROTOCOL_TOR }, - { 0x50D87BFC, 32, NDPI_PROTOCOL_TOR }, - { 0x50DA9F57, 32, NDPI_PROTOCOL_TOR }, - { 0x50DAD94E, 32, NDPI_PROTOCOL_TOR }, - { 0x50DB0244, 32, NDPI_PROTOCOL_TOR }, - { 0x50DB8C29, 32, NDPI_PROTOCOL_TOR }, - { 0x50DC5274, 32, NDPI_PROTOCOL_TOR }, - { 0x50DCE66B, 32, NDPI_PROTOCOL_TOR }, - { 0x50DCF46B, 32, NDPI_PROTOCOL_TOR }, - { 0x50DFA940, 32, NDPI_PROTOCOL_TOR }, - { 0x50DFB670, 32, NDPI_PROTOCOL_TOR }, - { 0x50DFD0F6, 32, NDPI_PROTOCOL_TOR }, - { 0x50E500D2, 32, NDPI_PROTOCOL_TOR }, - { 0x50EDE24B, 32, NDPI_PROTOCOL_TOR }, - { 0x50EEE5A1, 32, NDPI_PROTOCOL_TOR }, - { 0x50F08096, 32, NDPI_PROTOCOL_TOR }, - { 0x50F080E9, 32, NDPI_PROTOCOL_TOR }, - { 0x50F086F6, 32, NDPI_PROTOCOL_TOR }, - { 0x50F08D97, 32, NDPI_PROTOCOL_TOR }, - { 0x50F1D942, 32, NDPI_PROTOCOL_TOR }, - { 0x50F1DA9A, 32, NDPI_PROTOCOL_TOR }, - { 0x50F1DCDD, 32, NDPI_PROTOCOL_TOR }, - { 0x50F1DE24, 32, NDPI_PROTOCOL_TOR }, - { 0x50F1DE62, 32, NDPI_PROTOCOL_TOR }, - { 0x50F4F39E, 32, NDPI_PROTOCOL_TOR }, - { 0x50F63BE9, 32, NDPI_PROTOCOL_TOR }, - { 0x50F8D083, 32, NDPI_PROTOCOL_TOR }, - { 0x50FEDB30, 32, NDPI_PROTOCOL_TOR }, - { 0x50FF0BD3, 32, NDPI_PROTOCOL_TOR }, - { 0x50FF0BE0, 32, NDPI_PROTOCOL_TOR }, - { 0x50FF0BED, 32, NDPI_PROTOCOL_TOR }, - { 0x5102C521, 32, NDPI_PROTOCOL_TOR }, - { 0x5102ECA5, 32, NDPI_PROTOCOL_TOR }, - { 0x5104655D, 32, NDPI_PROTOCOL_TOR }, - { 0x5104676A, 32, NDPI_PROTOCOL_TOR }, - { 0x51046810, 32, NDPI_PROTOCOL_TOR }, - { 0x51046852, 32, NDPI_PROTOCOL_TOR }, - { 0x510469C0, 32, NDPI_PROTOCOL_TOR }, - { 0x51046B24, 32, NDPI_PROTOCOL_TOR }, - { 0x51046B44, 32, NDPI_PROTOCOL_TOR }, - { 0x51046BBE, 32, NDPI_PROTOCOL_TOR }, - { 0x51046BE3, 32, NDPI_PROTOCOL_TOR }, - { 0x51046CC7, 32, NDPI_PROTOCOL_TOR }, - { 0x51046D2F, 32, NDPI_PROTOCOL_TOR }, - { 0x51046D7D, 32, NDPI_PROTOCOL_TOR }, - { 0x51046DD0, 32, NDPI_PROTOCOL_TOR }, - { 0x51046DFA, 32, NDPI_PROTOCOL_TOR }, - { 0x51046E5D, 32, NDPI_PROTOCOL_TOR }, - { 0x51046E95, 32, NDPI_PROTOCOL_TOR }, - { 0x51046F6B, 32, NDPI_PROTOCOL_TOR }, - { 0x51047930, 32, NDPI_PROTOCOL_TOR }, - { 0x510479B4, 32, NDPI_PROTOCOL_TOR }, - { 0x510479DE, 32, NDPI_PROTOCOL_TOR }, - { 0x510479E0, 32, NDPI_PROTOCOL_TOR }, - { 0x510479F3, 32, NDPI_PROTOCOL_TOR }, - { 0x51047D81, 32, NDPI_PROTOCOL_TOR }, - { 0x51047E79, 32, NDPI_PROTOCOL_TOR }, - { 0x51070777, 32, NDPI_PROTOCOL_TOR }, - { 0x51070865, 32, NDPI_PROTOCOL_TOR }, - { 0x51070A11, 32, NDPI_PROTOCOL_TOR }, - { 0x51070A1D, 32, NDPI_PROTOCOL_TOR }, - { 0x51070A1D, 32, NDPI_PROTOCOL_TOR }, - { 0x51070A44, 32, NDPI_PROTOCOL_TOR }, - { 0x51070AFB, 32, NDPI_PROTOCOL_TOR }, - { 0x51070B46, 32, NDPI_PROTOCOL_TOR }, - { 0x51070BFD, 32, NDPI_PROTOCOL_TOR }, - { 0x51070D54, 32, NDPI_PROTOCOL_TOR }, - { 0x51070D5A, 32, NDPI_PROTOCOL_TOR }, - { 0x51070DF8, 32, NDPI_PROTOCOL_TOR }, - { 0x51070EF6, 32, NDPI_PROTOCOL_TOR }, - { 0x5107103B, 32, NDPI_PROTOCOL_TOR }, - { 0x510A9F12, 32, NDPI_PROTOCOL_TOR }, - { 0x511115F6, 32, NDPI_PROTOCOL_TOR }, - { 0x5114849E, 32, NDPI_PROTOCOL_TOR }, - { 0x51148B91, 32, NDPI_PROTOCOL_TOR }, - { 0x5115F642, 32, NDPI_PROTOCOL_TOR }, - { 0x511932A6, 32, NDPI_PROTOCOL_TOR }, - { 0x511CC585, 32, NDPI_PROTOCOL_TOR }, - { 0x511E9858, 32, NDPI_PROTOCOL_TOR }, - { 0x511E9858, 32, NDPI_PROTOCOL_TOR }, - { 0x511F5A52, 32, NDPI_PROTOCOL_TOR }, - { 0x513842D5, 32, NDPI_PROTOCOL_TOR }, - { 0x5139852A, 32, NDPI_PROTOCOL_TOR }, - { 0x5139D087, 32, NDPI_PROTOCOL_TOR }, - { 0x514080DE, 32, NDPI_PROTOCOL_TOR }, - { 0x5140E6FD, 32, NDPI_PROTOCOL_TOR }, - { 0x51475D6A, 32, NDPI_PROTOCOL_TOR }, - { 0x51533A04, 32, NDPI_PROTOCOL_TOR }, - { 0x51544C43, 32, NDPI_PROTOCOL_TOR }, - { 0x51569E1B, 32, NDPI_PROTOCOL_TOR }, - { 0x515900C3, 32, NDPI_PROTOCOL_TOR }, - { 0x515900C4, 32, NDPI_PROTOCOL_TOR }, - { 0x515900C5, 32, NDPI_PROTOCOL_TOR }, - { 0x515900C6, 32, NDPI_PROTOCOL_TOR }, - { 0x515900C7, 32, NDPI_PROTOCOL_TOR }, - { 0x515900C8, 32, NDPI_PROTOCOL_TOR }, - { 0x515900C9, 32, NDPI_PROTOCOL_TOR }, - { 0x515900CA, 32, NDPI_PROTOCOL_TOR }, - { 0x515900CB, 32, NDPI_PROTOCOL_TOR }, - { 0x515900CC, 32, NDPI_PROTOCOL_TOR }, - { 0x51596058, 32, NDPI_PROTOCOL_TOR }, - { 0x51596059, 32, NDPI_PROTOCOL_TOR }, - { 0x51596535, 32, NDPI_PROTOCOL_TOR }, - { 0x515CACE7, 32, NDPI_PROTOCOL_TOR }, - { 0x515F0522, 32, NDPI_PROTOCOL_TOR }, - { 0x515F3444, 32, NDPI_PROTOCOL_TOR }, - { 0x5160DB54, 32, NDPI_PROTOCOL_TOR }, - { 0x5161B784, 32, NDPI_PROTOCOL_TOR }, - { 0x5163F715, 32, NDPI_PROTOCOL_TOR }, - { 0x51669B3F, 32, NDPI_PROTOCOL_TOR }, - { 0x5166F93D, 32, NDPI_PROTOCOL_TOR }, - { 0x516A0C3C, 32, NDPI_PROTOCOL_TOR }, - { 0x516B907F, 32, NDPI_PROTOCOL_TOR }, - { 0x516D69B6, 32, NDPI_PROTOCOL_TOR }, - { 0x51853556, 32, NDPI_PROTOCOL_TOR }, - { 0x518D6888, 32, NDPI_PROTOCOL_TOR }, - { 0x519840EA, 32, NDPI_PROTOCOL_TOR }, - { 0x519FC5DE, 32, NDPI_PROTOCOL_TOR }, - { 0x51A64037, 32, NDPI_PROTOCOL_TOR }, - { 0x51A98234, 32, NDPI_PROTOCOL_TOR }, - { 0x51A982D6, 32, NDPI_PROTOCOL_TOR }, - { 0x51A988CE, 32, NDPI_PROTOCOL_TOR }, - { 0x51A98D5C, 32, NDPI_PROTOCOL_TOR }, - { 0x51A98D5E, 32, NDPI_PROTOCOL_TOR }, - { 0x51A9957C, 32, NDPI_PROTOCOL_TOR }, - { 0x51A99864, 32, NDPI_PROTOCOL_TOR }, - { 0x51A999A7, 32, NDPI_PROTOCOL_TOR }, - { 0x51A99F52, 32, NDPI_PROTOCOL_TOR }, - { 0x51A9A86A, 32, NDPI_PROTOCOL_TOR }, - { 0x51A9AFA4, 32, NDPI_PROTOCOL_TOR }, - { 0x51A9B42B, 32, NDPI_PROTOCOL_TOR }, - { 0x51A9B92C, 32, NDPI_PROTOCOL_TOR }, - { 0x51A9D13A, 32, NDPI_PROTOCOL_TOR }, - { 0x51A9D20B, 32, NDPI_PROTOCOL_TOR }, - { 0x51A9D72F, 32, NDPI_PROTOCOL_TOR }, - { 0x51A9FFEB, 32, NDPI_PROTOCOL_TOR }, - { 0x51AA95F0, 32, NDPI_PROTOCOL_TOR }, - { 0x51AAD96B, 32, NDPI_PROTOCOL_TOR }, - { 0x51AAFFB8, 32, NDPI_PROTOCOL_TOR }, - { 0x51AC174F, 32, NDPI_PROTOCOL_TOR }, - { 0x51ADF051, 32, NDPI_PROTOCOL_TOR }, - { 0x51AEE712, 32, NDPI_PROTOCOL_TOR }, - { 0x51B0E436, 32, NDPI_PROTOCOL_TOR }, - { 0x51B73F2E, 32, NDPI_PROTOCOL_TOR }, - { 0x51B8EB2B, 32, NDPI_PROTOCOL_TOR }, - { 0x51BAF377, 32, NDPI_PROTOCOL_TOR }, - { 0x51BB1C09, 32, NDPI_PROTOCOL_TOR }, - { 0x51BBD20D, 32, NDPI_PROTOCOL_TOR }, - { 0x51BF7137, 32, NDPI_PROTOCOL_TOR }, - { 0x51C93CED, 32, NDPI_PROTOCOL_TOR }, - { 0x51CB9655, 32, NDPI_PROTOCOL_TOR }, - { 0x51CD17DA, 32, NDPI_PROTOCOL_TOR }, - { 0x51D91056, 32, NDPI_PROTOCOL_TOR }, - { 0x51D974C6, 32, NDPI_PROTOCOL_TOR }, - { 0x51D987C8, 32, NDPI_PROTOCOL_TOR }, - { 0x51D99D5A, 32, NDPI_PROTOCOL_TOR }, - { 0x51DA5B9A, 32, NDPI_PROTOCOL_TOR }, - { 0x51DA6D6A, 32, NDPI_PROTOCOL_TOR }, - { 0x51DA6DC3, 32, NDPI_PROTOCOL_TOR }, - { 0x51DAEBA2, 32, NDPI_PROTOCOL_TOR }, - { 0x51DB33CE, 32, NDPI_PROTOCOL_TOR }, - { 0x51DCA3CA, 32, NDPI_PROTOCOL_TOR }, - { 0x51DD555D, 32, NDPI_PROTOCOL_TOR }, - { 0x51DFD766, 32, NDPI_PROTOCOL_TOR }, - { 0x51E735A5, 32, NDPI_PROTOCOL_TOR }, - { 0x51E75573, 32, NDPI_PROTOCOL_TOR }, - { 0x51E7A4A1, 32, NDPI_PROTOCOL_TOR }, - { 0x51E7E226, 32, NDPI_PROTOCOL_TOR }, - { 0x51E9E3A1, 32, NDPI_PROTOCOL_TOR }, - { 0x51F285B4, 32, NDPI_PROTOCOL_TOR }, - { 0x51F6CAA9, 32, NDPI_PROTOCOL_TOR }, - { 0x51F777FC, 32, NDPI_PROTOCOL_TOR }, - { 0x52018046, 32, NDPI_PROTOCOL_TOR }, - { 0x5206BA74, 32, NDPI_PROTOCOL_TOR }, - { 0x5209EEF6, 32, NDPI_PROTOCOL_TOR }, - { 0x520CAF74, 32, NDPI_PROTOCOL_TOR }, - { 0x520DF0B2, 32, NDPI_PROTOCOL_TOR }, - { 0x5213FC52, 32, NDPI_PROTOCOL_TOR }, - { 0x52145714, 32, NDPI_PROTOCOL_TOR }, - { 0x52173C4E, 32, NDPI_PROTOCOL_TOR }, - { 0x5219BB97, 32, NDPI_PROTOCOL_TOR }, - { 0x521CC556, 32, NDPI_PROTOCOL_TOR }, - { 0x521E7362, 32, NDPI_PROTOCOL_TOR }, - { 0x521F29D7, 32, NDPI_PROTOCOL_TOR }, - { 0x52239D60, 32, NDPI_PROTOCOL_TOR }, - { 0x522BA860, 32, NDPI_PROTOCOL_TOR }, - { 0x522DB96B, 32, NDPI_PROTOCOL_TOR }, - { 0x522FE271, 32, NDPI_PROTOCOL_TOR }, - { 0x52303D0C, 32, NDPI_PROTOCOL_TOR }, - { 0x52343FD9, 32, NDPI_PROTOCOL_TOR }, - { 0x52424777, 32, NDPI_PROTOCOL_TOR }, - { 0x52449E7C, 32, NDPI_PROTOCOL_TOR }, - { 0x52450ECF, 32, NDPI_PROTOCOL_TOR }, - { 0x52453232, 32, NDPI_PROTOCOL_TOR }, - { 0x52462723, 32, NDPI_PROTOCOL_TOR }, - { 0x524805A4, 32, NDPI_PROTOCOL_TOR }, - { 0x52483D51, 32, NDPI_PROTOCOL_TOR }, - { 0x5248765A, 32, NDPI_PROTOCOL_TOR }, - { 0x52493309, 32, NDPI_PROTOCOL_TOR }, - { 0x5249DF9D, 32, NDPI_PROTOCOL_TOR }, - { 0x524A04F3, 32, NDPI_PROTOCOL_TOR }, - { 0x524C4802, 32, NDPI_PROTOCOL_TOR }, - { 0x52502163, 32, NDPI_PROTOCOL_TOR }, - { 0x525088B9, 32, NDPI_PROTOCOL_TOR }, - { 0x52532E63, 32, NDPI_PROTOCOL_TOR }, - { 0x525EF2DA, 32, NDPI_PROTOCOL_TOR }, - { 0x525EFBCB, 32, NDPI_PROTOCOL_TOR }, - { 0x525EFBCC, 32, NDPI_PROTOCOL_TOR }, - { 0x525EFBE3, 32, NDPI_PROTOCOL_TOR }, - { 0x525F42CB, 32, NDPI_PROTOCOL_TOR }, - { 0x525F6B33, 32, NDPI_PROTOCOL_TOR }, - { 0x525FEBF9, 32, NDPI_PROTOCOL_TOR }, - { 0x52624850, 32, NDPI_PROTOCOL_TOR }, - { 0x52668ED2, 32, NDPI_PROTOCOL_TOR }, - { 0x5270985F, 32, NDPI_PROTOCOL_TOR }, - { 0x52736339, 32, NDPI_PROTOCOL_TOR }, - { 0x52747803, 32, NDPI_PROTOCOL_TOR }, - { 0x52761386, 32, NDPI_PROTOCOL_TOR }, - { 0x5276F21E, 32, NDPI_PROTOCOL_TOR }, - { 0x5276F24F, 32, NDPI_PROTOCOL_TOR }, - { 0x527E663F, 32, NDPI_PROTOCOL_TOR }, - { 0x5280FFFC, 32, NDPI_PROTOCOL_TOR }, - { 0x52821A24, 32, NDPI_PROTOCOL_TOR }, - { 0x5282285C, 32, NDPI_PROTOCOL_TOR }, - { 0x52886403, 32, NDPI_PROTOCOL_TOR }, - { 0x528B5EFC, 32, NDPI_PROTOCOL_TOR }, - { 0x528B6271, 32, NDPI_PROTOCOL_TOR }, - { 0x52921BD1, 32, NDPI_PROTOCOL_TOR }, - { 0x529EEB26, 32, NDPI_PROTOCOL_TOR }, - { 0x52A1321E, 32, NDPI_PROTOCOL_TOR }, - { 0x52A13526, 32, NDPI_PROTOCOL_TOR }, - { 0x52A15B0D, 32, NDPI_PROTOCOL_TOR }, - { 0x52A16D47, 32, NDPI_PROTOCOL_TOR }, - { 0x52A1B614, 32, NDPI_PROTOCOL_TOR }, - { 0x52A1D257, 32, NDPI_PROTOCOL_TOR }, - { 0x52A1D4D1, 32, NDPI_PROTOCOL_TOR }, - { 0x52A1DF89, 32, NDPI_PROTOCOL_TOR }, - { 0x52A1EFB1, 32, NDPI_PROTOCOL_TOR }, - { 0x52A1FCA2, 32, NDPI_PROTOCOL_TOR }, - { 0x52A41BE4, 32, NDPI_PROTOCOL_TOR }, - { 0x52A50F97, 32, NDPI_PROTOCOL_TOR }, - { 0x52A58E4F, 32, NDPI_PROTOCOL_TOR }, - { 0x52A5C581, 32, NDPI_PROTOCOL_TOR }, - { 0x52A898B2, 32, NDPI_PROTOCOL_TOR }, - { 0x52A92496, 32, NDPI_PROTOCOL_TOR }, - { 0x52A99B48, 32, NDPI_PROTOCOL_TOR }, - { 0x52B1EEF0, 32, NDPI_PROTOCOL_TOR }, - { 0x52B419BA, 32, NDPI_PROTOCOL_TOR }, - { 0x52B583A0, 32, NDPI_PROTOCOL_TOR }, - { 0x52B6B40F, 32, NDPI_PROTOCOL_TOR }, - { 0x52B70EC3, 32, NDPI_PROTOCOL_TOR }, - { 0x52C0F11E, 32, NDPI_PROTOCOL_TOR }, - { 0x52C409DF, 32, NDPI_PROTOCOL_TOR }, - { 0x52C40E41, 32, NDPI_PROTOCOL_TOR }, - { 0x52C5D42F, 32, NDPI_PROTOCOL_TOR }, - { 0x52C79B59, 32, NDPI_PROTOCOL_TOR }, - { 0x52C7C0A7, 32, NDPI_PROTOCOL_TOR }, - { 0x52CBC340, 32, NDPI_PROTOCOL_TOR }, - { 0x52D300C9, 32, NDPI_PROTOCOL_TOR }, - { 0x52D3138F, 32, NDPI_PROTOCOL_TOR }, - { 0x52D3C9BC, 32, NDPI_PROTOCOL_TOR }, - { 0x52D3DF03, 32, NDPI_PROTOCOL_TOR }, - { 0x52D8FE03, 32, NDPI_PROTOCOL_TOR }, - { 0x52D91190, 32, NDPI_PROTOCOL_TOR }, - { 0x52DB0959, 32, NDPI_PROTOCOL_TOR }, - { 0x52DC5914, 32, NDPI_PROTOCOL_TOR }, - { 0x52DD64C9, 32, NDPI_PROTOCOL_TOR }, - { 0x52DD6500, 32, NDPI_PROTOCOL_TOR }, - { 0x52DD693D, 32, NDPI_PROTOCOL_TOR }, - { 0x52DF08FC, 32, NDPI_PROTOCOL_TOR }, - { 0x52DF0A44, 32, NDPI_PROTOCOL_TOR }, - { 0x52DF0B22, 32, NDPI_PROTOCOL_TOR }, - { 0x52DF179B, 32, NDPI_PROTOCOL_TOR }, - { 0x52E08A09, 32, NDPI_PROTOCOL_TOR }, - { 0x52E33F62, 32, NDPI_PROTOCOL_TOR }, - { 0x52E4FC14, 32, NDPI_PROTOCOL_TOR }, - { 0x52E53CF5, 32, NDPI_PROTOCOL_TOR }, - { 0x52E58A1F, 32, NDPI_PROTOCOL_TOR }, - { 0x52E97597, 32, NDPI_PROTOCOL_TOR }, - { 0x52EA8DC5, 32, NDPI_PROTOCOL_TOR }, - { 0x52EBD32A, 32, NDPI_PROTOCOL_TOR }, - { 0x52EC7EF6, 32, NDPI_PROTOCOL_TOR }, - { 0x52EC89EB, 32, NDPI_PROTOCOL_TOR }, - { 0x52EDD8E9, 32, NDPI_PROTOCOL_TOR }, - { 0x52EED0AD, 32, NDPI_PROTOCOL_TOR }, - { 0x52EF14AE, 32, NDPI_PROTOCOL_TOR }, - { 0x52F1EC57, 32, NDPI_PROTOCOL_TOR }, - { 0x52F298D3, 32, NDPI_PROTOCOL_TOR }, - { 0x52F313CC, 32, NDPI_PROTOCOL_TOR }, - { 0x52F34F09, 32, NDPI_PROTOCOL_TOR }, - { 0x52F4B127, 32, NDPI_PROTOCOL_TOR }, - { 0x52F5C791, 32, NDPI_PROTOCOL_TOR }, - { 0x52F76775, 32, NDPI_PROTOCOL_TOR }, - { 0x52FA311C, 32, NDPI_PROTOCOL_TOR }, - { 0x5306C520, 32, NDPI_PROTOCOL_TOR }, - { 0x5306EE3D, 32, NDPI_PROTOCOL_TOR }, - { 0x531BFBEF, 32, NDPI_PROTOCOL_TOR }, - { 0x53244725, 32, NDPI_PROTOCOL_TOR }, - { 0x532CE6B0, 32, NDPI_PROTOCOL_TOR }, - { 0x5335F24A, 32, NDPI_PROTOCOL_TOR }, - { 0x5338EA93, 32, NDPI_PROTOCOL_TOR }, - { 0x53451C51, 32, NDPI_PROTOCOL_TOR }, - { 0x534C9E3E, 32, NDPI_PROTOCOL_TOR }, - { 0x534E1005, 32, NDPI_PROTOCOL_TOR }, - { 0x535269F0, 32, NDPI_PROTOCOL_TOR }, - { 0x5352C0E6, 32, NDPI_PROTOCOL_TOR }, - { 0x5352F4DB, 32, NDPI_PROTOCOL_TOR }, - { 0x53530B96, 32, NDPI_PROTOCOL_TOR }, - { 0x535352B4, 32, NDPI_PROTOCOL_TOR }, - { 0x53542E39, 32, NDPI_PROTOCOL_TOR }, - { 0x53556653, 32, NDPI_PROTOCOL_TOR }, - { 0x5355D16B, 32, NDPI_PROTOCOL_TOR }, - { 0x5355FC5B, 32, NDPI_PROTOCOL_TOR }, - { 0x5357C9F9, 32, NDPI_PROTOCOL_TOR }, - { 0x53591FF9, 32, NDPI_PROTOCOL_TOR }, - { 0x535D3740, 32, NDPI_PROTOCOL_TOR }, - { 0x53638E4F, 32, NDPI_PROTOCOL_TOR }, - { 0x53650553, 32, NDPI_PROTOCOL_TOR }, - { 0x5365431F, 32, NDPI_PROTOCOL_TOR }, - { 0x537560B2, 32, NDPI_PROTOCOL_TOR }, - { 0x53809409, 32, NDPI_PROTOCOL_TOR }, - { 0x5380C8F4, 32, NDPI_PROTOCOL_TOR }, - { 0x5382722D, 32, NDPI_PROTOCOL_TOR }, - { 0x53857F91, 32, NDPI_PROTOCOL_TOR }, - { 0x5386DFC1, 32, NDPI_PROTOCOL_TOR }, - { 0x5387F0D5, 32, NDPI_PROTOCOL_TOR }, - { 0x538C0BFC, 32, NDPI_PROTOCOL_TOR }, - { 0x538FDBD4, 32, NDPI_PROTOCOL_TOR }, - { 0x5390693A, 32, NDPI_PROTOCOL_TOR }, - { 0x5391EDE0, 32, NDPI_PROTOCOL_TOR }, - { 0x5391F1E7, 32, NDPI_PROTOCOL_TOR }, - { 0x5391F3D7, 32, NDPI_PROTOCOL_TOR }, - { 0x539354E4, 32, NDPI_PROTOCOL_TOR }, - { 0x53957C88, 32, NDPI_PROTOCOL_TOR }, - { 0x53957C88, 32, NDPI_PROTOCOL_TOR }, - { 0x53957C89, 32, NDPI_PROTOCOL_TOR }, - { 0x53957C89, 32, NDPI_PROTOCOL_TOR }, - { 0x53957E1D, 32, NDPI_PROTOCOL_TOR }, - { 0x53957F8C, 32, NDPI_PROTOCOL_TOR }, - { 0x5395F9A5, 32, NDPI_PROTOCOL_TOR }, - { 0x5396023D, 32, NDPI_PROTOCOL_TOR }, - { 0x53961097, 32, NDPI_PROTOCOL_TOR }, - { 0x539610F4, 32, NDPI_PROTOCOL_TOR }, - { 0x53961184, 32, NDPI_PROTOCOL_TOR }, - { 0x5396527A, 32, NDPI_PROTOCOL_TOR }, - { 0x539C0058, 32, NDPI_PROTOCOL_TOR }, - { 0x53A05F63, 32, NDPI_PROTOCOL_TOR }, - { 0x53A19832, 32, NDPI_PROTOCOL_TOR }, - { 0x53A2026F, 32, NDPI_PROTOCOL_TOR }, - { 0x53A2BC64, 32, NDPI_PROTOCOL_TOR }, - { 0x53A2C060, 32, NDPI_PROTOCOL_TOR }, - { 0x53A2CD44, 32, NDPI_PROTOCOL_TOR }, - { 0x53A34DC3, 32, NDPI_PROTOCOL_TOR }, - { 0x53A3C9A8, 32, NDPI_PROTOCOL_TOR }, - { 0x53A59347, 32, NDPI_PROTOCOL_TOR }, - { 0x53A6EA5C, 32, NDPI_PROTOCOL_TOR }, - { 0x53A6EA6C, 32, NDPI_PROTOCOL_TOR }, - { 0x53A7B923, 32, NDPI_PROTOCOL_TOR }, - { 0x53A7B964, 32, NDPI_PROTOCOL_TOR }, - { 0x53A7E46B, 32, NDPI_PROTOCOL_TOR }, - { 0x53A8C8CC, 32, NDPI_PROTOCOL_TOR }, - { 0x53A91607, 32, NDPI_PROTOCOL_TOR }, - { 0x53A92DE7, 32, NDPI_PROTOCOL_TOR }, - { 0x53AB9437, 32, NDPI_PROTOCOL_TOR }, - { 0x53ABBE6A, 32, NDPI_PROTOCOL_TOR }, - { 0x53AEFA7D, 32, NDPI_PROTOCOL_TOR }, - { 0x53D19271, 32, NDPI_PROTOCOL_TOR }, - { 0x53D454DF, 32, NDPI_PROTOCOL_TOR }, - { 0x53D460B7, 32, NDPI_PROTOCOL_TOR }, - { 0x53D46270, 32, NDPI_PROTOCOL_TOR }, - { 0x53D46344, 32, NDPI_PROTOCOL_TOR }, - { 0x53D4637B, 32, NDPI_PROTOCOL_TOR }, - { 0x53D46612, 32, NDPI_PROTOCOL_TOR }, - { 0x53D4687C, 32, NDPI_PROTOCOL_TOR }, - { 0x53D46891, 32, NDPI_PROTOCOL_TOR }, - { 0x53D47185, 32, NDPI_PROTOCOL_TOR }, - { 0x53D47ED3, 32, NDPI_PROTOCOL_TOR }, - { 0x53D4A8BA, 32, NDPI_PROTOCOL_TOR }, - { 0x53D8F8E0, 32, NDPI_PROTOCOL_TOR }, - { 0x53DE8DEB, 32, NDPI_PROTOCOL_TOR }, - { 0x53E2EEA8, 32, NDPI_PROTOCOL_TOR }, - { 0x53E334A8, 32, NDPI_PROTOCOL_TOR }, - { 0x53E45D4C, 32, NDPI_PROTOCOL_TOR }, - { 0x53E71225, 32, NDPI_PROTOCOL_TOR }, - { 0x53E941D6, 32, NDPI_PROTOCOL_TOR }, - { 0x53E98714, 32, NDPI_PROTOCOL_TOR }, - { 0x53E9A8E7, 32, NDPI_PROTOCOL_TOR }, - { 0x53ECD04E, 32, NDPI_PROTOCOL_TOR }, - { 0x53ED1577, 32, NDPI_PROTOCOL_TOR }, - { 0x53F03D90, 32, NDPI_PROTOCOL_TOR }, - { 0x53F042A6, 32, NDPI_PROTOCOL_TOR }, - { 0x53F077B0, 32, NDPI_PROTOCOL_TOR }, - { 0x53F65317, 32, NDPI_PROTOCOL_TOR }, - { 0x53F6A4BB, 32, NDPI_PROTOCOL_TOR }, - { 0x53F6D985, 32, NDPI_PROTOCOL_TOR }, - { 0x53F74E5A, 32, NDPI_PROTOCOL_TOR }, - { 0x53F80E85, 32, NDPI_PROTOCOL_TOR }, - { 0x53F88441, 32, NDPI_PROTOCOL_TOR }, - { 0x53F8A214, 32, NDPI_PROTOCOL_TOR }, - { 0x53F8B2D6, 32, NDPI_PROTOCOL_TOR }, - { 0x53F946BE, 32, NDPI_PROTOCOL_TOR }, - { 0x53FA5511, 32, NDPI_PROTOCOL_TOR }, - { 0x53FB40E6, 32, NDPI_PROTOCOL_TOR }, - { 0x53FB515D, 32, NDPI_PROTOCOL_TOR }, - { 0x53FB5AA6, 32, NDPI_PROTOCOL_TOR }, - { 0x53FB864C, 32, NDPI_PROTOCOL_TOR }, - { 0x53FD36CE, 32, NDPI_PROTOCOL_TOR }, - { 0x53FDBBDA, 32, NDPI_PROTOCOL_TOR }, - { 0x53FE5430, 32, NDPI_PROTOCOL_TOR }, - { 0x53FF6645, 32, NDPI_PROTOCOL_TOR }, - { 0x53FFCBAC, 32, NDPI_PROTOCOL_TOR }, - { 0x540A6F0A, 32, NDPI_PROTOCOL_TOR }, - { 0x5413B234, 32, NDPI_PROTOCOL_TOR }, - { 0x5413B3E5, 32, NDPI_PROTOCOL_TOR }, - { 0x5413B450, 32, NDPI_PROTOCOL_TOR }, - { 0x54162AF6, 32, NDPI_PROTOCOL_TOR }, - { 0x54191CBA, 32, NDPI_PROTOCOL_TOR }, - { 0x541B5EF7, 32, NDPI_PROTOCOL_TOR }, - { 0x541EBB28, 32, NDPI_PROTOCOL_TOR }, - { 0x541FC855, 32, NDPI_PROTOCOL_TOR }, - { 0x54284D55, 32, NDPI_PROTOCOL_TOR }, - { 0x542862BB, 32, NDPI_PROTOCOL_TOR }, - { 0x54287046, 32, NDPI_PROTOCOL_TOR }, - { 0x542AA5A2, 32, NDPI_PROTOCOL_TOR }, - { 0x542D4C0A, 32, NDPI_PROTOCOL_TOR }, - { 0x542D4C0B, 32, NDPI_PROTOCOL_TOR }, - { 0x542D4C0C, 32, NDPI_PROTOCOL_TOR }, - { 0x542D4C0D, 32, NDPI_PROTOCOL_TOR }, - { 0x542E3EBA, 32, NDPI_PROTOCOL_TOR }, - { 0x54303AC3, 32, NDPI_PROTOCOL_TOR }, - { 0x54321453, 32, NDPI_PROTOCOL_TOR }, - { 0x54380652, 32, NDPI_PROTOCOL_TOR }, - { 0x54382C54, 32, NDPI_PROTOCOL_TOR }, - { 0x5439BD00, 32, NDPI_PROTOCOL_TOR }, - { 0x543BE658, 32, NDPI_PROTOCOL_TOR }, - { 0x543C046D, 32, NDPI_PROTOCOL_TOR }, - { 0x544815A3, 32, NDPI_PROTOCOL_TOR }, - { 0x5448B905, 32, NDPI_PROTOCOL_TOR }, - { 0x5448D5DD, 32, NDPI_PROTOCOL_TOR }, - { 0x5448DFC7, 32, NDPI_PROTOCOL_TOR }, - { 0x544980C3, 32, NDPI_PROTOCOL_TOR }, - { 0x544A0BDE, 32, NDPI_PROTOCOL_TOR }, - { 0x544A7D55, 32, NDPI_PROTOCOL_TOR }, - { 0x544AACE8, 32, NDPI_PROTOCOL_TOR }, - { 0x544B0C49, 32, NDPI_PROTOCOL_TOR }, - { 0x5454D02F, 32, NDPI_PROTOCOL_TOR }, - { 0x545C18D5, 32, NDPI_PROTOCOL_TOR }, - { 0x545C18D6, 32, NDPI_PROTOCOL_TOR }, - { 0x545C6C78, 32, NDPI_PROTOCOL_TOR }, - { 0x54674A57, 32, NDPI_PROTOCOL_TOR }, - { 0x5468A93B, 32, NDPI_PROTOCOL_TOR }, - { 0x5469DCFF, 32, NDPI_PROTOCOL_TOR }, - { 0x546A4A9E, 32, NDPI_PROTOCOL_TOR }, - { 0x546CCDB5, 32, NDPI_PROTOCOL_TOR }, - { 0x5470EE3A, 32, NDPI_PROTOCOL_TOR }, - { 0x5470EE3A, 32, NDPI_PROTOCOL_TOR }, - { 0x54711102, 32, NDPI_PROTOCOL_TOR }, - { 0x5471F5B1, 32, NDPI_PROTOCOL_TOR }, - { 0x5472F1DF, 32, NDPI_PROTOCOL_TOR }, - { 0x54732E95, 32, NDPI_PROTOCOL_TOR }, - { 0x5475164A, 32, NDPI_PROTOCOL_TOR }, - { 0x54767531, 32, NDPI_PROTOCOL_TOR }, - { 0x547688FC, 32, NDPI_PROTOCOL_TOR }, - { 0x54779B30, 32, NDPI_PROTOCOL_TOR }, - { 0x5477EDED, 32, NDPI_PROTOCOL_TOR }, - { 0x547BB3B6, 32, NDPI_PROTOCOL_TOR }, - { 0x547D73EA, 32, NDPI_PROTOCOL_TOR }, - { 0x5481A36E, 32, NDPI_PROTOCOL_TOR }, - { 0x5481DC92, 32, NDPI_PROTOCOL_TOR }, - { 0x548524F3, 32, NDPI_PROTOCOL_TOR }, - { 0x548A010A, 32, NDPI_PROTOCOL_TOR }, - { 0x5493E1C8, 32, NDPI_PROTOCOL_TOR }, - { 0x54947094, 32, NDPI_PROTOCOL_TOR }, - { 0x5499DCA5, 32, NDPI_PROTOCOL_TOR }, - { 0x549CFEEC, 32, NDPI_PROTOCOL_TOR }, - { 0x549FE146, 32, NDPI_PROTOCOL_TOR }, - { 0x549FEA53, 32, NDPI_PROTOCOL_TOR }, - { 0x549FEA53, 32, NDPI_PROTOCOL_TOR }, - { 0x54A202DA, 32, NDPI_PROTOCOL_TOR }, - { 0x54AD608B, 32, NDPI_PROTOCOL_TOR }, - { 0x54AEB5BD, 32, NDPI_PROTOCOL_TOR }, - { 0x54AFCF54, 32, NDPI_PROTOCOL_TOR }, - { 0x54AFF159, 32, NDPI_PROTOCOL_TOR }, - { 0x54B35824, 32, NDPI_PROTOCOL_TOR }, - { 0x54B46D3C, 32, NDPI_PROTOCOL_TOR }, - { 0x54B67B82, 32, NDPI_PROTOCOL_TOR }, - { 0x54B75D03, 32, NDPI_PROTOCOL_TOR }, - { 0x54B77113, 32, NDPI_PROTOCOL_TOR }, - { 0x54B771CE, 32, NDPI_PROTOCOL_TOR }, - { 0x54B7F756, 32, NDPI_PROTOCOL_TOR }, - { 0x54BA9896, 32, NDPI_PROTOCOL_TOR }, - { 0x54BAD4B7, 32, NDPI_PROTOCOL_TOR }, - { 0x54C14BF3, 32, NDPI_PROTOCOL_TOR }, - { 0x54C80821, 32, NDPI_PROTOCOL_TOR }, - { 0x54C808AF, 32, NDPI_PROTOCOL_TOR }, - { 0x54C808CF, 32, NDPI_PROTOCOL_TOR }, - { 0x54C80AD1, 32, NDPI_PROTOCOL_TOR }, - { 0x54C849EE, 32, NDPI_PROTOCOL_TOR }, - { 0x54C84DF3, 32, NDPI_PROTOCOL_TOR }, - { 0x54C852A3, 32, NDPI_PROTOCOL_TOR }, - { 0x54C853D6, 32, NDPI_PROTOCOL_TOR }, - { 0x54C90487, 32, NDPI_PROTOCOL_TOR }, - { 0x54C923CE, 32, NDPI_PROTOCOL_TOR }, - { 0x54CA3612, 32, NDPI_PROTOCOL_TOR }, - { 0x54D08C30, 32, NDPI_PROTOCOL_TOR }, - { 0x54D10F3F, 32, NDPI_PROTOCOL_TOR }, - { 0x54D14924, 32, NDPI_PROTOCOL_TOR }, - { 0x54D358E2, 32, NDPI_PROTOCOL_TOR }, - { 0x54D7D347, 32, NDPI_PROTOCOL_TOR }, - { 0x54DBAAE7, 32, NDPI_PROTOCOL_TOR }, - { 0x54DBC1BA, 32, NDPI_PROTOCOL_TOR }, - { 0x54E26D6D, 32, NDPI_PROTOCOL_TOR }, - { 0x54EA9B51, 32, NDPI_PROTOCOL_TOR }, - { 0x54EA9B51, 32, NDPI_PROTOCOL_TOR }, - { 0x54EA9B52, 32, NDPI_PROTOCOL_TOR }, - { 0x54EA9B52, 32, NDPI_PROTOCOL_TOR }, - { 0x54F270BE, 32, NDPI_PROTOCOL_TOR }, - { 0x54F41F34, 32, NDPI_PROTOCOL_TOR }, - { 0x54F520C3, 32, NDPI_PROTOCOL_TOR }, - { 0x54F52108, 32, NDPI_PROTOCOL_TOR }, - { 0x54F8529C, 32, NDPI_PROTOCOL_TOR }, - { 0x54F86B2C, 32, NDPI_PROTOCOL_TOR }, - { 0x54F8805F, 32, NDPI_PROTOCOL_TOR }, - { 0x54F9C0D5, 32, NDPI_PROTOCOL_TOR }, - { 0x54FA6A0D, 32, NDPI_PROTOCOL_TOR }, - { 0x54FB736F, 32, NDPI_PROTOCOL_TOR }, - { 0x54FB7CF4, 32, NDPI_PROTOCOL_TOR }, - { 0x550180C4, 32, NDPI_PROTOCOL_TOR }, - { 0x5502F728, 32, NDPI_PROTOCOL_TOR }, - { 0x55037656, 32, NDPI_PROTOCOL_TOR }, - { 0x5504E453, 32, NDPI_PROTOCOL_TOR }, - { 0x55082B53, 32, NDPI_PROTOCOL_TOR }, - { 0x550AC409, 32, NDPI_PROTOCOL_TOR }, - { 0x550AC40C, 32, NDPI_PROTOCOL_TOR }, - { 0x550AC6EC, 32, NDPI_PROTOCOL_TOR }, - { 0x550AC8E6, 32, NDPI_PROTOCOL_TOR }, - { 0x550AC92F, 32, NDPI_PROTOCOL_TOR }, - { 0x550ACA57, 32, NDPI_PROTOCOL_TOR }, - { 0x550ACB47, 32, NDPI_PROTOCOL_TOR }, - { 0x550ACBC5, 32, NDPI_PROTOCOL_TOR }, - { 0x550AD2C7, 32, NDPI_PROTOCOL_TOR }, - { 0x550AD335, 32, NDPI_PROTOCOL_TOR }, - { 0x550ADBA7, 32, NDPI_PROTOCOL_TOR }, - { 0x550AED68, 32, NDPI_PROTOCOL_TOR }, - { 0x550AF0FA, 32, NDPI_PROTOCOL_TOR }, - { 0x550EF020, 32, NDPI_PROTOCOL_TOR }, - { 0x550EF021, 32, NDPI_PROTOCOL_TOR }, - { 0x550EF022, 32, NDPI_PROTOCOL_TOR }, - { 0x550EF023, 32, NDPI_PROTOCOL_TOR }, - { 0x550EF0BC, 32, NDPI_PROTOCOL_TOR }, - { 0x550EF0BC, 32, NDPI_PROTOCOL_TOR }, - { 0x5511185F, 32, NDPI_PROTOCOL_TOR }, - { 0x551184F5, 32, NDPI_PROTOCOL_TOR }, - { 0x551184F6, 32, NDPI_PROTOCOL_TOR }, - { 0x55118DAE, 32, NDPI_PROTOCOL_TOR }, - { 0x551194E6, 32, NDPI_PROTOCOL_TOR }, - { 0x5511A451, 32, NDPI_PROTOCOL_TOR }, - { 0x5511B149, 32, NDPI_PROTOCOL_TOR }, - { 0x5511BE4D, 32, NDPI_PROTOCOL_TOR }, - { 0x5511BE4D, 32, NDPI_PROTOCOL_TOR }, - { 0x5511BE4F, 32, NDPI_PROTOCOL_TOR }, - { 0x5511BE4F, 32, NDPI_PROTOCOL_TOR }, - { 0x5511BE52, 32, NDPI_PROTOCOL_TOR }, - { 0x5511BE53, 32, NDPI_PROTOCOL_TOR }, - { 0x5511F893, 32, NDPI_PROTOCOL_TOR }, - { 0x551590E2, 32, NDPI_PROTOCOL_TOR }, - { 0x5516679A, 32, NDPI_PROTOCOL_TOR }, - { 0x5517911A, 32, NDPI_PROTOCOL_TOR }, - { 0x5517F393, 32, NDPI_PROTOCOL_TOR }, - { 0x5518D772, 32, NDPI_PROTOCOL_TOR }, - { 0x5518D773, 32, NDPI_PROTOCOL_TOR }, - { 0x5518D774, 32, NDPI_PROTOCOL_TOR }, - { 0x5518D775, 32, NDPI_PROTOCOL_TOR }, - { 0x5519090B, 32, NDPI_PROTOCOL_TOR }, - { 0x55192D93, 32, NDPI_PROTOCOL_TOR }, - { 0x55192F35, 32, NDPI_PROTOCOL_TOR }, - { 0x55192FB4, 32, NDPI_PROTOCOL_TOR }, - { 0x5519305B, 32, NDPI_PROTOCOL_TOR }, - { 0x55195F5B, 32, NDPI_PROTOCOL_TOR }, - { 0x55195F95, 32, NDPI_PROTOCOL_TOR }, - { 0x55196777, 32, NDPI_PROTOCOL_TOR }, - { 0x5519829A, 32, NDPI_PROTOCOL_TOR }, - { 0x55198A5D, 32, NDPI_PROTOCOL_TOR }, - { 0x551995BF, 32, NDPI_PROTOCOL_TOR }, - { 0x55199678, 32, NDPI_PROTOCOL_TOR }, - { 0x5519994F, 32, NDPI_PROTOCOL_TOR }, - { 0x5519C155, 32, NDPI_PROTOCOL_TOR }, - { 0x5519C444, 32, NDPI_PROTOCOL_TOR }, - { 0x5519CB2A, 32, NDPI_PROTOCOL_TOR }, - { 0x5519D0C9, 32, NDPI_PROTOCOL_TOR }, - { 0x5519D256, 32, NDPI_PROTOCOL_TOR }, - { 0x551EA9E1, 32, NDPI_PROTOCOL_TOR }, - { 0x551EF8C1, 32, NDPI_PROTOCOL_TOR }, - { 0x551FBA5D, 32, NDPI_PROTOCOL_TOR }, - { 0x551FBAD3, 32, NDPI_PROTOCOL_TOR }, - { 0x551FBAFD, 32, NDPI_PROTOCOL_TOR }, - { 0x55455D2E, 32, NDPI_PROTOCOL_TOR }, - { 0x55496286, 32, NDPI_PROTOCOL_TOR }, - { 0x55510502, 32, NDPI_PROTOCOL_TOR }, - { 0x55513A3B, 32, NDPI_PROTOCOL_TOR }, - { 0x55580BF3, 32, NDPI_PROTOCOL_TOR }, - { 0x55581C88, 32, NDPI_PROTOCOL_TOR }, - { 0x555D1259, 32, NDPI_PROTOCOL_TOR }, - { 0x555DCBB6, 32, NDPI_PROTOCOL_TOR }, - { 0x555DDACC, 32, NDPI_PROTOCOL_TOR }, - { 0x55719152, 32, NDPI_PROTOCOL_TOR }, - { 0x55728560, 32, NDPI_PROTOCOL_TOR }, - { 0x55775204, 32, NDPI_PROTOCOL_TOR }, - { 0x5577532C, 32, NDPI_PROTOCOL_TOR }, - { 0x5577538D, 32, NDPI_PROTOCOL_TOR }, - { 0x557FC146, 32, NDPI_PROTOCOL_TOR }, - { 0x558DC913, 32, NDPI_PROTOCOL_TOR }, - { 0x558F5F32, 32, NDPI_PROTOCOL_TOR }, - { 0x5596D244, 32, NDPI_PROTOCOL_TOR }, - { 0x559F71E4, 32, NDPI_PROTOCOL_TOR }, - { 0x559FD180, 32, NDPI_PROTOCOL_TOR }, - { 0x559FD19A, 32, NDPI_PROTOCOL_TOR }, - { 0x559FD2EF, 32, NDPI_PROTOCOL_TOR }, - { 0x559FD337, 32, NDPI_PROTOCOL_TOR }, - { 0x55A452E7, 32, NDPI_PROTOCOL_TOR }, - { 0x55A8FF49, 32, NDPI_PROTOCOL_TOR }, - { 0x55A8FFCA, 32, NDPI_PROTOCOL_TOR }, - { 0x55AB1623, 32, NDPI_PROTOCOL_TOR }, - { 0x55B0BCF4, 32, NDPI_PROTOCOL_TOR }, - { 0x55B0E108, 32, NDPI_PROTOCOL_TOR }, - { 0x55B1669A, 32, NDPI_PROTOCOL_TOR }, - { 0x55B2425E, 32, NDPI_PROTOCOL_TOR }, - { 0x55B2CDC4, 32, NDPI_PROTOCOL_TOR }, - { 0x55B2F435, 32, NDPI_PROTOCOL_TOR }, - { 0x55B35A3B, 32, NDPI_PROTOCOL_TOR }, - { 0x55B42652, 32, NDPI_PROTOCOL_TOR }, - { 0x55B4F715, 32, NDPI_PROTOCOL_TOR }, - { 0x55C35D4D, 32, NDPI_PROTOCOL_TOR }, - { 0x55C51E77, 32, NDPI_PROTOCOL_TOR }, - { 0x55C6B4EF, 32, NDPI_PROTOCOL_TOR }, - { 0x55CAE1D1, 32, NDPI_PROTOCOL_TOR }, - { 0x55CC0B35, 32, NDPI_PROTOCOL_TOR }, - { 0x55D2AB44, 32, NDPI_PROTOCOL_TOR }, - { 0x55D408E8, 32, NDPI_PROTOCOL_TOR }, - { 0x55D414C0, 32, NDPI_PROTOCOL_TOR }, - { 0x55D42B5E, 32, NDPI_PROTOCOL_TOR }, - { 0x55D45466, 32, NDPI_PROTOCOL_TOR }, - { 0x55D610D4, 32, NDPI_PROTOCOL_TOR }, - { 0x55D617BC, 32, NDPI_PROTOCOL_TOR }, - { 0x55D61DD5, 32, NDPI_PROTOCOL_TOR }, - { 0x55D62891, 32, NDPI_PROTOCOL_TOR }, - { 0x55D62CAC, 32, NDPI_PROTOCOL_TOR }, - { 0x55D6349C, 32, NDPI_PROTOCOL_TOR }, - { 0x55D636FE, 32, NDPI_PROTOCOL_TOR }, - { 0x55D63E30, 32, NDPI_PROTOCOL_TOR }, - { 0x55D64469, 32, NDPI_PROTOCOL_TOR }, - { 0x55D646BC, 32, NDPI_PROTOCOL_TOR }, - { 0x55D64748, 32, NDPI_PROTOCOL_TOR }, - { 0x55D6492C, 32, NDPI_PROTOCOL_TOR }, - { 0x55D650F9, 32, NDPI_PROTOCOL_TOR }, - { 0x55D665E9, 32, NDPI_PROTOCOL_TOR }, - { 0x55D66C81, 32, NDPI_PROTOCOL_TOR }, - { 0x55D673D6, 32, NDPI_PROTOCOL_TOR }, - { 0x55D67EF9, 32, NDPI_PROTOCOL_TOR }, - { 0x55D680C7, 32, NDPI_PROTOCOL_TOR }, - { 0x55D68211, 32, NDPI_PROTOCOL_TOR }, - { 0x55D6909F, 32, NDPI_PROTOCOL_TOR }, - { 0x55D69242, 32, NDPI_PROTOCOL_TOR }, - { 0x55D692DD, 32, NDPI_PROTOCOL_TOR }, - { 0x55D69748, 32, NDPI_PROTOCOL_TOR }, - { 0x55D69C1C, 32, NDPI_PROTOCOL_TOR }, - { 0x55D6C1EA, 32, NDPI_PROTOCOL_TOR }, - { 0x55D6C3C6, 32, NDPI_PROTOCOL_TOR }, - { 0x55D6CEDB, 32, NDPI_PROTOCOL_TOR }, - { 0x55D6D38C, 32, NDPI_PROTOCOL_TOR }, - { 0x55D6DC01, 32, NDPI_PROTOCOL_TOR }, - { 0x55D6E066, 32, NDPI_PROTOCOL_TOR }, - { 0x55D6E20F, 32, NDPI_PROTOCOL_TOR }, - { 0x55D6ECCF, 32, NDPI_PROTOCOL_TOR }, - { 0x55D6F0DF, 32, NDPI_PROTOCOL_TOR }, - { 0x55D82298, 32, NDPI_PROTOCOL_TOR }, - { 0x55D84A33, 32, NDPI_PROTOCOL_TOR }, - { 0x55D85282, 32, NDPI_PROTOCOL_TOR }, - { 0x55D8EF08, 32, NDPI_PROTOCOL_TOR }, - { 0x55D96A51, 32, NDPI_PROTOCOL_TOR }, - { 0x55DA8B87, 32, NDPI_PROTOCOL_TOR }, - { 0x55DE7764, 32, NDPI_PROTOCOL_TOR }, - { 0x55E00DE3, 32, NDPI_PROTOCOL_TOR }, - { 0x55E23FF3, 32, NDPI_PROTOCOL_TOR }, - { 0x55E23FF3, 32, NDPI_PROTOCOL_TOR }, - { 0x55E272EC, 32, NDPI_PROTOCOL_TOR }, - { 0x55E3B85B, 32, NDPI_PROTOCOL_TOR }, - { 0x55E4C664, 32, NDPI_PROTOCOL_TOR }, - { 0x55E52799, 32, NDPI_PROTOCOL_TOR }, - { 0x55E56B0F, 32, NDPI_PROTOCOL_TOR }, - { 0x55E5DB15, 32, NDPI_PROTOCOL_TOR }, - { 0x55E6FB1B, 32, NDPI_PROTOCOL_TOR }, - { 0x55E9156D, 32, NDPI_PROTOCOL_TOR }, - { 0x55E92788, 32, NDPI_PROTOCOL_TOR }, - { 0x55E9EC02, 32, NDPI_PROTOCOL_TOR }, - { 0x55E9F05E, 32, NDPI_PROTOCOL_TOR }, - { 0x55EA0282, 32, NDPI_PROTOCOL_TOR }, - { 0x55F262DD, 32, NDPI_PROTOCOL_TOR }, - { 0x55F2F9AE, 32, NDPI_PROTOCOL_TOR }, - { 0x55F3CFC9, 32, NDPI_PROTOCOL_TOR }, - { 0x55F4D455, 32, NDPI_PROTOCOL_TOR }, - { 0x55F5023D, 32, NDPI_PROTOCOL_TOR }, - { 0x55FB5633, 32, NDPI_PROTOCOL_TOR }, - { 0x5600D6BA, 32, NDPI_PROTOCOL_TOR }, - { 0x56017832, 32, NDPI_PROTOCOL_TOR }, - { 0x5608E378, 32, NDPI_PROTOCOL_TOR }, - { 0x560DA7C3, 32, NDPI_PROTOCOL_TOR }, - { 0x56137EFA, 32, NDPI_PROTOCOL_TOR }, - { 0x5616F4E3, 32, NDPI_PROTOCOL_TOR }, - { 0x56187315, 32, NDPI_PROTOCOL_TOR }, - { 0x561BF297, 32, NDPI_PROTOCOL_TOR }, - { 0x562C1E07, 32, NDPI_PROTOCOL_TOR }, - { 0x5634AE44, 32, NDPI_PROTOCOL_TOR }, - { 0x5634AE44, 32, NDPI_PROTOCOL_TOR }, - { 0x56387108, 32, NDPI_PROTOCOL_TOR }, - { 0x5638E449, 32, NDPI_PROTOCOL_TOR }, - { 0x563A3DBE, 32, NDPI_PROTOCOL_TOR }, - { 0x563B1526, 32, NDPI_PROTOCOL_TOR }, - { 0x563B15A3, 32, NDPI_PROTOCOL_TOR }, - { 0x563B15FB, 32, NDPI_PROTOCOL_TOR }, - { 0x563B4616, 32, NDPI_PROTOCOL_TOR }, - { 0x563B7752, 32, NDPI_PROTOCOL_TOR }, - { 0x563B7753, 32, NDPI_PROTOCOL_TOR }, - { 0x563E75AB, 32, NDPI_PROTOCOL_TOR }, - { 0x5649B3AA, 32, NDPI_PROTOCOL_TOR }, - { 0x566187BA, 32, NDPI_PROTOCOL_TOR }, - { 0x56660386, 32, NDPI_PROTOCOL_TOR }, - { 0x56679157, 32, NDPI_PROTOCOL_TOR }, - { 0x5667972F, 32, NDPI_PROTOCOL_TOR }, - { 0x5667A17E, 32, NDPI_PROTOCOL_TOR }, - { 0x566A2A77, 32, NDPI_PROTOCOL_TOR }, - { 0x56791818, 32, NDPI_PROTOCOL_TOR }, - { 0x567B34BC, 32, NDPI_PROTOCOL_TOR }, - { 0x567EB91B, 32, NDPI_PROTOCOL_TOR }, - { 0x567FBE92, 32, NDPI_PROTOCOL_TOR }, - { 0x5681D4E1, 32, NDPI_PROTOCOL_TOR }, - { 0x5681D4E1, 32, NDPI_PROTOCOL_TOR }, - { 0x5697D436, 32, NDPI_PROTOCOL_TOR }, - { 0x569A0B2D, 32, NDPI_PROTOCOL_TOR }, - { 0x569BD0C5, 32, NDPI_PROTOCOL_TOR }, - { 0x569F0B08, 32, NDPI_PROTOCOL_TOR }, - { 0x56A1DCE0, 32, NDPI_PROTOCOL_TOR }, - { 0x56A2550C, 32, NDPI_PROTOCOL_TOR }, - { 0x56A27142, 32, NDPI_PROTOCOL_TOR }, - { 0x56AE29E4, 32, NDPI_PROTOCOL_TOR }, - { 0x56AF9CFB, 32, NDPI_PROTOCOL_TOR }, - { 0x56B00DD2, 32, NDPI_PROTOCOL_TOR }, - { 0x56B03E45, 32, NDPI_PROTOCOL_TOR }, - { 0x56B1719D, 32, NDPI_PROTOCOL_TOR }, - { 0x56B3ED06, 32, NDPI_PROTOCOL_TOR }, - { 0x56B43BD3, 32, NDPI_PROTOCOL_TOR }, - { 0x56B7FF53, 32, NDPI_PROTOCOL_TOR }, - { 0x56BABA50, 32, NDPI_PROTOCOL_TOR }, - { 0x56BDAAC7, 32, NDPI_PROTOCOL_TOR }, - { 0x56CDFD45, 32, NDPI_PROTOCOL_TOR }, - { 0x56D0805A, 32, NDPI_PROTOCOL_TOR }, - { 0x56D39F39, 32, NDPI_PROTOCOL_TOR }, - { 0x56D9692B, 32, NDPI_PROTOCOL_TOR }, - { 0x56EB2C1D, 32, NDPI_PROTOCOL_TOR }, - { 0x57214983, 32, NDPI_PROTOCOL_TOR }, - { 0x5740620E, 32, NDPI_PROTOCOL_TOR }, - { 0x5743BBE2, 32, NDPI_PROTOCOL_TOR }, - { 0x5743F359, 32, NDPI_PROTOCOL_TOR }, - { 0x574823EF, 32, NDPI_PROTOCOL_TOR }, - { 0x574849E7, 32, NDPI_PROTOCOL_TOR }, - { 0x574855D9, 32, NDPI_PROTOCOL_TOR }, - { 0x574855D9, 32, NDPI_PROTOCOL_TOR }, - { 0x5748EFBB, 32, NDPI_PROTOCOL_TOR }, - { 0x574933FE, 32, NDPI_PROTOCOL_TOR }, - { 0x574A4C6A, 32, NDPI_PROTOCOL_TOR }, - { 0x574E6298, 32, NDPI_PROTOCOL_TOR }, - { 0x574F4F5E, 32, NDPI_PROTOCOL_TOR }, - { 0x574FA117, 32, NDPI_PROTOCOL_TOR }, - { 0x574FBE6A, 32, NDPI_PROTOCOL_TOR }, - { 0x574FE6A9, 32, NDPI_PROTOCOL_TOR }, - { 0x57518B76, 32, NDPI_PROTOCOL_TOR }, - { 0x5751943D, 32, NDPI_PROTOCOL_TOR }, - { 0x575C404F, 32, NDPI_PROTOCOL_TOR }, - { 0x575C7E3B, 32, NDPI_PROTOCOL_TOR }, - { 0x57628430, 32, NDPI_PROTOCOL_TOR }, - { 0x57629FE7, 32, NDPI_PROTOCOL_TOR }, - { 0x5762B23D, 32, NDPI_PROTOCOL_TOR }, - { 0x5762B905, 32, NDPI_PROTOCOL_TOR }, - { 0x5762CE46, 32, NDPI_PROTOCOL_TOR }, - { 0x5762FADE, 32, NDPI_PROTOCOL_TOR }, - { 0x5762FAF4, 32, NDPI_PROTOCOL_TOR }, - { 0x57660FD8, 32, NDPI_PROTOCOL_TOR }, - { 0x576837CB, 32, NDPI_PROTOCOL_TOR }, - { 0x57686A90, 32, NDPI_PROTOCOL_TOR }, - { 0x57688562, 32, NDPI_PROTOCOL_TOR }, - { 0x576A0364, 32, NDPI_PROTOCOL_TOR }, - { 0x576A0E9F, 32, NDPI_PROTOCOL_TOR }, - { 0x576A10D6, 32, NDPI_PROTOCOL_TOR }, - { 0x576A1108, 32, NDPI_PROTOCOL_TOR }, - { 0x576A120D, 32, NDPI_PROTOCOL_TOR }, - { 0x576A14F6, 32, NDPI_PROTOCOL_TOR }, - { 0x576A154D, 32, NDPI_PROTOCOL_TOR }, - { 0x576A20BA, 32, NDPI_PROTOCOL_TOR }, - { 0x576A2567, 32, NDPI_PROTOCOL_TOR }, - { 0x576A2FBE, 32, NDPI_PROTOCOL_TOR }, - { 0x576A3528, 32, NDPI_PROTOCOL_TOR }, - { 0x576A3786, 32, NDPI_PROTOCOL_TOR }, - { 0x576A8C18, 32, NDPI_PROTOCOL_TOR }, - { 0x576A945A, 32, NDPI_PROTOCOL_TOR }, - { 0x576ABDEE, 32, NDPI_PROTOCOL_TOR }, - { 0x576ABF5F, 32, NDPI_PROTOCOL_TOR }, - { 0x576ABF9D, 32, NDPI_PROTOCOL_TOR }, - { 0x576AD0EC, 32, NDPI_PROTOCOL_TOR }, - { 0x576AF976, 32, NDPI_PROTOCOL_TOR }, - { 0x576AF9F8, 32, NDPI_PROTOCOL_TOR }, - { 0x57706F89, 32, NDPI_PROTOCOL_TOR }, - { 0x5772AA67, 32, NDPI_PROTOCOL_TOR }, - { 0x5775DB84, 32, NDPI_PROTOCOL_TOR }, - { 0x5775DB8C, 32, NDPI_PROTOCOL_TOR }, - { 0x57765454, 32, NDPI_PROTOCOL_TOR }, - { 0x577654B5, 32, NDPI_PROTOCOL_TOR }, - { 0x577654F6, 32, NDPI_PROTOCOL_TOR }, - { 0x577658DB, 32, NDPI_PROTOCOL_TOR }, - { 0x57765B8C, 32, NDPI_PROTOCOL_TOR }, - { 0x57765D7A, 32, NDPI_PROTOCOL_TOR }, - { 0x57765EE7, 32, NDPI_PROTOCOL_TOR }, - { 0x577670AD, 32, NDPI_PROTOCOL_TOR }, - { 0x57767286, 32, NDPI_PROTOCOL_TOR }, - { 0x577674E3, 32, NDPI_PROTOCOL_TOR }, - { 0x5776760C, 32, NDPI_PROTOCOL_TOR }, - { 0x5777BA76, 32, NDPI_PROTOCOL_TOR }, - { 0x5779348B, 32, NDPI_PROTOCOL_TOR }, - { 0x57793492, 32, NDPI_PROTOCOL_TOR }, - { 0x57793497, 32, NDPI_PROTOCOL_TOR }, - { 0x577FA5F4, 32, NDPI_PROTOCOL_TOR }, - { 0x578B21D9, 32, NDPI_PROTOCOL_TOR }, - { 0x5791BA0E, 32, NDPI_PROTOCOL_TOR }, - { 0x5792CEEC, 32, NDPI_PROTOCOL_TOR }, - { 0x57954623, 32, NDPI_PROTOCOL_TOR }, - { 0x57969A86, 32, NDPI_PROTOCOL_TOR }, - { 0x5796CE37, 32, NDPI_PROTOCOL_TOR }, - { 0x579737CB, 32, NDPI_PROTOCOL_TOR }, - { 0x5798EDA7, 32, NDPI_PROTOCOL_TOR }, - { 0x579B0B3B, 32, NDPI_PROTOCOL_TOR }, - { 0x579E1829, 32, NDPI_PROTOCOL_TOR }, - { 0x579E8E9E, 32, NDPI_PROTOCOL_TOR }, - { 0x579F41E5, 32, NDPI_PROTOCOL_TOR }, - { 0x579FA892, 32, NDPI_PROTOCOL_TOR }, - { 0x57A0D2C2, 32, NDPI_PROTOCOL_TOR }, - { 0x57A2CCAC, 32, NDPI_PROTOCOL_TOR }, - { 0x57A3F603, 32, NDPI_PROTOCOL_TOR }, - { 0x57A47E10, 32, NDPI_PROTOCOL_TOR }, - { 0x57A62B46, 32, NDPI_PROTOCOL_TOR }, - { 0x57A87901, 32, NDPI_PROTOCOL_TOR }, - { 0x57A97C46, 32, NDPI_PROTOCOL_TOR }, - { 0x57AC1458, 32, NDPI_PROTOCOL_TOR }, - { 0x57AE61DF, 32, NDPI_PROTOCOL_TOR }, - { 0x57AE69FB, 32, NDPI_PROTOCOL_TOR }, - { 0x57AEE582, 32, NDPI_PROTOCOL_TOR }, - { 0x57AEEF6C, 32, NDPI_PROTOCOL_TOR }, - { 0x57AEF49C, 32, NDPI_PROTOCOL_TOR }, - { 0x57B2A7F3, 32, NDPI_PROTOCOL_TOR }, - { 0x57B362F3, 32, NDPI_PROTOCOL_TOR }, - { 0x57B38736, 32, NDPI_PROTOCOL_TOR }, - { 0x57BA1D87, 32, NDPI_PROTOCOL_TOR }, - { 0x57BC52C0, 32, NDPI_PROTOCOL_TOR }, - { 0x57BC6D89, 32, NDPI_PROTOCOL_TOR }, - { 0x57BCC2CB, 32, NDPI_PROTOCOL_TOR }, - { 0x57BD56C4, 32, NDPI_PROTOCOL_TOR }, - { 0x57C1B3EE, 32, NDPI_PROTOCOL_TOR }, - { 0x57C1D00E, 32, NDPI_PROTOCOL_TOR }, - { 0x57C62255, 32, NDPI_PROTOCOL_TOR }, - { 0x57CBC2D4, 32, NDPI_PROTOCOL_TOR }, - { 0x57CFD9D4, 32, NDPI_PROTOCOL_TOR }, - { 0x57D430C9, 32, NDPI_PROTOCOL_TOR }, - { 0x57D8ABB3, 32, NDPI_PROTOCOL_TOR }, - { 0x57D93E0E, 32, NDPI_PROTOCOL_TOR }, - { 0x57DAA8EC, 32, NDPI_PROTOCOL_TOR }, - { 0x57E0D2F3, 32, NDPI_PROTOCOL_TOR }, - { 0x57E43BBD, 32, NDPI_PROTOCOL_TOR }, - { 0x57E611F5, 32, NDPI_PROTOCOL_TOR }, - { 0x57E6196D, 32, NDPI_PROTOCOL_TOR }, - { 0x57E619AC, 32, NDPI_PROTOCOL_TOR }, - { 0x57E6335F, 32, NDPI_PROTOCOL_TOR }, - { 0x57E64E6C, 32, NDPI_PROTOCOL_TOR }, - { 0x57E70AEB, 32, NDPI_PROTOCOL_TOR }, - { 0x57E77410, 32, NDPI_PROTOCOL_TOR }, - { 0x57EC1B9B, 32, NDPI_PROTOCOL_TOR }, - { 0x57ECC3B9, 32, NDPI_PROTOCOL_TOR }, - { 0x57ECC7A9, 32, NDPI_PROTOCOL_TOR }, - { 0x57ECD389, 32, NDPI_PROTOCOL_TOR }, - { 0x57EFA26E, 32, NDPI_PROTOCOL_TOR }, - { 0x57F38E21, 32, NDPI_PROTOCOL_TOR }, - { 0x57F4FFDA, 32, NDPI_PROTOCOL_TOR }, - { 0x57FB8C5D, 32, NDPI_PROTOCOL_TOR }, - { 0x57FE635F, 32, NDPI_PROTOCOL_TOR }, - { 0x580F9CD8, 32, NDPI_PROTOCOL_TOR }, - { 0x5811212D, 32, NDPI_PROTOCOL_TOR }, - { 0x58401AEB, 32, NDPI_PROTOCOL_TOR }, - { 0x58404EF4, 32, NDPI_PROTOCOL_TOR }, - { 0x5840805B, 32, NDPI_PROTOCOL_TOR }, - { 0x58412604, 32, NDPI_PROTOCOL_TOR }, - { 0x5841F49C, 32, NDPI_PROTOCOL_TOR }, - { 0x5843639C, 32, NDPI_PROTOCOL_TOR }, - { 0x58458580, 32, NDPI_PROTOCOL_TOR }, - { 0x584862F4, 32, NDPI_PROTOCOL_TOR }, - { 0x584931A8, 32, NDPI_PROTOCOL_TOR }, - { 0x58493380, 32, NDPI_PROTOCOL_TOR }, - { 0x584C5C8E, 32, NDPI_PROTOCOL_TOR }, - { 0x584D2F56, 32, NDPI_PROTOCOL_TOR }, - { 0x584DC1AC, 32, NDPI_PROTOCOL_TOR }, - { 0x584DCB92, 32, NDPI_PROTOCOL_TOR }, - { 0x584E47B6, 32, NDPI_PROTOCOL_TOR }, - { 0x5850B95D, 32, NDPI_PROTOCOL_TOR }, - { 0x5850D6BD, 32, NDPI_PROTOCOL_TOR }, - { 0x58526C1A, 32, NDPI_PROTOCOL_TOR }, - { 0x5856D7D5, 32, NDPI_PROTOCOL_TOR }, - { 0x58574E68, 32, NDPI_PROTOCOL_TOR }, - { 0x585BD594, 32, NDPI_PROTOCOL_TOR }, - { 0x58614DFF, 32, NDPI_PROTOCOL_TOR }, - { 0x58690051, 32, NDPI_PROTOCOL_TOR }, - { 0x58719D6B, 32, NDPI_PROTOCOL_TOR }, - { 0x58726D58, 32, NDPI_PROTOCOL_TOR }, - { 0x5872759B, 32, NDPI_PROTOCOL_TOR }, - { 0x5872E33E, 32, NDPI_PROTOCOL_TOR }, - { 0x587E6C2D, 32, NDPI_PROTOCOL_TOR }, - { 0x587F6026, 32, NDPI_PROTOCOL_TOR }, - { 0x588201AE, 32, NDPI_PROTOCOL_TOR }, - { 0x58823273, 32, NDPI_PROTOCOL_TOR }, - { 0x58864FB5, 32, NDPI_PROTOCOL_TOR }, - { 0x588678F8, 32, NDPI_PROTOCOL_TOR }, - { 0x58869115, 32, NDPI_PROTOCOL_TOR }, - { 0x58894FA1, 32, NDPI_PROTOCOL_TOR }, - { 0x58959A20, 32, NDPI_PROTOCOL_TOR }, - { 0x58982F2D, 32, NDPI_PROTOCOL_TOR }, - { 0x5898FFF5, 32, NDPI_PROTOCOL_TOR }, - { 0x58996247, 32, NDPI_PROTOCOL_TOR }, - { 0x5899A4FF, 32, NDPI_PROTOCOL_TOR }, - { 0x5899AB6B, 32, NDPI_PROTOCOL_TOR }, - { 0x5899B4A5, 32, NDPI_PROTOCOL_TOR }, - { 0x589F4697, 32, NDPI_PROTOCOL_TOR }, - { 0x589F53F4, 32, NDPI_PROTOCOL_TOR }, - { 0x58A3E58B, 32, NDPI_PROTOCOL_TOR }, - { 0x58A5F4A9, 32, NDPI_PROTOCOL_TOR }, - { 0x58A6C0B5, 32, NDPI_PROTOCOL_TOR }, - { 0x58A8F257, 32, NDPI_PROTOCOL_TOR }, - { 0x58B0042F, 32, NDPI_PROTOCOL_TOR }, - { 0x58B0B407, 32, NDPI_PROTOCOL_TOR }, - { 0x58B256CA, 32, NDPI_PROTOCOL_TOR }, - { 0x58B99B86, 32, NDPI_PROTOCOL_TOR }, - { 0x58B9E31D, 32, NDPI_PROTOCOL_TOR }, - { 0x58BA120C, 32, NDPI_PROTOCOL_TOR }, - { 0x58BB785A, 32, NDPI_PROTOCOL_TOR }, - { 0x58BBBAD8, 32, NDPI_PROTOCOL_TOR }, - { 0x58BBE53B, 32, NDPI_PROTOCOL_TOR }, - { 0x58BD8A61, 32, NDPI_PROTOCOL_TOR }, - { 0x58C3CF75, 32, NDPI_PROTOCOL_TOR }, - { 0x58C60910, 32, NDPI_PROTOCOL_TOR }, - { 0x58C61304, 32, NDPI_PROTOCOL_TOR }, - { 0x58C617B3, 32, NDPI_PROTOCOL_TOR }, - { 0x58C6194C, 32, NDPI_PROTOCOL_TOR }, - { 0x58C6195C, 32, NDPI_PROTOCOL_TOR }, - { 0x58C628A5, 32, NDPI_PROTOCOL_TOR }, - { 0x58C63352, 32, NDPI_PROTOCOL_TOR }, - { 0x58C63436, 32, NDPI_PROTOCOL_TOR }, - { 0x58C636D4, 32, NDPI_PROTOCOL_TOR }, - { 0x58C6388C, 32, NDPI_PROTOCOL_TOR }, - { 0x58C64689, 32, NDPI_PROTOCOL_TOR }, - { 0x58C664E6, 32, NDPI_PROTOCOL_TOR }, - { 0x58C664E8, 32, NDPI_PROTOCOL_TOR }, - { 0x58C66D95, 32, NDPI_PROTOCOL_TOR }, - { 0x58C66DE5, 32, NDPI_PROTOCOL_TOR }, - { 0x58C66E98, 32, NDPI_PROTOCOL_TOR }, - { 0x58C66F77, 32, NDPI_PROTOCOL_TOR }, - { 0x58C67565, 32, NDPI_PROTOCOL_TOR }, - { 0x58C6789B, 32, NDPI_PROTOCOL_TOR }, - { 0x58C67FE6, 32, NDPI_PROTOCOL_TOR }, - { 0x58C682D4, 32, NDPI_PROTOCOL_TOR }, - { 0x58C69A70, 32, NDPI_PROTOCOL_TOR }, - { 0x58C6A363, 32, NDPI_PROTOCOL_TOR }, - { 0x58C6A364, 32, NDPI_PROTOCOL_TOR }, - { 0x58C6AF4C, 32, NDPI_PROTOCOL_TOR }, - { 0x58C6C187, 32, NDPI_PROTOCOL_TOR }, - { 0x58C6C259, 32, NDPI_PROTOCOL_TOR }, - { 0x58C6C633, 32, NDPI_PROTOCOL_TOR }, - { 0x58C6CFDE, 32, NDPI_PROTOCOL_TOR }, - { 0x58C6D6E9, 32, NDPI_PROTOCOL_TOR }, - { 0x58C8F312, 32, NDPI_PROTOCOL_TOR }, - { 0x58CC71BD, 32, NDPI_PROTOCOL_TOR }, - { 0x58D0CD8A, 32, NDPI_PROTOCOL_TOR }, - { 0x58D90267, 32, NDPI_PROTOCOL_TOR }, - { 0x58D92CAE, 32, NDPI_PROTOCOL_TOR }, - { 0x58D94FCA, 32, NDPI_PROTOCOL_TOR }, - { 0x58D98F35, 32, NDPI_PROTOCOL_TOR }, - { 0x58D9ABE1, 32, NDPI_PROTOCOL_TOR }, - { 0x58E44C31, 32, NDPI_PROTOCOL_TOR }, - { 0x59004F17, 32, NDPI_PROTOCOL_TOR }, - { 0x5900641C, 32, NDPI_PROTOCOL_TOR }, - { 0x5900878D, 32, NDPI_PROTOCOL_TOR }, - { 0x5900AD14, 32, NDPI_PROTOCOL_TOR }, - { 0x5900E463, 32, NDPI_PROTOCOL_TOR }, - { 0x5900E570, 32, NDPI_PROTOCOL_TOR }, - { 0x5900EA67, 32, NDPI_PROTOCOL_TOR }, - { 0x5900EC30, 32, NDPI_PROTOCOL_TOR }, - { 0x5900F2EF, 32, NDPI_PROTOCOL_TOR }, - { 0x5900F7A3, 32, NDPI_PROTOCOL_TOR }, - { 0x59039E31, 32, NDPI_PROTOCOL_TOR }, - { 0x590CF9FD, 32, NDPI_PROTOCOL_TOR }, - { 0x590D5330, 32, NDPI_PROTOCOL_TOR }, - { 0x590E57D6, 32, NDPI_PROTOCOL_TOR }, - { 0x590F649D, 32, NDPI_PROTOCOL_TOR }, - { 0x590F6BF1, 32, NDPI_PROTOCOL_TOR }, - { 0x590FC872, 32, NDPI_PROTOCOL_TOR }, - { 0x59108C47, 32, NDPI_PROTOCOL_TOR }, - { 0x5910B09E, 32, NDPI_PROTOCOL_TOR }, - { 0x59122A65, 32, NDPI_PROTOCOL_TOR }, - { 0x5912AC8B, 32, NDPI_PROTOCOL_TOR }, - { 0x5912AD29, 32, NDPI_PROTOCOL_TOR }, - { 0x5912AE45, 32, NDPI_PROTOCOL_TOR }, - { 0x5912AE56, 32, NDPI_PROTOCOL_TOR }, - { 0x5912BE6B, 32, NDPI_PROTOCOL_TOR }, - { 0x5916602F, 32, NDPI_PROTOCOL_TOR }, - { 0x5916613A, 32, NDPI_PROTOCOL_TOR }, - { 0x591661C1, 32, NDPI_PROTOCOL_TOR }, - { 0x591B0DD9, 32, NDPI_PROTOCOL_TOR }, - { 0x591B4114, 32, NDPI_PROTOCOL_TOR }, - { 0x591B5146, 32, NDPI_PROTOCOL_TOR }, - { 0x591F3905, 32, NDPI_PROTOCOL_TOR }, - { 0x5924EB42, 32, NDPI_PROTOCOL_TOR }, - { 0x59284795, 32, NDPI_PROTOCOL_TOR }, - { 0x592E64A2, 32, NDPI_PROTOCOL_TOR }, - { 0x592E6524, 32, NDPI_PROTOCOL_TOR }, - { 0x592E65B5, 32, NDPI_PROTOCOL_TOR }, - { 0x59410727, 32, NDPI_PROTOCOL_TOR }, - { 0x59412546, 32, NDPI_PROTOCOL_TOR }, - { 0x59438C76, 32, NDPI_PROTOCOL_TOR }, - { 0x59438C76, 32, NDPI_PROTOCOL_TOR }, - { 0x5943B32A, 32, NDPI_PROTOCOL_TOR }, - { 0x5943FE26, 32, NDPI_PROTOCOL_TOR }, - { 0x5944BDD0, 32, NDPI_PROTOCOL_TOR }, - { 0x594669E7, 32, NDPI_PROTOCOL_TOR }, - { 0x5949B1EC, 32, NDPI_PROTOCOL_TOR }, - { 0x5949D520, 32, NDPI_PROTOCOL_TOR }, - { 0x594A6CCE, 32, NDPI_PROTOCOL_TOR }, - { 0x594D88AE, 32, NDPI_PROTOCOL_TOR }, - { 0x5959FD25, 32, NDPI_PROTOCOL_TOR }, - { 0x5962E64C, 32, NDPI_PROTOCOL_TOR }, - { 0x59639B85, 32, NDPI_PROTOCOL_TOR }, - { 0x59669393, 32, NDPI_PROTOCOL_TOR }, - { 0x5967B502, 32, NDPI_PROTOCOL_TOR }, - { 0x5967B832, 32, NDPI_PROTOCOL_TOR }, - { 0x5969C582, 32, NDPI_PROTOCOL_TOR }, - { 0x596AF415, 32, NDPI_PROTOCOL_TOR }, - { 0x596C560B, 32, NDPI_PROTOCOL_TOR }, - { 0x596C58E3, 32, NDPI_PROTOCOL_TOR }, - { 0x596E9CF7, 32, NDPI_PROTOCOL_TOR }, - { 0x596F1444, 32, NDPI_PROTOCOL_TOR }, - { 0x5978777D, 32, NDPI_PROTOCOL_TOR }, - { 0x59829E95, 32, NDPI_PROTOCOL_TOR }, - { 0x59845CDA, 32, NDPI_PROTOCOL_TOR }, - { 0x5985A952, 32, NDPI_PROTOCOL_TOR }, - { 0x598619DA, 32, NDPI_PROTOCOL_TOR }, - { 0x59869680, 32, NDPI_PROTOCOL_TOR }, - { 0x59879056, 32, NDPI_PROTOCOL_TOR }, - { 0x598C623C, 32, NDPI_PROTOCOL_TOR }, - { 0x598E23D1, 32, NDPI_PROTOCOL_TOR }, - { 0x59910E6C, 32, NDPI_PROTOCOL_TOR }, - { 0x599B990F, 32, NDPI_PROTOCOL_TOR }, - { 0x599C3EBE, 32, NDPI_PROTOCOL_TOR }, - { 0x599C5DDC, 32, NDPI_PROTOCOL_TOR }, - { 0x599ED03F, 32, NDPI_PROTOCOL_TOR }, - { 0x599F568B, 32, NDPI_PROTOCOL_TOR }, - { 0x59A0DE85, 32, NDPI_PROTOCOL_TOR }, - { 0x59A257B4, 32, NDPI_PROTOCOL_TOR }, - { 0x59A3ABFA, 32, NDPI_PROTOCOL_TOR }, - { 0x59A3B9BA, 32, NDPI_PROTOCOL_TOR }, - { 0x59A3D14F, 32, NDPI_PROTOCOL_TOR }, - { 0x59A3D14F, 32, NDPI_PROTOCOL_TOR }, - { 0x59A3DD97, 32, NDPI_PROTOCOL_TOR }, - { 0x59A3DD97, 32, NDPI_PROTOCOL_TOR }, - { 0x59A3E00A, 32, NDPI_PROTOCOL_TOR }, - { 0x59A3E0A8, 32, NDPI_PROTOCOL_TOR }, - { 0x59A3E0BB, 32, NDPI_PROTOCOL_TOR }, - { 0x59A3E31C, 32, NDPI_PROTOCOL_TOR }, - { 0x59A6EAF6, 32, NDPI_PROTOCOL_TOR }, - { 0x59A9A5E9, 32, NDPI_PROTOCOL_TOR }, - { 0x59B08CBE, 32, NDPI_PROTOCOL_TOR }, - { 0x59B08D09, 32, NDPI_PROTOCOL_TOR }, - { 0x59B34E19, 32, NDPI_PROTOCOL_TOR }, - { 0x59B37F7C, 32, NDPI_PROTOCOL_TOR }, - { 0x59B3F11E, 32, NDPI_PROTOCOL_TOR }, - { 0x59B891D7, 32, NDPI_PROTOCOL_TOR }, - { 0x59BA8F86, 32, NDPI_PROTOCOL_TOR }, - { 0x59BB8ED0, 32, NDPI_PROTOCOL_TOR }, - { 0x59BC6DD2, 32, NDPI_PROTOCOL_TOR }, - { 0x59BFC7F5, 32, NDPI_PROTOCOL_TOR }, - { 0x59CF8537, 32, NDPI_PROTOCOL_TOR }, - { 0x59CF8799, 32, NDPI_PROTOCOL_TOR }, - { 0x59E31A37, 32, NDPI_PROTOCOL_TOR }, - { 0x59E7763D, 32, NDPI_PROTOCOL_TOR }, - { 0x59EA8D65, 32, NDPI_PROTOCOL_TOR }, - { 0x59EA9DFE, 32, NDPI_PROTOCOL_TOR }, - { 0x59EA9DFE, 32, NDPI_PROTOCOL_TOR }, - { 0x59EE455D, 32, NDPI_PROTOCOL_TOR }, - { 0x59EE4D04, 32, NDPI_PROTOCOL_TOR }, - { 0x59EE4E6C, 32, NDPI_PROTOCOL_TOR }, - { 0x59EEAC6C, 32, NDPI_PROTOCOL_TOR }, - { 0x59EFDAB4, 32, NDPI_PROTOCOL_TOR }, - { 0x59F8A679, 32, NDPI_PROTOCOL_TOR }, - { 0x59F8AC10, 32, NDPI_PROTOCOL_TOR }, - { 0x59F985A5, 32, NDPI_PROTOCOL_TOR }, - { 0x59FB968E, 32, NDPI_PROTOCOL_TOR }, - { 0x59FC0125, 32, NDPI_PROTOCOL_TOR }, - { 0x59FC028C, 32, NDPI_PROTOCOL_TOR }, - { 0x5A09C850, 32, NDPI_PROTOCOL_TOR }, - { 0x5A0A8BC7, 32, NDPI_PROTOCOL_TOR }, - { 0x5A0B5036, 32, NDPI_PROTOCOL_TOR }, - { 0x5A18B154, 32, NDPI_PROTOCOL_TOR }, - { 0x5A1B3C6B, 32, NDPI_PROTOCOL_TOR }, - { 0x5A1D82F0, 32, NDPI_PROTOCOL_TOR }, - { 0x5A1D9B54, 32, NDPI_PROTOCOL_TOR }, - { 0x5A20BA49, 32, NDPI_PROTOCOL_TOR }, - { 0x5A28F78E, 32, NDPI_PROTOCOL_TOR }, - { 0x5A3CABF0, 32, NDPI_PROTOCOL_TOR }, - { 0x5A3FA178, 32, NDPI_PROTOCOL_TOR }, - { 0x5A914577, 32, NDPI_PROTOCOL_TOR }, - { 0x5A921D38, 32, NDPI_PROTOCOL_TOR }, - { 0x5A92B569, 32, NDPI_PROTOCOL_TOR }, - { 0x5A951B7A, 32, NDPI_PROTOCOL_TOR }, - { 0x5A95517A, 32, NDPI_PROTOCOL_TOR }, - { 0x5A9B17DA, 32, NDPI_PROTOCOL_TOR }, - { 0x5AB0A48F, 32, NDPI_PROTOCOL_TOR }, - { 0x5AB50D30, 32, NDPI_PROTOCOL_TOR }, - { 0x5AB88EE0, 32, NDPI_PROTOCOL_TOR }, - { 0x5AB8A455, 32, NDPI_PROTOCOL_TOR }, - { 0x5AB8DE74, 32, NDPI_PROTOCOL_TOR }, - { 0x5AB8DE75, 32, NDPI_PROTOCOL_TOR }, - { 0x5AB8DE76, 32, NDPI_PROTOCOL_TOR }, - { 0x5AC04EC5, 32, NDPI_PROTOCOL_TOR }, - { 0x5ADB84FD, 32, NDPI_PROTOCOL_TOR }, - { 0x5AE14054, 32, NDPI_PROTOCOL_TOR }, - { 0x5AE150DB, 32, NDPI_PROTOCOL_TOR }, - { 0x5AE1558C, 32, NDPI_PROTOCOL_TOR }, - { 0x5AE2B287, 32, NDPI_PROTOCOL_TOR }, - { 0x5AE4CA9F, 32, NDPI_PROTOCOL_TOR }, - { 0x5AE7989F, 32, NDPI_PROTOCOL_TOR }, - { 0x5B025570, 32, NDPI_PROTOCOL_TOR }, - { 0x5B02F637, 32, NDPI_PROTOCOL_TOR }, - { 0x5B041823, 32, NDPI_PROTOCOL_TOR }, - { 0x5B05878B, 32, NDPI_PROTOCOL_TOR }, - { 0x5B06757C, 32, NDPI_PROTOCOL_TOR }, - { 0x5B09C013, 32, NDPI_PROTOCOL_TOR }, - { 0x5B0A081A, 32, NDPI_PROTOCOL_TOR }, - { 0x5B0A45D7, 32, NDPI_PROTOCOL_TOR }, - { 0x5B0A7B54, 32, NDPI_PROTOCOL_TOR }, - { 0x5B0CD9A9, 32, NDPI_PROTOCOL_TOR }, - { 0x5B0CEB4D, 32, NDPI_PROTOCOL_TOR }, - { 0x5B0D634C, 32, NDPI_PROTOCOL_TOR }, - { 0x5B0E755F, 32, NDPI_PROTOCOL_TOR }, - { 0x5B0F4794, 32, NDPI_PROTOCOL_TOR }, - { 0x5B120251, 32, NDPI_PROTOCOL_TOR }, - { 0x5B129DE3, 32, NDPI_PROTOCOL_TOR }, - { 0x5B152C3D, 32, NDPI_PROTOCOL_TOR }, - { 0x5B21CED5, 32, NDPI_PROTOCOL_TOR }, - { 0x5B225C74, 32, NDPI_PROTOCOL_TOR }, - { 0x5B25E831, 32, NDPI_PROTOCOL_TOR }, - { 0x5B265CAF, 32, NDPI_PROTOCOL_TOR }, - { 0x5B2C7D98, 32, NDPI_PROTOCOL_TOR }, - { 0x5B2DE1A9, 32, NDPI_PROTOCOL_TOR }, - { 0x5B3249DA, 32, NDPI_PROTOCOL_TOR }, - { 0x5B334FF1, 32, NDPI_PROTOCOL_TOR }, - { 0x5B336B45, 32, NDPI_PROTOCOL_TOR }, - { 0x5B33E422, 32, NDPI_PROTOCOL_TOR }, - { 0x5B33FBDE, 32, NDPI_PROTOCOL_TOR }, - { 0x5B343F6F, 32, NDPI_PROTOCOL_TOR }, - { 0x5B36DE01, 32, NDPI_PROTOCOL_TOR }, - { 0x5B3B5350, 32, NDPI_PROTOCOL_TOR }, - { 0x5B3D4574, 32, NDPI_PROTOCOL_TOR }, - { 0x5B3D52E4, 32, NDPI_PROTOCOL_TOR }, - { 0x5B3DF13E, 32, NDPI_PROTOCOL_TOR }, - { 0x5B3EE54E, 32, NDPI_PROTOCOL_TOR }, - { 0x5B406D9B, 32, NDPI_PROTOCOL_TOR }, - { 0x5B406F83, 32, NDPI_PROTOCOL_TOR }, - { 0x5B40EADB, 32, NDPI_PROTOCOL_TOR }, - { 0x5B41538E, 32, NDPI_PROTOCOL_TOR }, - { 0x5B4160F6, 32, NDPI_PROTOCOL_TOR }, - { 0x5B424E8B, 32, NDPI_PROTOCOL_TOR }, - { 0x5B4254DB, 32, NDPI_PROTOCOL_TOR }, - { 0x5B42CC01, 32, NDPI_PROTOCOL_TOR }, - { 0x5B434C46, 32, NDPI_PROTOCOL_TOR }, - { 0x5B4D127A, 32, NDPI_PROTOCOL_TOR }, - { 0x5B4F6E29, 32, NDPI_PROTOCOL_TOR }, - { 0x5B52ED7F, 32, NDPI_PROTOCOL_TOR }, - { 0x5B605C06, 32, NDPI_PROTOCOL_TOR }, - { 0x5B60BC9F, 32, NDPI_PROTOCOL_TOR }, - { 0x5B614084, 32, NDPI_PROTOCOL_TOR }, - { 0x5B6DF7AD, 32, NDPI_PROTOCOL_TOR }, - { 0x5B711952, 32, NDPI_PROTOCOL_TOR }, - { 0x5B77D141, 32, NDPI_PROTOCOL_TOR }, - { 0x5B77E5A1, 32, NDPI_PROTOCOL_TOR }, - { 0x5B790114, 32, NDPI_PROTOCOL_TOR }, - { 0x5B791043, 32, NDPI_PROTOCOL_TOR }, - { 0x5B7915E0, 32, NDPI_PROTOCOL_TOR }, - { 0x5B791C40, 32, NDPI_PROTOCOL_TOR }, - { 0x5B794CCC, 32, NDPI_PROTOCOL_TOR }, - { 0x5B794CCF, 32, NDPI_PROTOCOL_TOR }, - { 0x5B795210, 32, NDPI_PROTOCOL_TOR }, - { 0x5B795219, 32, NDPI_PROTOCOL_TOR }, - { 0x5B79545C, 32, NDPI_PROTOCOL_TOR }, - { 0x5B795582, 32, NDPI_PROTOCOL_TOR }, - { 0x5B7964C8, 32, NDPI_PROTOCOL_TOR }, - { 0x5B7968A8, 32, NDPI_PROTOCOL_TOR }, - { 0x5B796AB2, 32, NDPI_PROTOCOL_TOR }, - { 0x5B79734F, 32, NDPI_PROTOCOL_TOR }, - { 0x5B797422, 32, NDPI_PROTOCOL_TOR }, - { 0x5B799255, 32, NDPI_PROTOCOL_TOR }, - { 0x5B799275, 32, NDPI_PROTOCOL_TOR }, - { 0x5B799341, 32, NDPI_PROTOCOL_TOR }, - { 0x5B799FC4, 32, NDPI_PROTOCOL_TOR }, - { 0x5B79A5DF, 32, NDPI_PROTOCOL_TOR }, - { 0x5B79A698, 32, NDPI_PROTOCOL_TOR }, - { 0x5B79A921, 32, NDPI_PROTOCOL_TOR }, - { 0x5B79B857, 32, NDPI_PROTOCOL_TOR }, - { 0x5B79C584, 32, NDPI_PROTOCOL_TOR }, - { 0x5B79CF22, 32, NDPI_PROTOCOL_TOR }, - { 0x5B79E9F2, 32, NDPI_PROTOCOL_TOR }, - { 0x5B7A640D, 32, NDPI_PROTOCOL_TOR }, - { 0x5B7BC8A8, 32, NDPI_PROTOCOL_TOR }, - { 0x5B7BC8EB, 32, NDPI_PROTOCOL_TOR }, - { 0x5B7EFFCD, 32, NDPI_PROTOCOL_TOR }, - { 0x5B88A44D, 32, NDPI_PROTOCOL_TOR }, - { 0x5B8A448F, 32, NDPI_PROTOCOL_TOR }, - { 0x5B8A9B09, 32, NDPI_PROTOCOL_TOR }, - { 0x5B8C31D6, 32, NDPI_PROTOCOL_TOR }, - { 0x5B917635, 32, NDPI_PROTOCOL_TOR }, - { 0x5B927903, 32, NDPI_PROTOCOL_TOR }, - { 0x5B927A2D, 32, NDPI_PROTOCOL_TOR }, - { 0x5B95AD4F, 32, NDPI_PROTOCOL_TOR }, - { 0x5B9A9932, 32, NDPI_PROTOCOL_TOR }, - { 0x5B9BBD6B, 32, NDPI_PROTOCOL_TOR }, - { 0x5BB9C8DD, 32, NDPI_PROTOCOL_TOR }, - { 0x5BB9E123, 32, NDPI_PROTOCOL_TOR }, - { 0x5BBA2710, 32, NDPI_PROTOCOL_TOR }, - { 0x5BBC7D80, 32, NDPI_PROTOCOL_TOR }, - { 0x5BBDB576, 32, NDPI_PROTOCOL_TOR }, - { 0x5BBE754D, 32, NDPI_PROTOCOL_TOR }, - { 0x5BC2546A, 32, NDPI_PROTOCOL_TOR }, - { 0x5BC25A27, 32, NDPI_PROTOCOL_TOR }, - { 0x5BC25A67, 32, NDPI_PROTOCOL_TOR }, - { 0x5BC7C54C, 32, NDPI_PROTOCOL_TOR }, - { 0x5BC85544, 32, NDPI_PROTOCOL_TOR }, - { 0x5BCA2D9C, 32, NDPI_PROTOCOL_TOR }, - { 0x5BCBD4EE, 32, NDPI_PROTOCOL_TOR }, - { 0x5BCDAD52, 32, NDPI_PROTOCOL_TOR }, - { 0x5BCE8E46, 32, NDPI_PROTOCOL_TOR }, - { 0x5BD05448, 32, NDPI_PROTOCOL_TOR }, - { 0x5BD26A1B, 32, NDPI_PROTOCOL_TOR }, - { 0x5BD33ED4, 32, NDPI_PROTOCOL_TOR }, - { 0x5BD5082B, 32, NDPI_PROTOCOL_TOR }, - { 0x5BD50854, 32, NDPI_PROTOCOL_TOR }, - { 0x5BD50859, 32, NDPI_PROTOCOL_TOR }, - { 0x5BD50874, 32, NDPI_PROTOCOL_TOR }, - { 0x5BD508EB, 32, NDPI_PROTOCOL_TOR }, - { 0x5BD508EB, 32, NDPI_PROTOCOL_TOR }, - { 0x5BD508EC, 32, NDPI_PROTOCOL_TOR }, - { 0x5BD6A8F0, 32, NDPI_PROTOCOL_TOR }, - { 0x5BD6CB90, 32, NDPI_PROTOCOL_TOR }, - { 0x5BD6CBE9, 32, NDPI_PROTOCOL_TOR }, - { 0x5BDBED13, 32, NDPI_PROTOCOL_TOR }, - { 0x5BDBED6E, 32, NDPI_PROTOCOL_TOR }, - { 0x5BDBEDCF, 32, NDPI_PROTOCOL_TOR }, - { 0x5BDBEDDA, 32, NDPI_PROTOCOL_TOR }, - { 0x5BDBEDE5, 32, NDPI_PROTOCOL_TOR }, - { 0x5BDBEDF4, 32, NDPI_PROTOCOL_TOR }, - { 0x5BDBEEDD, 32, NDPI_PROTOCOL_TOR }, - { 0x5BDCA33E, 32, NDPI_PROTOCOL_TOR }, - { 0x5BDD6F07, 32, NDPI_PROTOCOL_TOR }, - { 0x5BDEDA85, 32, NDPI_PROTOCOL_TOR }, - { 0x5BE09509, 32, NDPI_PROTOCOL_TOR }, - { 0x5BE09521, 32, NDPI_PROTOCOL_TOR }, - { 0x5BE0952D, 32, NDPI_PROTOCOL_TOR }, - { 0x5BE09537, 32, NDPI_PROTOCOL_TOR }, - { 0x5BE25911, 32, NDPI_PROTOCOL_TOR }, - { 0x5BE434BA, 32, NDPI_PROTOCOL_TOR }, - { 0x5BE49734, 32, NDPI_PROTOCOL_TOR }, - { 0x5BE4B382, 32, NDPI_PROTOCOL_TOR }, - { 0x5BE5141B, 32, NDPI_PROTOCOL_TOR }, - { 0x5BE6CCC6, 32, NDPI_PROTOCOL_TOR }, - { 0x5BE8D912, 32, NDPI_PROTOCOL_TOR }, - { 0x5BE97444, 32, NDPI_PROTOCOL_TOR }, - { 0x5BEA1630, 32, NDPI_PROTOCOL_TOR }, - { 0x5BEAE223, 32, NDPI_PROTOCOL_TOR }, - { 0x5BECEF87, 32, NDPI_PROTOCOL_TOR }, - { 0x5BECEF8C, 32, NDPI_PROTOCOL_TOR }, - { 0x5BED34AA, 32, NDPI_PROTOCOL_TOR }, - { 0x5BEDF43E, 32, NDPI_PROTOCOL_TOR }, - { 0x5BEDF73E, 32, NDPI_PROTOCOL_TOR }, - { 0x5BEE3C64, 32, NDPI_PROTOCOL_TOR }, - { 0x5BF0E5C3, 32, NDPI_PROTOCOL_TOR }, - { 0x5BFA7026, 32, NDPI_PROTOCOL_TOR }, - { 0x5BFA73B9, 32, NDPI_PROTOCOL_TOR }, - { 0x5BFAF20A, 32, NDPI_PROTOCOL_TOR }, - { 0x5BFAF267, 32, NDPI_PROTOCOL_TOR }, - { 0x5C002464, 32, NDPI_PROTOCOL_TOR }, - { 0x5C0124D4, 32, NDPI_PROTOCOL_TOR }, - { 0x5C01DCB8, 32, NDPI_PROTOCOL_TOR }, - { 0x5C07A833, 32, NDPI_PROTOCOL_TOR }, - { 0x5C0A3BD5, 32, NDPI_PROTOCOL_TOR }, - { 0x5C0EC83C, 32, NDPI_PROTOCOL_TOR }, - { 0x5C14074D, 32, NDPI_PROTOCOL_TOR }, - { 0x5C14CB4C, 32, NDPI_PROTOCOL_TOR }, - { 0x5C15F357, 32, NDPI_PROTOCOL_TOR }, - { 0x5C18851F, 32, NDPI_PROTOCOL_TOR }, - { 0x5C18851F, 32, NDPI_PROTOCOL_TOR }, - { 0x5C27F38B, 32, NDPI_PROTOCOL_TOR }, - { 0x5C27F62D, 32, NDPI_PROTOCOL_TOR }, - { 0x5C2869CC, 32, NDPI_PROTOCOL_TOR }, - { 0x5C32581A, 32, NDPI_PROTOCOL_TOR }, - { 0x5C34249B, 32, NDPI_PROTOCOL_TOR }, - { 0x5C3C05EE, 32, NDPI_PROTOCOL_TOR }, - { 0x5C3C05EE, 32, NDPI_PROTOCOL_TOR }, - { 0x5C3F582D, 32, NDPI_PROTOCOL_TOR }, - { 0x5C3F582F, 32, NDPI_PROTOCOL_TOR }, - { 0x5C3F6E7C, 32, NDPI_PROTOCOL_TOR }, - { 0x5C3FAB2D, 32, NDPI_PROTOCOL_TOR }, - { 0x5C3FABCF, 32, NDPI_PROTOCOL_TOR }, - { 0x5C3FAC96, 32, NDPI_PROTOCOL_TOR }, - { 0x5C3FAE24, 32, NDPI_PROTOCOL_TOR }, - { 0x5C3FAE46, 32, NDPI_PROTOCOL_TOR }, - { 0x5C3FAE47, 32, NDPI_PROTOCOL_TOR }, - { 0x5C3FAF05, 32, NDPI_PROTOCOL_TOR }, - { 0x5C484CE3, 32, NDPI_PROTOCOL_TOR }, - { 0x5C487B89, 32, NDPI_PROTOCOL_TOR }, - { 0x5C48FF4A, 32, NDPI_PROTOCOL_TOR }, - { 0x5C4A357A, 32, NDPI_PROTOCOL_TOR }, - { 0x5C4AE372, 32, NDPI_PROTOCOL_TOR }, - { 0x5C4B0EC2, 32, NDPI_PROTOCOL_TOR }, - { 0x5C4C7C06, 32, NDPI_PROTOCOL_TOR }, - { 0x5C4CC040, 32, NDPI_PROTOCOL_TOR }, - { 0x5C4D2D74, 32, NDPI_PROTOCOL_TOR }, - { 0x5C4DB1FE, 32, NDPI_PROTOCOL_TOR }, - { 0x5C59AD55, 32, NDPI_PROTOCOL_TOR }, - { 0x5C5B7942, 32, NDPI_PROTOCOL_TOR }, - { 0x5C5B9C44, 32, NDPI_PROTOCOL_TOR }, - { 0x5C645773, 32, NDPI_PROTOCOL_TOR }, - { 0x5C647BD0, 32, NDPI_PROTOCOL_TOR }, - { 0x5C68349B, 32, NDPI_PROTOCOL_TOR }, - { 0x5C6893A0, 32, NDPI_PROTOCOL_TOR }, - { 0x5C6977C0, 32, NDPI_PROTOCOL_TOR }, - { 0x5C6AE25D, 32, NDPI_PROTOCOL_TOR }, - { 0x5C6C364C, 32, NDPI_PROTOCOL_TOR }, - { 0x5C6C7829, 32, NDPI_PROTOCOL_TOR }, - { 0x5C6D0707, 32, NDPI_PROTOCOL_TOR }, - { 0x5C6F8E21, 32, NDPI_PROTOCOL_TOR }, - { 0x5C81AF11, 32, NDPI_PROTOCOL_TOR }, - { 0x5C83BD03, 32, NDPI_PROTOCOL_TOR }, - { 0x5C89D859, 32, NDPI_PROTOCOL_TOR }, - { 0x5CC240C3, 32, NDPI_PROTOCOL_TOR }, - { 0x5CC328D6, 32, NDPI_PROTOCOL_TOR }, - { 0x5CC941B7, 32, NDPI_PROTOCOL_TOR }, - { 0x5CC94BCD, 32, NDPI_PROTOCOL_TOR }, - { 0x5CCA214F, 32, NDPI_PROTOCOL_TOR }, - { 0x5CCD15C1, 32, NDPI_PROTOCOL_TOR }, - { 0x5CD13085, 32, NDPI_PROTOCOL_TOR }, - { 0x5CD3AE6A, 32, NDPI_PROTOCOL_TOR }, - { 0x5CD6A588, 32, NDPI_PROTOCOL_TOR }, - { 0x5CD6ADD8, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDE016C, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDE0352, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDE0466, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDE04B2, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDE0935, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDE0946, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDE1385, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDE1482, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDE1625, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDE1671, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDE19E1, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDE1A24, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDE1A51, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDE1C5A, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDE1C8F, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDE1CF3, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDE1D22, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDE2211, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDE2643, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDE27B7, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDE2DC7, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDE45BC, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDE9993, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDEA236, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDEACE5, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDEB57B, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDEC022, 32, NDPI_PROTOCOL_TOR }, - { 0x5CDECC60, 32, NDPI_PROTOCOL_TOR }, - { 0x5CE09A94, 32, NDPI_PROTOCOL_TOR }, - { 0x5CE0A09F, 32, NDPI_PROTOCOL_TOR }, - { 0x5CE0B392, 32, NDPI_PROTOCOL_TOR }, - { 0x5CE10C0D, 32, NDPI_PROTOCOL_TOR }, - { 0x5CE169B5, 32, NDPI_PROTOCOL_TOR }, - { 0x5CE389A3, 32, NDPI_PROTOCOL_TOR }, - { 0x5CE4B19B, 32, NDPI_PROTOCOL_TOR }, - { 0x5CE52412, 32, NDPI_PROTOCOL_TOR }, - { 0x5CE59221, 32, NDPI_PROTOCOL_TOR }, - { 0x5CE68415, 32, NDPI_PROTOCOL_TOR }, - { 0x5CE86216, 32, NDPI_PROTOCOL_TOR }, - { 0x5CED16DA, 32, NDPI_PROTOCOL_TOR }, - { 0x5CF31ED0, 32, NDPI_PROTOCOL_TOR }, - { 0x5CF34569, 32, NDPI_PROTOCOL_TOR }, - { 0x5CF3BC10, 32, NDPI_PROTOCOL_TOR }, - { 0x5CF6147E, 32, NDPI_PROTOCOL_TOR }, - { 0x5CF733A9, 32, NDPI_PROTOCOL_TOR }, - { 0x5CF79DB0, 32, NDPI_PROTOCOL_TOR }, - { 0x5CF96241, 32, NDPI_PROTOCOL_TOR }, - { 0x5CF98F77, 32, NDPI_PROTOCOL_TOR }, - { 0x5CF9BCF6, 32, NDPI_PROTOCOL_TOR }, - { 0x5CFC2031, 32, NDPI_PROTOCOL_TOR }, - { 0x5CFE18CB, 32, NDPI_PROTOCOL_TOR }, - { 0x5CFE3951, 32, NDPI_PROTOCOL_TOR }, - { 0x5CFEB874, 32, NDPI_PROTOCOL_TOR }, - { 0x5CFFC311, 32, NDPI_PROTOCOL_TOR }, - { 0x5CFFCF59, 32, NDPI_PROTOCOL_TOR }, - { 0x5D134D18, 32, NDPI_PROTOCOL_TOR }, - { 0x5D1F9BAF, 32, NDPI_PROTOCOL_TOR }, - { 0x5D328CAA, 32, NDPI_PROTOCOL_TOR }, - { 0x5D48650E, 32, NDPI_PROTOCOL_TOR }, - { 0x5D515FF8, 32, NDPI_PROTOCOL_TOR }, - { 0x5D5A73BC, 32, NDPI_PROTOCOL_TOR }, - { 0x5D5B3291, 32, NDPI_PROTOCOL_TOR }, - { 0x5D5CCC06, 32, NDPI_PROTOCOL_TOR }, - { 0x5D5E922B, 32, NDPI_PROTOCOL_TOR }, - { 0x5D5FE37F, 32, NDPI_PROTOCOL_TOR }, - { 0x5D5FE3F5, 32, NDPI_PROTOCOL_TOR }, - { 0x5D5FE405, 32, NDPI_PROTOCOL_TOR }, - { 0x5D5FE433, 32, NDPI_PROTOCOL_TOR }, - { 0x5D5FE452, 32, NDPI_PROTOCOL_TOR }, - { 0x5D63058C, 32, NDPI_PROTOCOL_TOR }, - { 0x5D64A738, 32, NDPI_PROTOCOL_TOR }, - { 0x5D6797A7, 32, NDPI_PROTOCOL_TOR }, - { 0x5D688049, 32, NDPI_PROTOCOL_TOR }, - { 0x5D68A671, 32, NDPI_PROTOCOL_TOR }, - { 0x5D68D13D, 32, NDPI_PROTOCOL_TOR }, - { 0x5D68D19E, 32, NDPI_PROTOCOL_TOR }, - { 0x5D68D3A9, 32, NDPI_PROTOCOL_TOR }, - { 0x5D68D4FD, 32, NDPI_PROTOCOL_TOR }, - { 0x5D73569C, 32, NDPI_PROTOCOL_TOR }, - { 0x5D735EF3, 32, NDPI_PROTOCOL_TOR }, - { 0x5D735EF4, 32, NDPI_PROTOCOL_TOR }, - { 0x5D73F102, 32, NDPI_PROTOCOL_TOR }, - { 0x5D760C01, 32, NDPI_PROTOCOL_TOR }, - { 0x5D7C3305, 32, NDPI_PROTOCOL_TOR }, - { 0x5D7E65DF, 32, NDPI_PROTOCOL_TOR }, - { 0x5D804CF1, 32, NDPI_PROTOCOL_TOR }, - { 0x5D81945A, 32, NDPI_PROTOCOL_TOR }, - { 0x5D8456CA, 32, NDPI_PROTOCOL_TOR }, - { 0x5D84AC51, 32, NDPI_PROTOCOL_TOR }, - { 0x5D867771, 32, NDPI_PROTOCOL_TOR }, - { 0x5D8712F4, 32, NDPI_PROTOCOL_TOR }, - { 0x5D8BDD63, 32, NDPI_PROTOCOL_TOR }, - { 0x5D98C554, 32, NDPI_PROTOCOL_TOR }, - { 0x5D9C28A3, 32, NDPI_PROTOCOL_TOR }, - { 0x5D9C4AEF, 32, NDPI_PROTOCOL_TOR }, - { 0x5DA33850, 32, NDPI_PROTOCOL_TOR }, - { 0x5DA7F5B2, 32, NDPI_PROTOCOL_TOR }, - { 0x5DAE5A1E, 32, NDPI_PROTOCOL_TOR }, - { 0x5DAE5D15, 32, NDPI_PROTOCOL_TOR }, - { 0x5DAE5D3F, 32, NDPI_PROTOCOL_TOR }, - { 0x5DAF0C52, 32, NDPI_PROTOCOL_TOR }, - { 0x5DB49A5E, 32, NDPI_PROTOCOL_TOR }, - { 0x5DB49C54, 32, NDPI_PROTOCOL_TOR }, - { 0x5DB49C63, 32, NDPI_PROTOCOL_TOR }, - { 0x5DB49D28, 32, NDPI_PROTOCOL_TOR }, - { 0x5DB49D9A, 32, NDPI_PROTOCOL_TOR }, - { 0x5DB81566, 32, NDPI_PROTOCOL_TOR }, - { 0x5DB842E3, 32, NDPI_PROTOCOL_TOR }, - { 0x5DB9654C, 32, NDPI_PROTOCOL_TOR }, - { 0x5DB965AC, 32, NDPI_PROTOCOL_TOR }, - { 0x5DB96DBF, 32, NDPI_PROTOCOL_TOR }, - { 0x5DBAC8D5, 32, NDPI_PROTOCOL_TOR }, - { 0x5DBCA2EB, 32, NDPI_PROTOCOL_TOR }, - { 0x5DBF0D22, 32, NDPI_PROTOCOL_TOR }, - { 0x5DC06F39, 32, NDPI_PROTOCOL_TOR }, - { 0x5DC0AAC8, 32, NDPI_PROTOCOL_TOR }, - { 0x5DC0CA0C, 32, NDPI_PROTOCOL_TOR }, - { 0x5DC16D99, 32, NDPI_PROTOCOL_TOR }, - { 0x5DC2904C, 32, NDPI_PROTOCOL_TOR }, - { 0x5DC5E303, 32, NDPI_PROTOCOL_TOR }, - { 0x5DC5F098, 32, NDPI_PROTOCOL_TOR }, - { 0x5DC8C66B, 32, NDPI_PROTOCOL_TOR }, - { 0x5DCBFB93, 32, NDPI_PROTOCOL_TOR }, - { 0x5DCD0C3A, 32, NDPI_PROTOCOL_TOR }, - { 0x5DCF14E7, 32, NDPI_PROTOCOL_TOR }, - { 0x5DCF46AC, 32, NDPI_PROTOCOL_TOR }, - { 0x5DD3F085, 32, NDPI_PROTOCOL_TOR }, - { 0x5DD47CEB, 32, NDPI_PROTOCOL_TOR }, - { 0x5DD71649, 32, NDPI_PROTOCOL_TOR }, - { 0x5DD740AF, 32, NDPI_PROTOCOL_TOR }, - { 0x5DDA6C31, 32, NDPI_PROTOCOL_TOR }, - { 0x5DDB7692, 32, NDPI_PROTOCOL_TOR }, - { 0x5DDC0F3B, 32, NDPI_PROTOCOL_TOR }, - { 0x5DDC7449, 32, NDPI_PROTOCOL_TOR }, - { 0x5DDCD36F, 32, NDPI_PROTOCOL_TOR }, - { 0x5DDCEB0C, 32, NDPI_PROTOCOL_TOR }, - { 0x5DDF509D, 32, NDPI_PROTOCOL_TOR }, - { 0x5DDFCC89, 32, NDPI_PROTOCOL_TOR }, - { 0x5DE44D4E, 32, NDPI_PROTOCOL_TOR }, - { 0x5DE62635, 32, NDPI_PROTOCOL_TOR }, - { 0x5DE95360, 32, NDPI_PROTOCOL_TOR }, - { 0x5E05D57B, 32, NDPI_PROTOCOL_TOR }, - { 0x5E09C10C, 32, NDPI_PROTOCOL_TOR }, - { 0x5E104BE2, 32, NDPI_PROTOCOL_TOR }, - { 0x5E137BC2, 32, NDPI_PROTOCOL_TOR }, - { 0x5E160545, 32, NDPI_PROTOCOL_TOR }, - { 0x5E168F9E, 32, NDPI_PROTOCOL_TOR }, - { 0x5E16A01D, 32, NDPI_PROTOCOL_TOR }, - { 0x5E170291, 32, NDPI_PROTOCOL_TOR }, - { 0x5E1712A9, 32, NDPI_PROTOCOL_TOR }, - { 0x5E17141C, 32, NDPI_PROTOCOL_TOR }, - { 0x5E1714BE, 32, NDPI_PROTOCOL_TOR }, - { 0x5E17194E, 32, NDPI_PROTOCOL_TOR }, - { 0x5E171E35, 32, NDPI_PROTOCOL_TOR }, - { 0x5E172434, 32, NDPI_PROTOCOL_TOR }, - { 0x5E172599, 32, NDPI_PROTOCOL_TOR }, - { 0x5E1730BA, 32, NDPI_PROTOCOL_TOR }, - { 0x5E17360C, 32, NDPI_PROTOCOL_TOR }, - { 0x5E17381F, 32, NDPI_PROTOCOL_TOR }, - { 0x5E1746DE, 32, NDPI_PROTOCOL_TOR }, - { 0x5E175892, 32, NDPI_PROTOCOL_TOR }, - { 0x5E176919, 32, NDPI_PROTOCOL_TOR }, - { 0x5E17A2E3, 32, NDPI_PROTOCOL_TOR }, - { 0x5E17AB60, 32, NDPI_PROTOCOL_TOR }, - { 0x5E17C221, 32, NDPI_PROTOCOL_TOR }, - { 0x5E17C636, 32, NDPI_PROTOCOL_TOR }, - { 0x5E17CCAF, 32, NDPI_PROTOCOL_TOR }, - { 0x5E17D0BC, 32, NDPI_PROTOCOL_TOR }, - { 0x5E17D2A3, 32, NDPI_PROTOCOL_TOR }, - { 0x5E17ECBB, 32, NDPI_PROTOCOL_TOR }, - { 0x5E17FC1F, 32, NDPI_PROTOCOL_TOR }, - { 0x5E188C4A, 32, NDPI_PROTOCOL_TOR }, - { 0x5E22964B, 32, NDPI_PROTOCOL_TOR }, - { 0x5E29C2EE, 32, NDPI_PROTOCOL_TOR }, - { 0x5E2D3BF0, 32, NDPI_PROTOCOL_TOR }, - { 0x5E33CEA8, 32, NDPI_PROTOCOL_TOR }, - { 0x5E46889C, 32, NDPI_PROTOCOL_TOR }, - { 0x5E4BCF64, 32, NDPI_PROTOCOL_TOR }, - { 0x5E4F89B6, 32, NDPI_PROTOCOL_TOR }, - { 0x5E4FB906, 32, NDPI_PROTOCOL_TOR }, - { 0x5E6412A2, 32, NDPI_PROTOCOL_TOR }, - { 0x5E6635B1, 32, NDPI_PROTOCOL_TOR }, - { 0x5E663CAC, 32, NDPI_PROTOCOL_TOR }, - { 0x5E67AF55, 32, NDPI_PROTOCOL_TOR }, - { 0x5E716902, 32, NDPI_PROTOCOL_TOR }, - { 0x5E71E6DD, 32, NDPI_PROTOCOL_TOR }, - { 0x5E7CF603, 32, NDPI_PROTOCOL_TOR }, - { 0x5E7EB201, 32, NDPI_PROTOCOL_TOR }, - { 0x5E878697, 32, NDPI_PROTOCOL_TOR }, - { 0x5E88612A, 32, NDPI_PROTOCOL_TOR }, - { 0x5E8DACF0, 32, NDPI_PROTOCOL_TOR }, - { 0x5E8EF18A, 32, NDPI_PROTOCOL_TOR }, - { 0x5E8EF1F1, 32, NDPI_PROTOCOL_TOR }, - { 0x5E8EF21E, 32, NDPI_PROTOCOL_TOR }, - { 0x5E8EF5CE, 32, NDPI_PROTOCOL_TOR }, - { 0x5E8EF5E7, 32, NDPI_PROTOCOL_TOR }, - { 0x5E9B5D2D, 32, NDPI_PROTOCOL_TOR }, - { 0x5E9ED927, 32, NDPI_PROTOCOL_TOR }, - { 0x5E9FCE6E, 32, NDPI_PROTOCOL_TOR }, - { 0x5E9FDCF2, 32, NDPI_PROTOCOL_TOR }, - { 0x5EAE9EF4, 32, NDPI_PROTOCOL_TOR }, - { 0x5EB4D2CA, 32, NDPI_PROTOCOL_TOR }, - { 0x5EB4D8D9, 32, NDPI_PROTOCOL_TOR }, - { 0x5EB4E868, 32, NDPI_PROTOCOL_TOR }, - { 0x5EB51414, 32, NDPI_PROTOCOL_TOR }, - { 0x5EB95202, 32, NDPI_PROTOCOL_TOR }, - { 0x5EBC1C88, 32, NDPI_PROTOCOL_TOR }, - { 0x5EBC39EC, 32, NDPI_PROTOCOL_TOR }, - { 0x5EBEE03A, 32, NDPI_PROTOCOL_TOR }, - { 0x5EC6440D, 32, NDPI_PROTOCOL_TOR }, - { 0x5EC66247, 32, NDPI_PROTOCOL_TOR }, - { 0x5EC66411, 32, NDPI_PROTOCOL_TOR }, - { 0x5EC73365, 32, NDPI_PROTOCOL_TOR }, - { 0x5ED0E3DD, 32, NDPI_PROTOCOL_TOR }, - { 0x5ED2001C, 32, NDPI_PROTOCOL_TOR }, - { 0x5ED2BE2C, 32, NDPI_PROTOCOL_TOR }, - { 0x5ED3C0CA, 32, NDPI_PROTOCOL_TOR }, - { 0x5ED61659, 32, NDPI_PROTOCOL_TOR }, - { 0x5ED6179F, 32, NDPI_PROTOCOL_TOR }, - { 0x5ED9C67E, 32, NDPI_PROTOCOL_TOR }, - { 0x5ED9FE19, 32, NDPI_PROTOCOL_TOR }, - { 0x5EDA142C, 32, NDPI_PROTOCOL_TOR }, - { 0x5EDC49D6, 32, NDPI_PROTOCOL_TOR }, - { 0x5EDD6472, 32, NDPI_PROTOCOL_TOR }, - { 0x5EDD9651, 32, NDPI_PROTOCOL_TOR }, - { 0x5EE19A57, 32, NDPI_PROTOCOL_TOR }, - { 0x5EE4560B, 32, NDPI_PROTOCOL_TOR }, - { 0x5EE4DEC0, 32, NDPI_PROTOCOL_TOR }, - { 0x5EE6CB1F, 32, NDPI_PROTOCOL_TOR }, - { 0x5EE72228, 32, NDPI_PROTOCOL_TOR }, - { 0x5EF23915, 32, NDPI_PROTOCOL_TOR }, - { 0x5EF23926, 32, NDPI_PROTOCOL_TOR }, - { 0x5EF239A4, 32, NDPI_PROTOCOL_TOR }, - { 0x5EF239A9, 32, NDPI_PROTOCOL_TOR }, - { 0x5EF239C4, 32, NDPI_PROTOCOL_TOR }, - { 0x5EF239D4, 32, NDPI_PROTOCOL_TOR }, - { 0x5EF23A46, 32, NDPI_PROTOCOL_TOR }, - { 0x5EF2C6A4, 32, NDPI_PROTOCOL_TOR }, - { 0x5EF2CC84, 32, NDPI_PROTOCOL_TOR }, - { 0x5EF2D178, 32, NDPI_PROTOCOL_TOR }, - { 0x5EF2D1F4, 32, NDPI_PROTOCOL_TOR }, - { 0x5EF2DE1B, 32, NDPI_PROTOCOL_TOR }, - { 0x5EF2DED7, 32, NDPI_PROTOCOL_TOR }, - { 0x5EF2F342, 32, NDPI_PROTOCOL_TOR }, - { 0x5EF2F3A2, 32, NDPI_PROTOCOL_TOR }, - { 0x5EF2F617, 32, NDPI_PROTOCOL_TOR }, - { 0x5EF2F618, 32, NDPI_PROTOCOL_TOR }, - { 0x5EF2FB70, 32, NDPI_PROTOCOL_TOR }, - { 0x5EF2FC29, 32, NDPI_PROTOCOL_TOR }, - { 0x5EF2FE51, 32, NDPI_PROTOCOL_TOR }, - { 0x5EF2FE51, 32, NDPI_PROTOCOL_TOR }, - { 0x5EF2FEBF, 32, NDPI_PROTOCOL_TOR }, - { 0x5EF72982, 32, NDPI_PROTOCOL_TOR }, - { 0x5EFD0E62, 32, NDPI_PROTOCOL_TOR }, - { 0x5EFD4CD2, 32, NDPI_PROTOCOL_TOR }, - { 0x5EFE1877, 32, NDPI_PROTOCOL_TOR }, - { 0x5EFE30C2, 32, NDPI_PROTOCOL_TOR }, - { 0x5F122587, 32, NDPI_PROTOCOL_TOR }, - { 0x5F17F611, 32, NDPI_PROTOCOL_TOR }, - { 0x5F182884, 32, NDPI_PROTOCOL_TOR }, - { 0x5F1931B0, 32, NDPI_PROTOCOL_TOR }, - { 0x5F1BE179, 32, NDPI_PROTOCOL_TOR }, - { 0x5F1C5963, 32, NDPI_PROTOCOL_TOR }, - { 0x5F1EAD45, 32, NDPI_PROTOCOL_TOR }, - { 0x5F1F1B6C, 32, NDPI_PROTOCOL_TOR }, - { 0x5F1F2E02, 32, NDPI_PROTOCOL_TOR }, - { 0x5F25A84D, 32, NDPI_PROTOCOL_TOR }, - { 0x5F40CB0E, 32, NDPI_PROTOCOL_TOR }, - { 0x5F477EE6, 32, NDPI_PROTOCOL_TOR }, - { 0x5F480939, 32, NDPI_PROTOCOL_TOR }, - { 0x5F4892AD, 32, NDPI_PROTOCOL_TOR }, - { 0x5F491AE8, 32, NDPI_PROTOCOL_TOR }, - { 0x5F4931BA, 32, NDPI_PROTOCOL_TOR }, - { 0x5F49EB59, 32, NDPI_PROTOCOL_TOR }, - { 0x5F4D914B, 32, NDPI_PROTOCOL_TOR }, - { 0x5F4E3856, 32, NDPI_PROTOCOL_TOR }, - { 0x5F4F19B6, 32, NDPI_PROTOCOL_TOR }, - { 0x5F4F605F, 32, NDPI_PROTOCOL_TOR }, - { 0x5F4F89F8, 32, NDPI_PROTOCOL_TOR }, - { 0x5F500A2E, 32, NDPI_PROTOCOL_TOR }, - { 0x5F52F5EA, 32, NDPI_PROTOCOL_TOR }, - { 0x5F549049, 32, NDPI_PROTOCOL_TOR }, - { 0x5F5494AD, 32, NDPI_PROTOCOL_TOR }, - { 0x5F54C634, 32, NDPI_PROTOCOL_TOR }, - { 0x5F54C806, 32, NDPI_PROTOCOL_TOR }, - { 0x5F54D17E, 32, NDPI_PROTOCOL_TOR }, - { 0x5F550367, 32, NDPI_PROTOCOL_TOR }, - { 0x5F5503BF, 32, NDPI_PROTOCOL_TOR }, - { 0x5F5505D3, 32, NDPI_PROTOCOL_TOR }, - { 0x5F55075A, 32, NDPI_PROTOCOL_TOR }, - { 0x5F5508E2, 32, NDPI_PROTOCOL_TOR }, - { 0x5F550A47, 32, NDPI_PROTOCOL_TOR }, - { 0x5F550E4F, 32, NDPI_PROTOCOL_TOR }, - { 0x5F551449, 32, NDPI_PROTOCOL_TOR }, - { 0x5F55150E, 32, NDPI_PROTOCOL_TOR }, - { 0x5F5517BD, 32, NDPI_PROTOCOL_TOR }, - { 0x5F552522, 32, NDPI_PROTOCOL_TOR }, - { 0x5F55256F, 32, NDPI_PROTOCOL_TOR }, - { 0x5F552673, 32, NDPI_PROTOCOL_TOR }, - { 0x5F55271C, 32, NDPI_PROTOCOL_TOR }, - { 0x5F552A24, 32, NDPI_PROTOCOL_TOR }, - { 0x5F553605, 32, NDPI_PROTOCOL_TOR }, - { 0x5F553C17, 32, NDPI_PROTOCOL_TOR }, - { 0x5F594A54, 32, NDPI_PROTOCOL_TOR }, - { 0x5F599862, 32, NDPI_PROTOCOL_TOR }, - { 0x5F5A0C37, 32, NDPI_PROTOCOL_TOR }, - { 0x5F5B83B6, 32, NDPI_PROTOCOL_TOR }, - { 0x5F61A0CC, 32, NDPI_PROTOCOL_TOR }, - { 0x5F69A188, 32, NDPI_PROTOCOL_TOR }, - { 0x5F6A1BC6, 32, NDPI_PROTOCOL_TOR }, - { 0x5F6D7A90, 32, NDPI_PROTOCOL_TOR }, - { 0x5F7008D0, 32, NDPI_PROTOCOL_TOR }, - { 0x5F71E203, 32, NDPI_PROTOCOL_TOR }, - { 0x5F72385D, 32, NDPI_PROTOCOL_TOR }, - { 0x5F741FDB, 32, NDPI_PROTOCOL_TOR }, - { 0x5F76808A, 32, NDPI_PROTOCOL_TOR }, - { 0x5F802BA4, 32, NDPI_PROTOCOL_TOR }, - { 0x5F8137AD, 32, NDPI_PROTOCOL_TOR }, - { 0x5F81CD53, 32, NDPI_PROTOCOL_TOR }, - { 0x5F820959, 32, NDPI_PROTOCOL_TOR }, - { 0x5F820959, 32, NDPI_PROTOCOL_TOR }, - { 0x5F820979, 32, NDPI_PROTOCOL_TOR }, - { 0x5F8209BE, 32, NDPI_PROTOCOL_TOR }, - { 0x5F820A0F, 32, NDPI_PROTOCOL_TOR }, - { 0x5F820B05, 32, NDPI_PROTOCOL_TOR }, - { 0x5F820B0F, 32, NDPI_PROTOCOL_TOR }, - { 0x5F820B2A, 32, NDPI_PROTOCOL_TOR }, - { 0x5F820B2E, 32, NDPI_PROTOCOL_TOR }, - { 0x5F820B93, 32, NDPI_PROTOCOL_TOR }, - { 0x5F820BA2, 32, NDPI_PROTOCOL_TOR }, - { 0x5F820BAA, 32, NDPI_PROTOCOL_TOR }, - { 0x5F820BD6, 32, NDPI_PROTOCOL_TOR }, - { 0x5F820C2F, 32, NDPI_PROTOCOL_TOR }, - { 0x5F820C77, 32, NDPI_PROTOCOL_TOR }, - { 0x5F820F60, 32, NDPI_PROTOCOL_TOR }, - { 0x5F820F61, 32, NDPI_PROTOCOL_TOR }, - { 0x5F820FFB, 32, NDPI_PROTOCOL_TOR }, - { 0x5F820FFC, 32, NDPI_PROTOCOL_TOR }, - { 0x5F820FFD, 32, NDPI_PROTOCOL_TOR }, - { 0x5F820FFE, 32, NDPI_PROTOCOL_TOR }, - { 0x5F8387B3, 32, NDPI_PROTOCOL_TOR }, - { 0x5F83EA02, 32, NDPI_PROTOCOL_TOR }, - { 0x5F8429AB, 32, NDPI_PROTOCOL_TOR }, - { 0x5F843460, 32, NDPI_PROTOCOL_TOR }, - { 0x5F851927, 32, NDPI_PROTOCOL_TOR }, - { 0x5F872D77, 32, NDPI_PROTOCOL_TOR }, - { 0x5F8BE024, 32, NDPI_PROTOCOL_TOR }, - { 0x5F8C2AB7, 32, NDPI_PROTOCOL_TOR }, - { 0x5F8D5392, 32, NDPI_PROTOCOL_TOR }, - { 0x5F8DE895, 32, NDPI_PROTOCOL_TOR }, - { 0x5F8EA13F, 32, NDPI_PROTOCOL_TOR }, - { 0x5F8EAD12, 32, NDPI_PROTOCOL_TOR }, - { 0x5F8FACD4, 32, NDPI_PROTOCOL_TOR }, - { 0x5F8FACD6, 32, NDPI_PROTOCOL_TOR }, - { 0x5F8FACF4, 32, NDPI_PROTOCOL_TOR }, - { 0x5F8FC191, 32, NDPI_PROTOCOL_TOR }, - { 0x5F8FE1C6, 32, NDPI_PROTOCOL_TOR }, - { 0x5F91E0D0, 32, NDPI_PROTOCOL_TOR }, - { 0x5F9A1849, 32, NDPI_PROTOCOL_TOR }, - { 0x5F9A58FC, 32, NDPI_PROTOCOL_TOR }, - { 0x5F9A6A86, 32, NDPI_PROTOCOL_TOR }, - { 0x5F9D0C83, 32, NDPI_PROTOCOL_TOR }, - { 0x5FA01056, 32, NDPI_PROTOCOL_TOR }, - { 0x5FA9BC67, 32, NDPI_PROTOCOL_TOR }, - { 0x5FAAB5D0, 32, NDPI_PROTOCOL_TOR }, - { 0x5FACEC76, 32, NDPI_PROTOCOL_TOR }, - { 0x5FAEE547, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD3079E, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD31B0A, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD349ED, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD3629F, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD38811, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD38A1B, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD3A923, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD3CD97, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD3D865, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD3DE93, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD3E1A7, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD3E408, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD3E59E, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD3E781, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD3F153, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD701B5, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72C66, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72C69, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72C6E, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72C6F, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72C7A, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72C91, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72CBA, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72CBB, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72CBD, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72CC2, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72CE8, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72CF9, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72D2F, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72D41, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72D44, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72D80, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72D8E, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72DBC, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72DC3, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72DC5, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72E24, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72E54, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72E5A, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72E67, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72E7B, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72E96, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72EF4, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72F75, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72F80, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72F8B, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72F96, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72FB1, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72FBB, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72FC7, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72FCE, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72FD8, 32, NDPI_PROTOCOL_TOR }, - { 0x5FD72FF2, 32, NDPI_PROTOCOL_TOR }, - { 0x5FDC69CA, 32, NDPI_PROTOCOL_TOR }, - { 0x5FDC822D, 32, NDPI_PROTOCOL_TOR }, - { 0x5FDE9C03, 32, NDPI_PROTOCOL_TOR }, - { 0x5FDE9C04, 32, NDPI_PROTOCOL_TOR }, - { 0x5FDEE336, 32, NDPI_PROTOCOL_TOR }, - { 0x5FDFD887, 32, NDPI_PROTOCOL_TOR }, - { 0x5FEEE099, 32, NDPI_PROTOCOL_TOR }, - { 0x5FEFE676, 32, NDPI_PROTOCOL_TOR }, - { 0x601390C6, 32, NDPI_PROTOCOL_TOR }, - { 0x601CBD5E, 32, NDPI_PROTOCOL_TOR }, - { 0x601F430F, 32, NDPI_PROTOCOL_TOR }, - { 0x60210687, 32, NDPI_PROTOCOL_TOR }, - { 0x60238283, 32, NDPI_PROTOCOL_TOR }, - { 0x60253C3F, 32, NDPI_PROTOCOL_TOR }, - { 0x6028292D, 32, NDPI_PROTOCOL_TOR }, - { 0x60290DA2, 32, NDPI_PROTOCOL_TOR }, - { 0x6029718C, 32, NDPI_PROTOCOL_TOR }, - { 0x602A211B, 32, NDPI_PROTOCOL_TOR }, - { 0x602CBD64, 32, NDPI_PROTOCOL_TOR }, - { 0x602CBD65, 32, NDPI_PROTOCOL_TOR }, - { 0x602CBD66, 32, NDPI_PROTOCOL_TOR }, - { 0x602F411A, 32, NDPI_PROTOCOL_TOR }, - { 0x602FE214, 32, NDPI_PROTOCOL_TOR }, - { 0x602FE215, 32, NDPI_PROTOCOL_TOR }, - { 0x602FE216, 32, NDPI_PROTOCOL_TOR }, - { 0x602FEC7E, 32, NDPI_PROTOCOL_TOR }, - { 0x60303837, 32, NDPI_PROTOCOL_TOR }, - { 0x60341169, 32, NDPI_PROTOCOL_TOR }, - { 0x60362A0F, 32, NDPI_PROTOCOL_TOR }, - { 0x607E6009, 32, NDPI_PROTOCOL_TOR }, - { 0x607E605A, 32, NDPI_PROTOCOL_TOR }, - { 0x607E6688, 32, NDPI_PROTOCOL_TOR }, - { 0x607E69DB, 32, NDPI_PROTOCOL_TOR }, - { 0x607E6E3C, 32, NDPI_PROTOCOL_TOR }, - { 0x607E6E3C, 32, NDPI_PROTOCOL_TOR }, - { 0x607E76E3, 32, NDPI_PROTOCOL_TOR }, - { 0x607E7AA6, 32, NDPI_PROTOCOL_TOR }, - { 0x607E7F58, 32, NDPI_PROTOCOL_TOR }, - { 0x60E26D05, 32, NDPI_PROTOCOL_TOR }, - { 0x60E29C48, 32, NDPI_PROTOCOL_TOR }, - { 0x60E53297, 32, NDPI_PROTOCOL_TOR }, - { 0x60E6398D, 32, NDPI_PROTOCOL_TOR }, - { 0x60E85742, 32, NDPI_PROTOCOL_TOR }, - { 0x60E932CF, 32, NDPI_PROTOCOL_TOR }, - { 0x60EE056F, 32, NDPI_PROTOCOL_TOR }, - { 0x60EE23B4, 32, NDPI_PROTOCOL_TOR }, - { 0x60F19A42, 32, NDPI_PROTOCOL_TOR }, - { 0x60FA5604, 32, NDPI_PROTOCOL_TOR }, - { 0x60FD4E6B, 32, NDPI_PROTOCOL_TOR }, - { 0x60FF47C9, 32, NDPI_PROTOCOL_TOR }, - { 0x6155B286, 32, NDPI_PROTOCOL_TOR }, - { 0x61570E0F, 32, NDPI_PROTOCOL_TOR }, - { 0x61573D40, 32, NDPI_PROTOCOL_TOR }, - { 0x615D1FB9, 32, NDPI_PROTOCOL_TOR }, - { 0x615F20B2, 32, NDPI_PROTOCOL_TOR }, - { 0x61664AC2, 32, NDPI_PROTOCOL_TOR }, - { 0x61664F0E, 32, NDPI_PROTOCOL_TOR }, - { 0x616B8418, 32, NDPI_PROTOCOL_TOR }, - { 0x616B867F, 32, NDPI_PROTOCOL_TOR }, - { 0x616B8A44, 32, NDPI_PROTOCOL_TOR }, - { 0x616B8B1C, 32, NDPI_PROTOCOL_TOR }, - { 0x616B8B6C, 32, NDPI_PROTOCOL_TOR }, - { 0x616B8E85, 32, NDPI_PROTOCOL_TOR }, - { 0x616B8EDA, 32, NDPI_PROTOCOL_TOR }, - { 0x616B8EEA, 32, NDPI_PROTOCOL_TOR }, - { 0x61761E24, 32, NDPI_PROTOCOL_TOR }, - { 0x62181813, 32, NDPI_PROTOCOL_TOR }, - { 0x62185496, 32, NDPI_PROTOCOL_TOR }, - { 0x621CA618, 32, NDPI_PROTOCOL_TOR }, - { 0x621CF5EC, 32, NDPI_PROTOCOL_TOR }, - { 0x6241C4D2, 32, NDPI_PROTOCOL_TOR }, - { 0x6245AA0A, 32, NDPI_PROTOCOL_TOR }, - { 0x626538B2, 32, NDPI_PROTOCOL_TOR }, - { 0x626D3882, 32, NDPI_PROTOCOL_TOR }, - { 0x626D7511, 32, NDPI_PROTOCOL_TOR }, - { 0x62726199, 32, NDPI_PROTOCOL_TOR }, - { 0x6274DF81, 32, NDPI_PROTOCOL_TOR }, - { 0x627C74C6, 32, NDPI_PROTOCOL_TOR }, - { 0x628E2F36, 32, NDPI_PROTOCOL_TOR }, - { 0x6296DFDD, 32, NDPI_PROTOCOL_TOR }, - { 0x629B1EED, 32, NDPI_PROTOCOL_TOR }, - { 0x629D1940, 32, NDPI_PROTOCOL_TOR }, - { 0x629D41CC, 32, NDPI_PROTOCOL_TOR }, - { 0x62B436C1, 32, NDPI_PROTOCOL_TOR }, - { 0x62B790F7, 32, NDPI_PROTOCOL_TOR }, - { 0x62C1C54A, 32, NDPI_PROTOCOL_TOR }, - { 0x62C774D0, 32, NDPI_PROTOCOL_TOR }, - { 0x62C925BF, 32, NDPI_PROTOCOL_TOR }, - { 0x62C99217, 32, NDPI_PROTOCOL_TOR }, - { 0x62CEB470, 32, NDPI_PROTOCOL_TOR }, - { 0x62CEB64E, 32, NDPI_PROTOCOL_TOR }, - { 0x62D2A4C6, 32, NDPI_PROTOCOL_TOR }, - { 0x62D6F355, 32, NDPI_PROTOCOL_TOR }, - { 0x62D8A86C, 32, NDPI_PROTOCOL_TOR }, - { 0x62D99D4C, 32, NDPI_PROTOCOL_TOR }, - { 0x62DA3282, 32, NDPI_PROTOCOL_TOR }, - { 0x62DA372F, 32, NDPI_PROTOCOL_TOR }, - { 0x62E0DAEE, 32, NDPI_PROTOCOL_TOR }, - { 0x62E7895E, 32, NDPI_PROTOCOL_TOR }, - { 0x62E818A7, 32, NDPI_PROTOCOL_TOR }, - { 0x62EC4BEC, 32, NDPI_PROTOCOL_TOR }, - { 0x62F5A7CC, 32, NDPI_PROTOCOL_TOR }, - { 0x62F62CE0, 32, NDPI_PROTOCOL_TOR }, - { 0x62F81DE9, 32, NDPI_PROTOCOL_TOR }, - { 0x62FC8D6B, 32, NDPI_PROTOCOL_TOR }, - { 0x62FFC9AB, 32, NDPI_PROTOCOL_TOR }, - { 0x630615BE, 32, NDPI_PROTOCOL_TOR }, - { 0x633F1919, 32, NDPI_PROTOCOL_TOR }, - { 0x635AD476, 32, NDPI_PROTOCOL_TOR }, - { 0x635F8924, 32, NDPI_PROTOCOL_TOR }, - { 0x6363E834, 32, NDPI_PROTOCOL_TOR }, - { 0x6366B2AD, 32, NDPI_PROTOCOL_TOR }, - { 0x63E1049C, 32, NDPI_PROTOCOL_TOR }, - { 0x63E4AB0B, 32, NDPI_PROTOCOL_TOR }, - { 0x63EA2BA0, 32, NDPI_PROTOCOL_TOR }, - { 0x6424B8E6, 32, NDPI_PROTOCOL_TOR }, - { 0x6425681C, 32, NDPI_PROTOCOL_TOR }, - { 0x65339B42, 32, NDPI_PROTOCOL_TOR }, - { 0x6562AEE2, 32, NDPI_PROTOCOL_TOR }, - { 0x65634096, 32, NDPI_PROTOCOL_TOR }, - { 0x658CD912, 32, NDPI_PROTOCOL_TOR }, - { 0x658EC26D, 32, NDPI_PROTOCOL_TOR }, - { 0x65B090B8, 32, NDPI_PROTOCOL_TOR }, - { 0x65BB0480, 32, NDPI_PROTOCOL_TOR }, - { 0x6706D5C6, 32, NDPI_PROTOCOL_TOR }, - { 0x670AC532, 32, NDPI_PROTOCOL_TOR }, - { 0x670AC764, 32, NDPI_PROTOCOL_TOR }, - { 0x67101A47, 32, NDPI_PROTOCOL_TOR }, - { 0x67193810, 32, NDPI_PROTOCOL_TOR }, - { 0x67298435, 32, NDPI_PROTOCOL_TOR }, - { 0x67F05B07, 32, NDPI_PROTOCOL_TOR }, - { 0x67FAB895, 32, NDPI_PROTOCOL_TOR }, - { 0x68091CA1, 32, NDPI_PROTOCOL_TOR }, - { 0x6820195D, 32, NDPI_PROTOCOL_TOR }, - { 0x68218AAE, 32, NDPI_PROTOCOL_TOR }, - { 0x6828018F, 32, NDPI_PROTOCOL_TOR }, - { 0x68288AA6, 32, NDPI_PROTOCOL_TOR }, - { 0x6829028B, 32, NDPI_PROTOCOL_TOR }, - { 0x68311642, 32, NDPI_PROTOCOL_TOR }, - { 0x68804E6B, 32, NDPI_PROTOCOL_TOR }, - { 0x68804E6B, 32, NDPI_PROTOCOL_TOR }, - { 0x68804E6C, 32, NDPI_PROTOCOL_TOR }, - { 0x68804E6C, 32, NDPI_PROTOCOL_TOR }, - { 0x6880AB3E, 32, NDPI_PROTOCOL_TOR }, - { 0x6880E1CB, 32, NDPI_PROTOCOL_TOR }, - { 0x68821999, 32, NDPI_PROTOCOL_TOR }, - { 0x68830974, 32, NDPI_PROTOCOL_TOR }, - { 0x68830C8B, 32, NDPI_PROTOCOL_TOR }, - { 0x68830EAF, 32, NDPI_PROTOCOL_TOR }, - { 0x68831377, 32, NDPI_PROTOCOL_TOR }, - { 0x68831C36, 32, NDPI_PROTOCOL_TOR }, - { 0x68831E06, 32, NDPI_PROTOCOL_TOR }, - { 0x688322AA, 32, NDPI_PROTOCOL_TOR }, - { 0x688322AC, 32, NDPI_PROTOCOL_TOR }, - { 0x68832D66, 32, NDPI_PROTOCOL_TOR }, - { 0x6883335D, 32, NDPI_PROTOCOL_TOR }, - { 0x6883378D, 32, NDPI_PROTOCOL_TOR }, - { 0x688337B8, 32, NDPI_PROTOCOL_TOR }, - { 0x6883387F, 32, NDPI_PROTOCOL_TOR }, - { 0x68833A42, 32, NDPI_PROTOCOL_TOR }, - { 0x68833F50, 32, NDPI_PROTOCOL_TOR }, - { 0x68833F8F, 32, NDPI_PROTOCOL_TOR }, - { 0x688341E1, 32, NDPI_PROTOCOL_TOR }, - { 0x688342C2, 32, NDPI_PROTOCOL_TOR }, - { 0x68834956, 32, NDPI_PROTOCOL_TOR }, - { 0x68834ACF, 32, NDPI_PROTOCOL_TOR }, - { 0x68835F18, 32, NDPI_PROTOCOL_TOR }, - { 0x68836C07, 32, NDPI_PROTOCOL_TOR }, - { 0x68836ED5, 32, NDPI_PROTOCOL_TOR }, - { 0x6883722B, 32, NDPI_PROTOCOL_TOR }, - { 0x68837248, 32, NDPI_PROTOCOL_TOR }, - { 0x688375E7, 32, NDPI_PROTOCOL_TOR }, - { 0x68837B10, 32, NDPI_PROTOCOL_TOR }, - { 0x68837D54, 32, NDPI_PROTOCOL_TOR }, - { 0x6883811E, 32, NDPI_PROTOCOL_TOR }, - { 0x68838182, 32, NDPI_PROTOCOL_TOR }, - { 0x6883862F, 32, NDPI_PROTOCOL_TOR }, - { 0x68839A74, 32, NDPI_PROTOCOL_TOR }, - { 0x6883A6F3, 32, NDPI_PROTOCOL_TOR }, - { 0x6883AC2E, 32, NDPI_PROTOCOL_TOR }, - { 0x6883B5AE, 32, NDPI_PROTOCOL_TOR }, - { 0x6883CC93, 32, NDPI_PROTOCOL_TOR }, - { 0x6883CE17, 32, NDPI_PROTOCOL_TOR }, - { 0x6883D523, 32, NDPI_PROTOCOL_TOR }, - { 0x6883E7F1, 32, NDPI_PROTOCOL_TOR }, - { 0x6883F0A8, 32, NDPI_PROTOCOL_TOR }, - { 0x6883F537, 32, NDPI_PROTOCOL_TOR }, - { 0x689C39C7, 32, NDPI_PROTOCOL_TOR }, - { 0x689C6F36, 32, NDPI_PROTOCOL_TOR }, - { 0x689CE01C, 32, NDPI_PROTOCOL_TOR }, - { 0x689CE053, 32, NDPI_PROTOCOL_TOR }, - { 0x689CEE74, 32, NDPI_PROTOCOL_TOR }, - { 0x689CFD47, 32, NDPI_PROTOCOL_TOR }, - { 0x68A2167C, 32, NDPI_PROTOCOL_TOR }, - { 0x68A762FD, 32, NDPI_PROTOCOL_TOR }, - { 0x68A76304, 32, NDPI_PROTOCOL_TOR }, - { 0x68A7630C, 32, NDPI_PROTOCOL_TOR }, - { 0x68A76458, 32, NDPI_PROTOCOL_TOR }, - { 0x68A764A8, 32, NDPI_PROTOCOL_TOR }, - { 0x68A766F4, 32, NDPI_PROTOCOL_TOR }, - { 0x68A76734, 32, NDPI_PROTOCOL_TOR }, - { 0x68A7695C, 32, NDPI_PROTOCOL_TOR }, - { 0x68A76A2D, 32, NDPI_PROTOCOL_TOR }, - { 0x68A76B8E, 32, NDPI_PROTOCOL_TOR }, - { 0x68A823A8, 32, NDPI_PROTOCOL_TOR }, - { 0x68AE61BA, 32, NDPI_PROTOCOL_TOR }, - { 0x68C81056, 32, NDPI_PROTOCOL_TOR }, - { 0x68C81056, 32, NDPI_PROTOCOL_TOR }, - { 0x68C812B6, 32, NDPI_PROTOCOL_TOR }, - { 0x68C812B6, 32, NDPI_PROTOCOL_TOR }, - { 0x68C8148E, 32, NDPI_PROTOCOL_TOR }, - { 0x68C81841, 32, NDPI_PROTOCOL_TOR }, - { 0x68CEC114, 32, NDPI_PROTOCOL_TOR }, - { 0x68CF802A, 32, NDPI_PROTOCOL_TOR }, - { 0x68CF846D, 32, NDPI_PROTOCOL_TOR }, - { 0x68CF84C9, 32, NDPI_PROTOCOL_TOR }, - { 0x68CF92C8, 32, NDPI_PROTOCOL_TOR }, - { 0x68CF940C, 32, NDPI_PROTOCOL_TOR }, - { 0x68DBB8A6, 32, NDPI_PROTOCOL_TOR }, - { 0x68DD4C83, 32, NDPI_PROTOCOL_TOR }, - { 0x68E0AF68, 32, NDPI_PROTOCOL_TOR }, - { 0x68E80163, 32, NDPI_PROTOCOL_TOR }, - { 0x68E80321, 32, NDPI_PROTOCOL_TOR }, - { 0x68E80323, 32, NDPI_PROTOCOL_TOR }, - { 0x68EADC47, 32, NDPI_PROTOCOL_TOR }, - { 0x68EC0067, 32, NDPI_PROTOCOL_TOR }, - { 0x68EC0658, 32, NDPI_PROTOCOL_TOR }, - { 0x68EC084A, 32, NDPI_PROTOCOL_TOR }, - { 0x68EC1197, 32, NDPI_PROTOCOL_TOR }, - { 0x68EC191C, 32, NDPI_PROTOCOL_TOR }, - { 0x68EC239C, 32, NDPI_PROTOCOL_TOR }, - { 0x68EC26E7, 32, NDPI_PROTOCOL_TOR }, - { 0x68EC27DB, 32, NDPI_PROTOCOL_TOR }, - { 0x68EC2CD2, 32, NDPI_PROTOCOL_TOR }, - { 0x68EC323E, 32, NDPI_PROTOCOL_TOR }, - { 0x68EC3672, 32, NDPI_PROTOCOL_TOR }, - { 0x68EC5353, 32, NDPI_PROTOCOL_TOR }, - { 0x68EC5629, 32, NDPI_PROTOCOL_TOR }, - { 0x68EC575A, 32, NDPI_PROTOCOL_TOR }, - { 0x68EC5DE1, 32, NDPI_PROTOCOL_TOR }, - { 0x68EC6452, 32, NDPI_PROTOCOL_TOR }, - { 0x68EC6E0D, 32, NDPI_PROTOCOL_TOR }, - { 0x68EC8E5D, 32, NDPI_PROTOCOL_TOR }, - { 0x68EC95F9, 32, NDPI_PROTOCOL_TOR }, - { 0x68ECAE0E, 32, NDPI_PROTOCOL_TOR }, - { 0x68ECB3DA, 32, NDPI_PROTOCOL_TOR }, - { 0x68ECB3F0, 32, NDPI_PROTOCOL_TOR }, - { 0x68ECB847, 32, NDPI_PROTOCOL_TOR }, - { 0x68ECD5C1, 32, NDPI_PROTOCOL_TOR }, - { 0x68ECE860, 32, NDPI_PROTOCOL_TOR }, - { 0x68ECFDEC, 32, NDPI_PROTOCOL_TOR }, - { 0x68ED8054, 32, NDPI_PROTOCOL_TOR }, - { 0x68ED8134, 32, NDPI_PROTOCOL_TOR }, - { 0x68ED8134, 32, NDPI_PROTOCOL_TOR }, - { 0x68ED814E, 32, NDPI_PROTOCOL_TOR }, - { 0x68ED818E, 32, NDPI_PROTOCOL_TOR }, - { 0x68ED818E, 32, NDPI_PROTOCOL_TOR }, - { 0x68ED834B, 32, NDPI_PROTOCOL_TOR }, - { 0x68ED834B, 32, NDPI_PROTOCOL_TOR }, - { 0x68ED836B, 32, NDPI_PROTOCOL_TOR }, - { 0x68ED8D6D, 32, NDPI_PROTOCOL_TOR }, - { 0x68ED8DC1, 32, NDPI_PROTOCOL_TOR }, - { 0x68ED98C3, 32, NDPI_PROTOCOL_TOR }, - { 0x68F44B5B, 32, NDPI_PROTOCOL_TOR }, - { 0x68F4DFCC, 32, NDPI_PROTOCOL_TOR }, - { 0x68F5274A, 32, NDPI_PROTOCOL_TOR }, - { 0x68FBD208, 32, NDPI_PROTOCOL_TOR }, - { 0x699551A4, 32, NDPI_PROTOCOL_TOR }, - { 0x699AB5D4, 32, NDPI_PROTOCOL_TOR }, - { 0x69EDDE72, 32, NDPI_PROTOCOL_TOR }, - { 0x6AB91C19, 32, NDPI_PROTOCOL_TOR }, - { 0x6AB91C71, 32, NDPI_PROTOCOL_TOR }, - { 0x6AB91C71, 32, NDPI_PROTOCOL_TOR }, - { 0x6AB91CAA, 32, NDPI_PROTOCOL_TOR }, - { 0x6AB91D5D, 32, NDPI_PROTOCOL_TOR }, - { 0x6AB91EEE, 32, NDPI_PROTOCOL_TOR }, - { 0x6AB91F81, 32, NDPI_PROTOCOL_TOR }, - { 0x6AB91F81, 32, NDPI_PROTOCOL_TOR }, - { 0x6AB92697, 32, NDPI_PROTOCOL_TOR }, - { 0x6AB9273A, 32, NDPI_PROTOCOL_TOR }, - { 0x6AB9273A, 32, NDPI_PROTOCOL_TOR }, - { 0x6AB930D6, 32, NDPI_PROTOCOL_TOR }, - { 0x6AB930D6, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABA109A, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABA1228, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABA12F2, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABA1892, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABA18FE, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABA1C21, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABA1D04, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABA1D2A, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABA1E34, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABA7229, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABA7541, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABA7541, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABB23EC, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABB24B7, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABB259E, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABB259E, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABB26C6, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABB2974, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABB2B6E, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABB2D9C, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABB2F11, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABB3444, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABB37EF, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABB5EFE, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABB5EFE, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABB60FA, 32, NDPI_PROTOCOL_TOR }, - { 0x6ABB6773, 32, NDPI_PROTOCOL_TOR }, - { 0x6B021E0D, 32, NDPI_PROTOCOL_TOR }, - { 0x6B060491, 32, NDPI_PROTOCOL_TOR }, - { 0x6B14B34B, 32, NDPI_PROTOCOL_TOR }, - { 0x6B812529, 32, NDPI_PROTOCOL_TOR }, - { 0x6B9614F1, 32, NDPI_PROTOCOL_TOR }, - { 0x6B961BC8, 32, NDPI_PROTOCOL_TOR }, - { 0x6B961F6B, 32, NDPI_PROTOCOL_TOR }, - { 0x6B962336, 32, NDPI_PROTOCOL_TOR }, - { 0x6B96268A, 32, NDPI_PROTOCOL_TOR }, - { 0x6B9635B2, 32, NDPI_PROTOCOL_TOR }, - { 0x6B96AA3A, 32, NDPI_PROTOCOL_TOR }, - { 0x6B988F3E, 32, NDPI_PROTOCOL_TOR }, - { 0x6B9B748F, 32, NDPI_PROTOCOL_TOR }, - { 0x6B9EFF15, 32, NDPI_PROTOCOL_TOR }, - { 0x6B9EFF15, 32, NDPI_PROTOCOL_TOR }, - { 0x6B9EFF16, 32, NDPI_PROTOCOL_TOR }, - { 0x6B9EFF16, 32, NDPI_PROTOCOL_TOR }, - { 0x6BA150C3, 32, NDPI_PROTOCOL_TOR }, - { 0x6BA151BB, 32, NDPI_PROTOCOL_TOR }, - { 0x6BA151D0, 32, NDPI_PROTOCOL_TOR }, - { 0x6BA154B9, 32, NDPI_PROTOCOL_TOR }, - { 0x6BA19E11, 32, NDPI_PROTOCOL_TOR }, - { 0x6BA1B357, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAA2047, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAA3234, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAA330E, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAA41C5, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAA4E2A, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAA4F93, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAA5C89, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAA5CED, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAA5D0D, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAA5D20, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAA5D75, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAA60EB, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAA676F, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAA6CDE, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAA72CC, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAA78D6, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAA8F75, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAA9607, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAA9950, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAA9ED4, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAABC9B, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAAC021, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAAC442, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAACC21, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAAE84B, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAAF57F, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAAF6CC, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAAF721, 32, NDPI_PROTOCOL_TOR }, - { 0x6BAAFBB6, 32, NDPI_PROTOCOL_TOR }, - { 0x6BB5A60B, 32, NDPI_PROTOCOL_TOR }, - { 0x6BB5AE16, 32, NDPI_PROTOCOL_TOR }, - { 0x6BB613F9, 32, NDPI_PROTOCOL_TOR }, - { 0x6BB68374, 32, NDPI_PROTOCOL_TOR }, - { 0x6BB68388, 32, NDPI_PROTOCOL_TOR }, - { 0x6BB683CF, 32, NDPI_PROTOCOL_TOR }, - { 0x6BB683D3, 32, NDPI_PROTOCOL_TOR }, - { 0x6BBF2C9A, 32, NDPI_PROTOCOL_TOR }, - { 0x6BBF2ECC, 32, NDPI_PROTOCOL_TOR }, - { 0x6BBF3FB8, 32, NDPI_PROTOCOL_TOR }, - { 0x6BBF6245, 32, NDPI_PROTOCOL_TOR }, - { 0x6BBF6CCB, 32, NDPI_PROTOCOL_TOR }, - { 0x6BBF7EB8, 32, NDPI_PROTOCOL_TOR }, - { 0x6BC4142E, 32, NDPI_PROTOCOL_TOR }, - { 0x6BCB324B, 32, NDPI_PROTOCOL_TOR }, - { 0x6C009C8F, 32, NDPI_PROTOCOL_TOR }, - { 0x6C00C1EF, 32, NDPI_PROTOCOL_TOR }, - { 0x6C00CFF0, 32, NDPI_PROTOCOL_TOR }, - { 0x6C00DF0E, 32, NDPI_PROTOCOL_TOR }, - { 0x6C071024, 32, NDPI_PROTOCOL_TOR }, - { 0x6C0724B4, 32, NDPI_PROTOCOL_TOR }, - { 0x6C0CB2EB, 32, NDPI_PROTOCOL_TOR }, - { 0x6C0E531F, 32, NDPI_PROTOCOL_TOR }, - { 0x6C137138, 32, NDPI_PROTOCOL_TOR }, - { 0x6C1D6B46, 32, NDPI_PROTOCOL_TOR }, - { 0x6C1D75F5, 32, NDPI_PROTOCOL_TOR }, - { 0x6C1E388E, 32, NDPI_PROTOCOL_TOR }, - { 0x6C1E3970, 32, NDPI_PROTOCOL_TOR }, - { 0x6C1F2805, 32, NDPI_PROTOCOL_TOR }, - { 0x6C1FDC6E, 32, NDPI_PROTOCOL_TOR }, - { 0x6C203114, 32, NDPI_PROTOCOL_TOR }, - { 0x6C2D5D5E, 32, NDPI_PROTOCOL_TOR }, - { 0x6C309E93, 32, NDPI_PROTOCOL_TOR }, - { 0x6C32EBB6, 32, NDPI_PROTOCOL_TOR }, - { 0x6C33B8DC, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3504D1, 32, NDPI_PROTOCOL_TOR }, - { 0x6C35822A, 32, NDPI_PROTOCOL_TOR }, - { 0x6C36A4AF, 32, NDPI_PROTOCOL_TOR }, - { 0x6C38BD9D, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3A90E8, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3B02D0, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3B0BE1, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DA16F, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DA1E3, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DA457, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DA539, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DA646, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DA6C7, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DA7F0, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DA82C, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DB16E, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DB1C3, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DB22E, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DB233, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DB2D8, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DB3D8, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DB691, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DB6EC, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DB91A, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DB988, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DBCB4, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DC563, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DC6A6, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DC6CF, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DC7B0, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DC7CA, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DD0AB, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DD150, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DD27B, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DD35E, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DD466, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DF237, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DFB84, 32, NDPI_PROTOCOL_TOR }, - { 0x6C3DFCED, 32, NDPI_PROTOCOL_TOR }, - { 0x6C45A572, 32, NDPI_PROTOCOL_TOR }, - { 0x6C59AF93, 32, NDPI_PROTOCOL_TOR }, - { 0x6C6FAA05, 32, NDPI_PROTOCOL_TOR }, - { 0x6CA6A1BA, 32, NDPI_PROTOCOL_TOR }, - { 0x6CA6A89E, 32, NDPI_PROTOCOL_TOR }, - { 0x6CA6A8A7, 32, NDPI_PROTOCOL_TOR }, - { 0x6CA8033C, 32, NDPI_PROTOCOL_TOR }, - { 0x6CAA8A76, 32, NDPI_PROTOCOL_TOR }, - { 0x6CB49FFC, 32, NDPI_PROTOCOL_TOR }, - { 0x6CB9E23E, 32, NDPI_PROTOCOL_TOR }, - { 0x6CCC2E0E, 32, NDPI_PROTOCOL_TOR }, - { 0x6CD0E579, 32, NDPI_PROTOCOL_TOR }, - { 0x6CD20668, 32, NDPI_PROTOCOL_TOR }, - { 0x6CF0B68C, 32, NDPI_PROTOCOL_TOR }, - { 0x6CF72296, 32, NDPI_PROTOCOL_TOR }, - { 0x6CF7F4CC, 32, NDPI_PROTOCOL_TOR }, - { 0x6CF857F2, 32, NDPI_PROTOCOL_TOR }, - { 0x6D00AA2D, 32, NDPI_PROTOCOL_TOR }, - { 0x6D00DC98, 32, NDPI_PROTOCOL_TOR }, - { 0x6D163429, 32, NDPI_PROTOCOL_TOR }, - { 0x6D44AE3C, 32, NDPI_PROTOCOL_TOR }, - { 0x6D44BF85, 32, NDPI_PROTOCOL_TOR }, - { 0x6D454311, 32, NDPI_PROTOCOL_TOR }, - { 0x6D4565A5, 32, NDPI_PROTOCOL_TOR }, - { 0x6D49345A, 32, NDPI_PROTOCOL_TOR }, - { 0x6D4A0058, 32, NDPI_PROTOCOL_TOR }, - { 0x6D4A9795, 32, NDPI_PROTOCOL_TOR }, - { 0x6D4AC247, 32, NDPI_PROTOCOL_TOR }, - { 0x6D4AC27C, 32, NDPI_PROTOCOL_TOR }, - { 0x6D4AC3BE, 32, NDPI_PROTOCOL_TOR }, - { 0x6D4AC865, 32, NDPI_PROTOCOL_TOR }, - { 0x6D4ACC77, 32, NDPI_PROTOCOL_TOR }, - { 0x6D4ACE0C, 32, NDPI_PROTOCOL_TOR }, - { 0x6D4ACE15, 32, NDPI_PROTOCOL_TOR }, - { 0x6D4BB84D, 32, NDPI_PROTOCOL_TOR }, - { 0x6D4BBD44, 32, NDPI_PROTOCOL_TOR }, - { 0x6D5A17DD, 32, NDPI_PROTOCOL_TOR }, - { 0x6D5AFAB0, 32, NDPI_PROTOCOL_TOR }, - { 0x6D5B68E8, 32, NDPI_PROTOCOL_TOR }, - { 0x6D5B6C94, 32, NDPI_PROTOCOL_TOR }, - { 0x6D5B7013, 32, NDPI_PROTOCOL_TOR }, - { 0x6D5B7DC3, 32, NDPI_PROTOCOL_TOR }, - { 0x6D5E6002, 32, NDPI_PROTOCOL_TOR }, - { 0x6D5FD279, 32, NDPI_PROTOCOL_TOR }, - { 0x6D5FD442, 32, NDPI_PROTOCOL_TOR }, - { 0x6D646686, 32, NDPI_PROTOCOL_TOR }, - { 0x6D64FC83, 32, NDPI_PROTOCOL_TOR }, - { 0x6D682CD1, 32, NDPI_PROTOCOL_TOR }, - { 0x6D696DA2, 32, NDPI_PROTOCOL_TOR }, - { 0x6D6A38E4, 32, NDPI_PROTOCOL_TOR }, - { 0x6D6B239A, 32, NDPI_PROTOCOL_TOR }, - { 0x6D6CDE14, 32, NDPI_PROTOCOL_TOR }, - { 0x6D6F9E13, 32, NDPI_PROTOCOL_TOR }, - { 0x6D78943C, 32, NDPI_PROTOCOL_TOR }, - { 0x6D78AD30, 32, NDPI_PROTOCOL_TOR }, - { 0x6D78B4F5, 32, NDPI_PROTOCOL_TOR }, - { 0x6D78B611, 32, NDPI_PROTOCOL_TOR }, - { 0x6D824D50, 32, NDPI_PROTOCOL_TOR }, - { 0x6D825345, 32, NDPI_PROTOCOL_TOR }, - { 0x6D984A8C, 32, NDPI_PROTOCOL_TOR }, - { 0x6D9BDAB1, 32, NDPI_PROTOCOL_TOR }, - { 0x6DA1226E, 32, NDPI_PROTOCOL_TOR }, - { 0x6DA3E9A9, 32, NDPI_PROTOCOL_TOR }, - { 0x6DA3EA02, 32, NDPI_PROTOCOL_TOR }, - { 0x6DA3EA04, 32, NDPI_PROTOCOL_TOR }, - { 0x6DA3EA05, 32, NDPI_PROTOCOL_TOR }, - { 0x6DA3EA07, 32, NDPI_PROTOCOL_TOR }, - { 0x6DA3EA08, 32, NDPI_PROTOCOL_TOR }, - { 0x6DA3EA09, 32, NDPI_PROTOCOL_TOR }, - { 0x6DA3EBF6, 32, NDPI_PROTOCOL_TOR }, - { 0x6DA3EBFC, 32, NDPI_PROTOCOL_TOR }, - { 0x6DA4ECE7, 32, NDPI_PROTOCOL_TOR }, - { 0x6DA78802, 32, NDPI_PROTOCOL_TOR }, - { 0x6DA9001D, 32, NDPI_PROTOCOL_TOR }, - { 0x6DA917CA, 32, NDPI_PROTOCOL_TOR }, - { 0x6DA921A3, 32, NDPI_PROTOCOL_TOR }, - { 0x6DA92DE2, 32, NDPI_PROTOCOL_TOR }, - { 0x6DAD3BB4, 32, NDPI_PROTOCOL_TOR }, - { 0x6DB6971F, 32, NDPI_PROTOCOL_TOR }, - { 0x6DBD0643, 32, NDPI_PROTOCOL_TOR }, - { 0x6DBD834C, 32, NDPI_PROTOCOL_TOR }, - { 0x6DBD8F96, 32, NDPI_PROTOCOL_TOR }, - { 0x6DBDB40F, 32, NDPI_PROTOCOL_TOR }, - { 0x6DBE4755, 32, NDPI_PROTOCOL_TOR }, - { 0x6DBE6DE4, 32, NDPI_PROTOCOL_TOR }, - { 0x6DC074AE, 32, NDPI_PROTOCOL_TOR }, - { 0x6DC0CFE9, 32, NDPI_PROTOCOL_TOR }, - { 0x6DC16B54, 32, NDPI_PROTOCOL_TOR }, - { 0x6DC18057, 32, NDPI_PROTOCOL_TOR }, - { 0x6DC2D95A, 32, NDPI_PROTOCOL_TOR }, - { 0x6DC41236, 32, NDPI_PROTOCOL_TOR }, - { 0x6DC50D36, 32, NDPI_PROTOCOL_TOR }, - { 0x6DC53F2D, 32, NDPI_PROTOCOL_TOR }, - { 0x6DC95A10, 32, NDPI_PROTOCOL_TOR }, - { 0x6DC9830B, 32, NDPI_PROTOCOL_TOR }, - { 0x6DC99A8D, 32, NDPI_PROTOCOL_TOR }, - { 0x6DC9C2DB, 32, NDPI_PROTOCOL_TOR }, - { 0x6DCB6C42, 32, NDPI_PROTOCOL_TOR }, - { 0x6DCEBA61, 32, NDPI_PROTOCOL_TOR }, - { 0x6DD412CD, 32, NDPI_PROTOCOL_TOR }, - { 0x6DD414AD, 32, NDPI_PROTOCOL_TOR }, - { 0x6DDA7515, 32, NDPI_PROTOCOL_TOR }, - { 0x6DE4963C, 32, NDPI_PROTOCOL_TOR }, - { 0x6DE6E02A, 32, NDPI_PROTOCOL_TOR }, - { 0x6DE6EC59, 32, NDPI_PROTOCOL_TOR }, - { 0x6DE6EC5F, 32, NDPI_PROTOCOL_TOR }, - { 0x6DE6ECAD, 32, NDPI_PROTOCOL_TOR }, - { 0x6DE97B2C, 32, NDPI_PROTOCOL_TOR }, - { 0x6DE97FE9, 32, NDPI_PROTOCOL_TOR }, - { 0x6DEB32A3, 32, NDPI_PROTOCOL_TOR }, - { 0x6DEC568A, 32, NDPI_PROTOCOL_TOR }, - { 0x6DEF301A, 32, NDPI_PROTOCOL_TOR }, - { 0x6DEF3098, 32, NDPI_PROTOCOL_TOR }, - { 0x6DEF30AE, 32, NDPI_PROTOCOL_TOR }, - { 0x6DEF3103, 32, NDPI_PROTOCOL_TOR }, - { 0x6DEF3C35, 32, NDPI_PROTOCOL_TOR }, - { 0x6DF150E7, 32, NDPI_PROTOCOL_TOR }, - { 0x6DF63848, 32, NDPI_PROTOCOL_TOR }, - { 0x6DFB8A1A, 32, NDPI_PROTOCOL_TOR }, - { 0x6DFF2ED7, 32, NDPI_PROTOCOL_TOR }, - { 0x6DFF69AD, 32, NDPI_PROTOCOL_TOR }, - { 0x6E42E657, 32, NDPI_PROTOCOL_TOR }, - { 0x6E42E657, 32, NDPI_PROTOCOL_TOR }, - { 0x6E5D17AA, 32, NDPI_PROTOCOL_TOR }, - { 0x6EAE2B88, 32, NDPI_PROTOCOL_TOR }, - { 0x6EAFF9CA, 32, NDPI_PROTOCOL_TOR }, - { 0x6F458D7B, 32, NDPI_PROTOCOL_TOR }, - { 0x6F45A280, 32, NDPI_PROTOCOL_TOR }, - { 0x6F59A849, 32, NDPI_PROTOCOL_TOR }, - { 0x6F677B5E, 32, NDPI_PROTOCOL_TOR }, - { 0x6F67ACCD, 32, NDPI_PROTOCOL_TOR }, - { 0x6F76B165, 32, NDPI_PROTOCOL_TOR }, - { 0x6FF8167F, 32, NDPI_PROTOCOL_TOR }, - { 0x70769CA3, 32, NDPI_PROTOCOL_TOR }, - { 0x7078955A, 32, NDPI_PROTOCOL_TOR }, - { 0x707899D7, 32, NDPI_PROTOCOL_TOR }, - { 0x70CDFABD, 32, NDPI_PROTOCOL_TOR }, - { 0x71A37584, 32, NDPI_PROTOCOL_TOR }, - { 0x7225CECB, 32, NDPI_PROTOCOL_TOR }, - { 0x724DE973, 32, NDPI_PROTOCOL_TOR }, - { 0x72860615, 32, NDPI_PROTOCOL_TOR }, - { 0x72BD691E, 32, NDPI_PROTOCOL_TOR }, - { 0x7342A640, 32, NDPI_PROTOCOL_TOR }, - { 0x7346F182, 32, NDPI_PROTOCOL_TOR }, - { 0x73BB4A5B, 32, NDPI_PROTOCOL_TOR }, - { 0x73BB9A6B, 32, NDPI_PROTOCOL_TOR }, - { 0x75124BEB, 32, NDPI_PROTOCOL_TOR }, - { 0x751263F9, 32, NDPI_PROTOCOL_TOR }, - { 0x760C8552, 32, NDPI_PROTOCOL_TOR }, - { 0x768D03A4, 32, NDPI_PROTOCOL_TOR }, - { 0x76AC0D55, 32, NDPI_PROTOCOL_TOR }, - { 0x76C1C25F, 32, NDPI_PROTOCOL_TOR }, - { 0x76D0C22A, 32, NDPI_PROTOCOL_TOR }, - { 0x76D0F817, 32, NDPI_PROTOCOL_TOR }, - { 0x76D3C1BE, 32, NDPI_PROTOCOL_TOR }, - { 0x76D3C2E6, 32, NDPI_PROTOCOL_TOR }, - { 0x77092F46, 32, NDPI_PROTOCOL_TOR }, - { 0x77EDA418, 32, NDPI_PROTOCOL_TOR }, - { 0x77F64734, 32, NDPI_PROTOCOL_TOR }, - { 0x781DD933, 32, NDPI_PROTOCOL_TOR }, - { 0x78339DD3, 32, NDPI_PROTOCOL_TOR }, - { 0x7839A32E, 32, NDPI_PROTOCOL_TOR }, - { 0x783B2AC8, 32, NDPI_PROTOCOL_TOR }, - { 0x783BA789, 32, NDPI_PROTOCOL_TOR }, - { 0x784AE0A4, 32, NDPI_PROTOCOL_TOR }, - { 0x7890BEA2, 32, NDPI_PROTOCOL_TOR }, - { 0x7936AF32, 32, NDPI_PROTOCOL_TOR }, - { 0x794953C0, 32, NDPI_PROTOCOL_TOR }, - { 0x7954959D, 32, NDPI_PROTOCOL_TOR }, - { 0x79623AD3, 32, NDPI_PROTOCOL_TOR }, - { 0x79628113, 32, NDPI_PROTOCOL_TOR }, - { 0x7963582E, 32, NDPI_PROTOCOL_TOR }, - { 0x7963B8C8, 32, NDPI_PROTOCOL_TOR }, - { 0x7972B51D, 32, NDPI_PROTOCOL_TOR }, - { 0x797AA193, 32, NDPI_PROTOCOL_TOR }, - { 0x79D1E5D4, 32, NDPI_PROTOCOL_TOR }, - { 0x79D34C57, 32, NDPI_PROTOCOL_TOR }, - { 0x79D3C2E6, 32, NDPI_PROTOCOL_TOR }, - { 0x7A744433, 32, NDPI_PROTOCOL_TOR }, - { 0x7B01A089, 32, NDPI_PROTOCOL_TOR }, - { 0x7B64357A, 32, NDPI_PROTOCOL_TOR }, - { 0x7B6CE046, 32, NDPI_PROTOCOL_TOR }, - { 0x7BDDB10E, 32, NDPI_PROTOCOL_TOR }, - { 0x7C0DAC95, 32, NDPI_PROTOCOL_TOR }, - { 0x7C18F2DD, 32, NDPI_PROTOCOL_TOR }, - { 0x7C67D84F, 32, NDPI_PROTOCOL_TOR }, - { 0x7C6DE896, 32, NDPI_PROTOCOL_TOR }, - { 0x7C951525, 32, NDPI_PROTOCOL_TOR }, - { 0x7CA9666D, 32, NDPI_PROTOCOL_TOR }, - { 0x7CA981CA, 32, NDPI_PROTOCOL_TOR }, - { 0x7CF8F9F5, 32, NDPI_PROTOCOL_TOR }, - { 0x7CF8F9F7, 32, NDPI_PROTOCOL_TOR }, - { 0x7CF8F9FA, 32, NDPI_PROTOCOL_TOR }, - { 0x7CF8F9FD, 32, NDPI_PROTOCOL_TOR }, - { 0x7D1E5578, 32, NDPI_PROTOCOL_TOR }, - { 0x7D352C26, 32, NDPI_PROTOCOL_TOR }, - { 0x7D83BD18, 32, NDPI_PROTOCOL_TOR }, - { 0x7D83BD2C, 32, NDPI_PROTOCOL_TOR }, - { 0x7DECCCB2, 32, NDPI_PROTOCOL_TOR }, - { 0x7DFF021E, 32, NDPI_PROTOCOL_TOR }, - { 0x7E08CD97, 32, NDPI_PROTOCOL_TOR }, - { 0x7E460792, 32, NDPI_PROTOCOL_TOR }, - { 0x7E57F79D, 32, NDPI_PROTOCOL_TOR }, - { 0x8006E06B, 32, NDPI_PROTOCOL_TOR }, - { 0x800CB13B, 32, NDPI_PROTOCOL_TOR }, - { 0x800CE238, 32, NDPI_PROTOCOL_TOR }, - { 0x800CE238, 32, NDPI_PROTOCOL_TOR }, - { 0x800CE252, 32, NDPI_PROTOCOL_TOR }, - { 0x800CE252, 32, NDPI_PROTOCOL_TOR }, - { 0x801F0022, 32, NDPI_PROTOCOL_TOR }, - { 0x801F0022, 32, NDPI_PROTOCOL_TOR }, - { 0x801F0027, 32, NDPI_PROTOCOL_TOR }, - { 0x80270844, 32, NDPI_PROTOCOL_TOR }, - { 0x80278E14, 32, NDPI_PROTOCOL_TOR }, - { 0x80278E15, 32, NDPI_PROTOCOL_TOR }, - { 0x80348069, 32, NDPI_PROTOCOL_TOR }, - { 0x8034A014, 32, NDPI_PROTOCOL_TOR }, - { 0x80392F1E, 32, NDPI_PROTOCOL_TOR }, - { 0x803B1279, 32, NDPI_PROTOCOL_TOR }, - { 0x804490CE, 32, NDPI_PROTOCOL_TOR }, - { 0x80473391, 32, NDPI_PROTOCOL_TOR }, - { 0x804910C0, 32, NDPI_PROTOCOL_TOR }, - { 0x804F35F4, 32, NDPI_PROTOCOL_TOR }, - { 0x804FBA39, 32, NDPI_PROTOCOL_TOR }, - { 0x80752B5C, 32, NDPI_PROTOCOL_TOR }, - { 0x80752B61, 32, NDPI_PROTOCOL_TOR }, - { 0x80752B61, 32, NDPI_PROTOCOL_TOR }, - { 0x807F2860, 32, NDPI_PROTOCOL_TOR }, - { 0x8082CC5B, 32, NDPI_PROTOCOL_TOR }, - { 0x8087BD74, 32, NDPI_PROTOCOL_TOR }, - { 0x80AD374E, 32, NDPI_PROTOCOL_TOR }, - { 0x80B1AA5A, 32, NDPI_PROTOCOL_TOR }, - { 0x80C7227A, 32, NDPI_PROTOCOL_TOR }, - { 0x80C72305, 32, NDPI_PROTOCOL_TOR }, - { 0x80C723BF, 32, NDPI_PROTOCOL_TOR }, - { 0x80C729EE, 32, NDPI_PROTOCOL_TOR }, - { 0x80C72A6C, 32, NDPI_PROTOCOL_TOR }, - { 0x80C72C2E, 32, NDPI_PROTOCOL_TOR }, - { 0x80C72EDC, 32, NDPI_PROTOCOL_TOR }, - { 0x80C733D0, 32, NDPI_PROTOCOL_TOR }, - { 0x80C737CF, 32, NDPI_PROTOCOL_TOR }, - { 0x80C73947, 32, NDPI_PROTOCOL_TOR }, - { 0x80C73F21, 32, NDPI_PROTOCOL_TOR }, - { 0x80C7404F, 32, NDPI_PROTOCOL_TOR }, - { 0x80C74471, 32, NDPI_PROTOCOL_TOR }, - { 0x80C748B6, 32, NDPI_PROTOCOL_TOR }, - { 0x80C74AE2, 32, NDPI_PROTOCOL_TOR }, - { 0x80C753BB, 32, NDPI_PROTOCOL_TOR }, - { 0x80C7579B, 32, NDPI_PROTOCOL_TOR }, - { 0x80C75F79, 32, NDPI_PROTOCOL_TOR }, - { 0x80C75F7E, 32, NDPI_PROTOCOL_TOR }, - { 0x80C76AE6, 32, NDPI_PROTOCOL_TOR }, - { 0x80C77A68, 32, NDPI_PROTOCOL_TOR }, - { 0x80C77A76, 32, NDPI_PROTOCOL_TOR }, - { 0x80C77B13, 32, NDPI_PROTOCOL_TOR }, - { 0x80C782E3, 32, NDPI_PROTOCOL_TOR }, - { 0x80C78407, 32, NDPI_PROTOCOL_TOR }, - { 0x80C78548, 32, NDPI_PROTOCOL_TOR }, - { 0x80C7859A, 32, NDPI_PROTOCOL_TOR }, - { 0x80C78BEC, 32, NDPI_PROTOCOL_TOR }, - { 0x80C79053, 32, NDPI_PROTOCOL_TOR }, - { 0x80C794F3, 32, NDPI_PROTOCOL_TOR }, - { 0x80C797C2, 32, NDPI_PROTOCOL_TOR }, - { 0x80C79A84, 32, NDPI_PROTOCOL_TOR }, - { 0x80C7A56E, 32, NDPI_PROTOCOL_TOR }, - { 0x80C7A5D4, 32, NDPI_PROTOCOL_TOR }, - { 0x80C7A88E, 32, NDPI_PROTOCOL_TOR }, - { 0x80C7AEF7, 32, NDPI_PROTOCOL_TOR }, - { 0x80C7AF45, 32, NDPI_PROTOCOL_TOR }, - { 0x80C7B364, 32, NDPI_PROTOCOL_TOR }, - { 0x80C7B654, 32, NDPI_PROTOCOL_TOR }, - { 0x80C7B73B, 32, NDPI_PROTOCOL_TOR }, - { 0x80C7D4DC, 32, NDPI_PROTOCOL_TOR }, - { 0x80C7D647, 32, NDPI_PROTOCOL_TOR }, - { 0x80C7D9F3, 32, NDPI_PROTOCOL_TOR }, - { 0x80C7E434, 32, NDPI_PROTOCOL_TOR }, - { 0x80C7ECBE, 32, NDPI_PROTOCOL_TOR }, - { 0x80C7F0C1, 32, NDPI_PROTOCOL_TOR }, - { 0x80C7F24B, 32, NDPI_PROTOCOL_TOR }, - { 0x80C7F4CE, 32, NDPI_PROTOCOL_TOR }, - { 0x80C7FA9F, 32, NDPI_PROTOCOL_TOR }, - { 0x80C7FCC5, 32, NDPI_PROTOCOL_TOR }, - { 0x80C7FD9C, 32, NDPI_PROTOCOL_TOR }, - { 0x80D002E9, 32, NDPI_PROTOCOL_TOR }, - { 0x80DF5C53, 32, NDPI_PROTOCOL_TOR }, - { 0x80E81239, 32, NDPI_PROTOCOL_TOR }, - { 0x80ED9D72, 32, NDPI_PROTOCOL_TOR }, - { 0x810A78C1, 32, NDPI_PROTOCOL_TOR }, - { 0x811583C0, 32, NDPI_PROTOCOL_TOR }, - { 0x81400893, 32, NDPI_PROTOCOL_TOR }, - { 0x817B0706, 32, NDPI_PROTOCOL_TOR }, - { 0x817B0706, 32, NDPI_PROTOCOL_TOR }, - { 0x817B0707, 32, NDPI_PROTOCOL_TOR }, - { 0x817B0707, 32, NDPI_PROTOCOL_TOR }, - { 0x817B0708, 32, NDPI_PROTOCOL_TOR }, - { 0x817B0708, 32, NDPI_PROTOCOL_TOR }, - { 0x817B0727, 32, NDPI_PROTOCOL_TOR }, - { 0x817B0727, 32, NDPI_PROTOCOL_TOR }, - { 0x817FFED5, 32, NDPI_PROTOCOL_TOR }, - { 0x818200B7, 32, NDPI_PROTOCOL_TOR }, - { 0x8185081F, 32, NDPI_PROTOCOL_TOR }, - { 0x81BB3621, 32, NDPI_PROTOCOL_TOR }, - { 0x81F1A1FA, 32, NDPI_PROTOCOL_TOR }, - { 0x81F480A9, 32, NDPI_PROTOCOL_TOR }, - { 0x820FBD2D, 32, NDPI_PROTOCOL_TOR }, - { 0x82192C69, 32, NDPI_PROTOCOL_TOR }, - { 0x823FAD7E, 32, NDPI_PROTOCOL_TOR }, - { 0x824B51FB, 32, NDPI_PROTOCOL_TOR }, - { 0x824BB225, 32, NDPI_PROTOCOL_TOR }, - { 0x827B031B, 32, NDPI_PROTOCOL_TOR }, - { 0x827E8EAB, 32, NDPI_PROTOCOL_TOR }, - { 0x8284B17E, 32, NDPI_PROTOCOL_TOR }, - { 0x82950E1F, 32, NDPI_PROTOCOL_TOR }, - { 0x8295C80C, 32, NDPI_PROTOCOL_TOR }, - { 0x8295CB6B, 32, NDPI_PROTOCOL_TOR }, - { 0x8295DC7D, 32, NDPI_PROTOCOL_TOR }, - { 0x82B417E6, 32, NDPI_PROTOCOL_TOR }, - { 0x82B43F96, 32, NDPI_PROTOCOL_TOR }, - { 0x82B84B76, 32, NDPI_PROTOCOL_TOR }, - { 0x82FD157B, 32, NDPI_PROTOCOL_TOR }, - { 0x82FF48A4, 32, NDPI_PROTOCOL_TOR }, - { 0x82FF49CA, 32, NDPI_PROTOCOL_TOR }, - { 0x82FF49CA, 32, NDPI_PROTOCOL_TOR }, - { 0x82FF8242, 32, NDPI_PROTOCOL_TOR }, - { 0x83488818, 32, NDPI_PROTOCOL_TOR }, - { 0x83488A0B, 32, NDPI_PROTOCOL_TOR }, - { 0x83AD8008, 32, NDPI_PROTOCOL_TOR }, - { 0x83BC180E, 32, NDPI_PROTOCOL_TOR }, - { 0x83BC28BC, 32, NDPI_PROTOCOL_TOR }, - { 0x83BC28BD, 32, NDPI_PROTOCOL_TOR }, - { 0x83BC28BD, 32, NDPI_PROTOCOL_TOR }, - { 0x83D79EED, 32, NDPI_PROTOCOL_TOR }, - { 0x83D7A8F2, 32, NDPI_PROTOCOL_TOR }, - { 0x83D7ACD6, 32, NDPI_PROTOCOL_TOR }, - { 0x83D7B062, 32, NDPI_PROTOCOL_TOR }, - { 0x84D83602, 32, NDPI_PROTOCOL_TOR }, - { 0x84E69651, 32, NDPI_PROTOCOL_TOR }, - { 0x84F81E0C, 32, NDPI_PROTOCOL_TOR }, - { 0x84FBE6E3, 32, NDPI_PROTOCOL_TOR }, - { 0x86001A20, 32, NDPI_PROTOCOL_TOR }, - { 0x86036F77, 32, NDPI_PROTOCOL_TOR }, - { 0x8603C987, 32, NDPI_PROTOCOL_TOR }, - { 0x8603EA32, 32, NDPI_PROTOCOL_TOR }, - { 0x86227D25, 32, NDPI_PROTOCOL_TOR }, - { 0x86227D44, 32, NDPI_PROTOCOL_TOR }, - { 0x862293AF, 32, NDPI_PROTOCOL_TOR }, - { 0x8622D0E9, 32, NDPI_PROTOCOL_TOR }, - { 0x8631E0BC, 32, NDPI_PROTOCOL_TOR }, - { 0x865B4E8F, 32, NDPI_PROTOCOL_TOR }, - { 0x865D88B1, 32, NDPI_PROTOCOL_TOR }, - { 0x86604111, 32, NDPI_PROTOCOL_TOR }, - { 0x866370A8, 32, NDPI_PROTOCOL_TOR }, - { 0x8666C865, 32, NDPI_PROTOCOL_TOR }, - { 0x866A03FE, 32, NDPI_PROTOCOL_TOR }, - { 0x867703A4, 32, NDPI_PROTOCOL_TOR }, - { 0x8679405D, 32, NDPI_PROTOCOL_TOR }, - { 0x8679436A, 32, NDPI_PROTOCOL_TOR }, - { 0x86A95CDB, 32, NDPI_PROTOCOL_TOR }, - { 0x86E2441D, 32, NDPI_PROTOCOL_TOR }, - { 0x86F993AE, 32, NDPI_PROTOCOL_TOR }, - { 0x86FFEF3D, 32, NDPI_PROTOCOL_TOR }, - { 0x88A8C999, 32, NDPI_PROTOCOL_TOR }, - { 0x88F307AF, 32, NDPI_PROTOCOL_TOR }, - { 0x88F30E86, 32, NDPI_PROTOCOL_TOR }, - { 0x88F3E072, 32, NDPI_PROTOCOL_TOR }, - { 0x88F3E072, 32, NDPI_PROTOCOL_TOR }, - { 0x898708E9, 32, NDPI_PROTOCOL_TOR }, - { 0x899306B0, 32, NDPI_PROTOCOL_TOR }, - { 0x89CD25DB, 32, NDPI_PROTOCOL_TOR }, - { 0x89CD7C23, 32, NDPI_PROTOCOL_TOR }, - { 0x89E0E221, 32, NDPI_PROTOCOL_TOR }, - { 0x89E23B7F, 32, NDPI_PROTOCOL_TOR }, - { 0x89E2952B, 32, NDPI_PROTOCOL_TOR }, - { 0x89F87A44, 32, NDPI_PROTOCOL_TOR }, - { 0x8A640AD1, 32, NDPI_PROTOCOL_TOR }, - { 0x8A6E2D26, 32, NDPI_PROTOCOL_TOR }, - { 0x8A807C37, 32, NDPI_PROTOCOL_TOR }, - { 0x8A80A9EC, 32, NDPI_PROTOCOL_TOR }, - { 0x8B0E0DEC, 32, NDPI_PROTOCOL_TOR }, - { 0x8B4E8DF7, 32, NDPI_PROTOCOL_TOR }, - { 0x8B5B466B, 32, NDPI_PROTOCOL_TOR }, - { 0x8C716E0B, 32, NDPI_PROTOCOL_TOR }, - { 0x8C795022, 32, NDPI_PROTOCOL_TOR }, - { 0x8C79502A, 32, NDPI_PROTOCOL_TOR }, - { 0x8CB4BEBF, 32, NDPI_PROTOCOL_TOR }, - { 0x8CBA4630, 32, NDPI_PROTOCOL_TOR }, - { 0x8CC0DA8B, 32, NDPI_PROTOCOL_TOR }, - { 0x8D0015F2, 32, NDPI_PROTOCOL_TOR }, - { 0x8D009B6D, 32, NDPI_PROTOCOL_TOR }, - { 0x8D00AF95, 32, NDPI_PROTOCOL_TOR }, - { 0x8D142144, 32, NDPI_PROTOCOL_TOR }, - { 0x8D142145, 32, NDPI_PROTOCOL_TOR }, - { 0x8D14214F, 32, NDPI_PROTOCOL_TOR }, - { 0x8D369FB8, 32, NDPI_PROTOCOL_TOR }, - { 0x8D466911, 32, NDPI_PROTOCOL_TOR }, - { 0x8D8A8A88, 32, NDPI_PROTOCOL_TOR }, - { 0x8D8A8DD0, 32, NDPI_PROTOCOL_TOR }, - { 0x8D8AC2E4, 32, NDPI_PROTOCOL_TOR }, - { 0x8DFFA58A, 32, NDPI_PROTOCOL_TOR }, - { 0x8DFFA77A, 32, NDPI_PROTOCOL_TOR }, - { 0x8DFFBDA1, 32, NDPI_PROTOCOL_TOR }, - { 0x8E0420C4, 32, NDPI_PROTOCOL_TOR }, - { 0x8E0433E4, 32, NDPI_PROTOCOL_TOR }, - { 0x8E04CF3B, 32, NDPI_PROTOCOL_TOR }, - { 0x8E04D0A7, 32, NDPI_PROTOCOL_TOR }, - { 0x8E04D519, 32, NDPI_PROTOCOL_TOR }, - { 0x8E04D571, 32, NDPI_PROTOCOL_TOR }, - { 0x8E04D726, 32, NDPI_PROTOCOL_TOR }, - { 0x8E04D757, 32, NDPI_PROTOCOL_TOR }, - { 0x8E36B0B2, 32, NDPI_PROTOCOL_TOR }, - { 0x8E69D044, 32, NDPI_PROTOCOL_TOR }, - { 0x8FB128C0, 32, NDPI_PROTOCOL_TOR }, - { 0x904C0626, 32, NDPI_PROTOCOL_TOR }, - { 0x904C063B, 32, NDPI_PROTOCOL_TOR }, - { 0x904C0849, 32, NDPI_PROTOCOL_TOR }, - { 0x904C0B64, 32, NDPI_PROTOCOL_TOR }, - { 0x904C0E91, 32, NDPI_PROTOCOL_TOR }, - { 0x904C1DD0, 32, NDPI_PROTOCOL_TOR }, - { 0x904C1EA7, 32, NDPI_PROTOCOL_TOR }, - { 0x904C25F2, 32, NDPI_PROTOCOL_TOR }, - { 0x904C27CA, 32, NDPI_PROTOCOL_TOR }, - { 0x904C2879, 32, NDPI_PROTOCOL_TOR }, - { 0x904C3225, 32, NDPI_PROTOCOL_TOR }, - { 0x904C357D, 32, NDPI_PROTOCOL_TOR }, - { 0x904C3635, 32, NDPI_PROTOCOL_TOR }, - { 0x904C4042, 32, NDPI_PROTOCOL_TOR }, - { 0x904C498C, 32, NDPI_PROTOCOL_TOR }, - { 0x904C5044, 32, NDPI_PROTOCOL_TOR }, - { 0x904C5B87, 32, NDPI_PROTOCOL_TOR }, - { 0x904C6007, 32, NDPI_PROTOCOL_TOR }, - { 0x904C6439, 32, NDPI_PROTOCOL_TOR }, - { 0x904C6E67, 32, NDPI_PROTOCOL_TOR }, - { 0x904C6E67, 32, NDPI_PROTOCOL_TOR }, - { 0x904C7055, 32, NDPI_PROTOCOL_TOR }, - { 0x904C7EB3, 32, NDPI_PROTOCOL_TOR }, - { 0x904C7FA5, 32, NDPI_PROTOCOL_TOR }, - { 0x904C8023, 32, NDPI_PROTOCOL_TOR }, - { 0x904C832A, 32, NDPI_PROTOCOL_TOR }, - { 0x904C95CB, 32, NDPI_PROTOCOL_TOR }, - { 0x904C9C65, 32, NDPI_PROTOCOL_TOR }, - { 0x904CA35D, 32, NDPI_PROTOCOL_TOR }, - { 0x904CB037, 32, NDPI_PROTOCOL_TOR }, - { 0x904CB6CA, 32, NDPI_PROTOCOL_TOR }, - { 0x904CC3E4, 32, NDPI_PROTOCOL_TOR }, - { 0x904CC728, 32, NDPI_PROTOCOL_TOR }, - { 0x904CCB75, 32, NDPI_PROTOCOL_TOR }, - { 0x904CF413, 32, NDPI_PROTOCOL_TOR }, - { 0x904CFD04, 32, NDPI_PROTOCOL_TOR }, - { 0x91DC000F, 32, NDPI_PROTOCOL_TOR }, - { 0x92002090, 32, NDPI_PROTOCOL_TOR }, - { 0x92002A3A, 32, NDPI_PROTOCOL_TOR }, - { 0x92002A6E, 32, NDPI_PROTOCOL_TOR }, - { 0x920048B4, 32, NDPI_PROTOCOL_TOR }, - { 0x920049B2, 32, NDPI_PROTOCOL_TOR }, - { 0x923434C7, 32, NDPI_PROTOCOL_TOR }, - { 0x9234419F, 32, NDPI_PROTOCOL_TOR }, - { 0x92344BB3, 32, NDPI_PROTOCOL_TOR }, - { 0x923490FC, 32, NDPI_PROTOCOL_TOR }, - { 0x92349273, 32, NDPI_PROTOCOL_TOR }, - { 0x925A1CB7, 32, NDPI_PROTOCOL_TOR }, - { 0x9273A850, 32, NDPI_PROTOCOL_TOR }, - { 0x92B915A6, 32, NDPI_PROTOCOL_TOR }, - { 0x92B983AF, 32, NDPI_PROTOCOL_TOR }, - { 0x92B983EF, 32, NDPI_PROTOCOL_TOR }, - { 0x92B988DF, 32, NDPI_PROTOCOL_TOR }, - { 0x92B98D39, 32, NDPI_PROTOCOL_TOR }, - { 0x92B98F90, 32, NDPI_PROTOCOL_TOR }, - { 0x92B996DB, 32, NDPI_PROTOCOL_TOR }, - { 0x92B99939, 32, NDPI_PROTOCOL_TOR }, - { 0x92B99FF1, 32, NDPI_PROTOCOL_TOR }, - { 0x92B9A2EB, 32, NDPI_PROTOCOL_TOR }, - { 0x92B9B440, 32, NDPI_PROTOCOL_TOR }, - { 0x92B9B70D, 32, NDPI_PROTOCOL_TOR }, - { 0x92B9B99A, 32, NDPI_PROTOCOL_TOR }, - { 0x92B9BDC5, 32, NDPI_PROTOCOL_TOR }, - { 0x92B9FB5A, 32, NDPI_PROTOCOL_TOR }, - { 0x92B9FDCA, 32, NDPI_PROTOCOL_TOR }, - { 0x92B9FDCA, 32, NDPI_PROTOCOL_TOR }, - { 0x92FF39E4, 32, NDPI_PROTOCOL_TOR }, - { 0x93459FC4, 32, NDPI_PROTOCOL_TOR }, - { 0x93660115, 32, NDPI_PROTOCOL_TOR }, - { 0x9366D8F2, 32, NDPI_PROTOCOL_TOR }, - { 0x93AFBB8F, 32, NDPI_PROTOCOL_TOR }, - { 0x93DEA58B, 32, NDPI_PROTOCOL_TOR }, - { 0x93E5081A, 32, NDPI_PROTOCOL_TOR }, - { 0x946429FB, 32, NDPI_PROTOCOL_TOR }, - { 0x94FB1431, 32, NDPI_PROTOCOL_TOR }, - { 0x94FB2832, 32, NDPI_PROTOCOL_TOR }, - { 0x94FB2BE9, 32, NDPI_PROTOCOL_TOR }, - { 0x94FB2D87, 32, NDPI_PROTOCOL_TOR }, - { 0x94FB431B, 32, NDPI_PROTOCOL_TOR }, - { 0x94FB4566, 32, NDPI_PROTOCOL_TOR }, - { 0x94FB4D64, 32, NDPI_PROTOCOL_TOR }, - { 0x94FB53C4, 32, NDPI_PROTOCOL_TOR }, - { 0x94FB5884, 32, NDPI_PROTOCOL_TOR }, - { 0x94FB71E6, 32, NDPI_PROTOCOL_TOR }, - { 0x94FB7DD3, 32, NDPI_PROTOCOL_TOR }, - { 0x94FB809C, 32, NDPI_PROTOCOL_TOR }, - { 0x94FB97BD, 32, NDPI_PROTOCOL_TOR }, - { 0x94FBBEE5, 32, NDPI_PROTOCOL_TOR }, - { 0x94FBCE86, 32, NDPI_PROTOCOL_TOR }, - { 0x94FBCF24, 32, NDPI_PROTOCOL_TOR }, - { 0x94FBD7E9, 32, NDPI_PROTOCOL_TOR }, - { 0x94FBD7F4, 32, NDPI_PROTOCOL_TOR }, - { 0x94FBE30E, 32, NDPI_PROTOCOL_TOR }, - { 0x94FBED4F, 32, NDPI_PROTOCOL_TOR }, - { 0x94FBF597, 32, NDPI_PROTOCOL_TOR }, - { 0x94FBFEE5, 32, NDPI_PROTOCOL_TOR }, - { 0x9509001B, 32, NDPI_PROTOCOL_TOR }, - { 0x9509003B, 32, NDPI_PROTOCOL_TOR }, - { 0x9509003C, 32, NDPI_PROTOCOL_TOR }, - { 0x951436DA, 32, NDPI_PROTOCOL_TOR }, - { 0x958405BD, 32, NDPI_PROTOCOL_TOR }, - { 0x959A9810, 32, NDPI_PROTOCOL_TOR }, - { 0x959A9879, 32, NDPI_PROTOCOL_TOR }, - { 0x959A9A92, 32, NDPI_PROTOCOL_TOR }, - { 0x959A9D50, 32, NDPI_PROTOCOL_TOR }, - { 0x959A9E7A, 32, NDPI_PROTOCOL_TOR }, - { 0x959A9EE4, 32, NDPI_PROTOCOL_TOR }, - { 0x959A9F57, 32, NDPI_PROTOCOL_TOR }, - { 0x959A9FAC, 32, NDPI_PROTOCOL_TOR }, - { 0x95ACC7F4, 32, NDPI_PROTOCOL_TOR }, - { 0x95D2AB45, 32, NDPI_PROTOCOL_TOR }, - { 0x95D2ADF7, 32, NDPI_PROTOCOL_TOR }, - { 0x95D2BAC6, 32, NDPI_PROTOCOL_TOR }, - { 0x95FF6DC9, 32, NDPI_PROTOCOL_TOR }, - { 0x96659DFA, 32, NDPI_PROTOCOL_TOR }, - { 0x968C0522, 32, NDPI_PROTOCOL_TOR }, - { 0x971B08A4, 32, NDPI_PROTOCOL_TOR }, - { 0x971DFD3F, 32, NDPI_PROTOCOL_TOR }, - { 0x971FA3B8, 32, NDPI_PROTOCOL_TOR }, - { 0x9741F79A, 32, NDPI_PROTOCOL_TOR }, - { 0x97507745, 32, NDPI_PROTOCOL_TOR }, - { 0x97507758, 32, NDPI_PROTOCOL_TOR }, - { 0x9750800C, 32, NDPI_PROTOCOL_TOR }, - { 0x9750A491, 32, NDPI_PROTOCOL_TOR }, - { 0x97E04B76, 32, NDPI_PROTOCOL_TOR }, - { 0x97E2D38D, 32, NDPI_PROTOCOL_TOR }, - { 0x97E5201B, 32, NDPI_PROTOCOL_TOR }, - { 0x97E65FF1, 32, NDPI_PROTOCOL_TOR }, - { 0x97EC049E, 32, NDPI_PROTOCOL_TOR }, - { 0x97EC0506, 32, NDPI_PROTOCOL_TOR }, - { 0x97EC061B, 32, NDPI_PROTOCOL_TOR }, - { 0x97EC0670, 32, NDPI_PROTOCOL_TOR }, - { 0x97EC06C2, 32, NDPI_PROTOCOL_TOR }, - { 0x97EC06C6, 32, NDPI_PROTOCOL_TOR }, - { 0x97EC07B1, 32, NDPI_PROTOCOL_TOR }, - { 0x97EC0B72, 32, NDPI_PROTOCOL_TOR }, - { 0x97EC0E61, 32, NDPI_PROTOCOL_TOR }, - { 0x97EC160C, 32, NDPI_PROTOCOL_TOR }, - { 0x97EC171F, 32, NDPI_PROTOCOL_TOR }, - { 0x97EC172C, 32, NDPI_PROTOCOL_TOR }, - { 0x97EC1839, 32, NDPI_PROTOCOL_TOR }, - { 0x97EC18E4, 32, NDPI_PROTOCOL_TOR }, - { 0x97ECDA43, 32, NDPI_PROTOCOL_TOR }, - { 0x97ECDD2C, 32, NDPI_PROTOCOL_TOR }, - { 0x97ECDE1B, 32, NDPI_PROTOCOL_TOR }, - { 0x97ECDE1B, 32, NDPI_PROTOCOL_TOR }, - { 0x97ECDED9, 32, NDPI_PROTOCOL_TOR }, - { 0x97FC2A46, 32, NDPI_PROTOCOL_TOR }, - { 0x99782A89, 32, NDPI_PROTOCOL_TOR }, - { 0x997925A6, 32, NDPI_PROTOCOL_TOR }, - { 0x997938DD, 32, NDPI_PROTOCOL_TOR }, - { 0x99793A49, 32, NDPI_PROTOCOL_TOR }, - { 0x997FFB43, 32, NDPI_PROTOCOL_TOR }, - { 0x9A23AFE1, 32, NDPI_PROTOCOL_TOR }, - { 0x9A7F3C42, 32, NDPI_PROTOCOL_TOR }, - { 0x9A7F3D62, 32, NDPI_PROTOCOL_TOR }, - { 0x9A7F3D8D, 32, NDPI_PROTOCOL_TOR }, - { 0x9B5EA7C4, 32, NDPI_PROTOCOL_TOR }, - { 0x9BD2EF58, 32, NDPI_PROTOCOL_TOR }, - { 0x9C38FAE3, 32, NDPI_PROTOCOL_TOR }, - { 0x9D0757B8, 32, NDPI_PROTOCOL_TOR }, - { 0x9D07CA47, 32, NDPI_PROTOCOL_TOR }, - { 0x9D07D224, 32, NDPI_PROTOCOL_TOR }, - { 0x9D07DEE2, 32, NDPI_PROTOCOL_TOR }, - { 0x9D0EF604, 32, NDPI_PROTOCOL_TOR }, - { 0x9E3AA97E, 32, NDPI_PROTOCOL_TOR }, - { 0x9E554D57, 32, NDPI_PROTOCOL_TOR }, - { 0x9EB53326, 32, NDPI_PROTOCOL_TOR }, - { 0x9EB552B2, 32, NDPI_PROTOCOL_TOR }, - { 0x9EB560E3, 32, NDPI_PROTOCOL_TOR }, - { 0x9EDE8F19, 32, NDPI_PROTOCOL_TOR }, - { 0x9EFFD4B3, 32, NDPI_PROTOCOL_TOR }, - { 0x9EFFD729, 32, NDPI_PROTOCOL_TOR }, - { 0x9F94B55A, 32, NDPI_PROTOCOL_TOR }, - { 0xA0612F1E, 32, NDPI_PROTOCOL_TOR }, - { 0xA1357425, 32, NDPI_PROTOCOL_TOR }, - { 0xA1357898, 32, NDPI_PROTOCOL_TOR }, - { 0xA135A068, 32, NDPI_PROTOCOL_TOR }, - { 0xA2D3D985, 32, NDPI_PROTOCOL_TOR }, - { 0xA2D3E0E9, 32, NDPI_PROTOCOL_TOR }, - { 0xA2D813ED, 32, NDPI_PROTOCOL_TOR }, - { 0xA2DA417E, 32, NDPI_PROTOCOL_TOR }, - { 0xA2DA760C, 32, NDPI_PROTOCOL_TOR }, - { 0xA2DAD084, 32, NDPI_PROTOCOL_TOR }, - { 0xA2DAE92B, 32, NDPI_PROTOCOL_TOR }, - { 0xA2DB02B1, 32, NDPI_PROTOCOL_TOR }, - { 0xA2DC2FB8, 32, NDPI_PROTOCOL_TOR }, - { 0xA2DC38BA, 32, NDPI_PROTOCOL_TOR }, - { 0xA2DCD94C, 32, NDPI_PROTOCOL_TOR }, - { 0xA2DCDA6D, 32, NDPI_PROTOCOL_TOR }, - { 0xA2DCF1DF, 32, NDPI_PROTOCOL_TOR }, - { 0xA2DDC939, 32, NDPI_PROTOCOL_TOR }, - { 0xA2DEA01D, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F307B4, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F317DD, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F320CA, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F323FB, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F32725, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F328A1, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F33089, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F33543, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F3354B, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F33EEF, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F348C6, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F3499C, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F35F80, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F364E1, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F3656E, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F367AE, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F371B6, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F37479, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F37734, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F377F6, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F37BDC, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F386E0, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F38B4E, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F38E6B, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F3969C, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F396E5, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F3971B, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F39C7A, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F3A25C, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F3F878, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F3FD76, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F418ED, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F419BA, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F419D6, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F41A09, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F41A9D, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F41D7C, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F422A9, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F52912, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F5D9D0, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F5DC86, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F5DC8C, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F74807, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F7481B, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F748C7, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F748C8, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F748C9, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F748D4, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F748D5, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F748D8, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F748D9, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F7494A, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F749CC, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F749CE, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F809ED, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F80B06, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F80BB0, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F88C65, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F88E67, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F88F29, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F8A033, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F8A053, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F8A090, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F8A097, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F8A1D5, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F8A3CA, 32, NDPI_PROTOCOL_TOR }, - { 0xA2F8A50E, 32, NDPI_PROTOCOL_TOR }, - { 0xA2FAE9C2, 32, NDPI_PROTOCOL_TOR }, - { 0xA2FAEA7D, 32, NDPI_PROTOCOL_TOR }, - { 0xA2FB463A, 32, NDPI_PROTOCOL_TOR }, - { 0xA2FB463A, 32, NDPI_PROTOCOL_TOR }, - { 0xA2FCCC3E, 32, NDPI_PROTOCOL_TOR }, - { 0xA2FCF079, 32, NDPI_PROTOCOL_TOR }, - { 0xA2FCF17B, 32, NDPI_PROTOCOL_TOR }, - { 0xA2FCF20D, 32, NDPI_PROTOCOL_TOR }, - { 0xA2FE4436, 32, NDPI_PROTOCOL_TOR }, - { 0xA40FA707, 32, NDPI_PROTOCOL_TOR }, - { 0xA4272AFE, 32, NDPI_PROTOCOL_TOR }, - { 0xA57B94C7, 32, NDPI_PROTOCOL_TOR }, - { 0xA5FEFF10, 32, NDPI_PROTOCOL_TOR }, - { 0xA5FEFF10, 32, NDPI_PROTOCOL_TOR }, - { 0xA6460F0E, 32, NDPI_PROTOCOL_TOR }, - { 0xA6465E6A, 32, NDPI_PROTOCOL_TOR }, - { 0xA646CF02, 32, NDPI_PROTOCOL_TOR }, - { 0xA646D4B5, 32, NDPI_PROTOCOL_TOR }, - { 0xA64E0721, 32, NDPI_PROTOCOL_TOR }, - { 0xA65215C8, 32, NDPI_PROTOCOL_TOR }, - { 0xA6540737, 32, NDPI_PROTOCOL_TOR }, - { 0xA6540794, 32, NDPI_PROTOCOL_TOR }, - { 0xA7397143, 32, NDPI_PROTOCOL_TOR }, - { 0xA7582348, 32, NDPI_PROTOCOL_TOR }, - { 0xA758283F, 32, NDPI_PROTOCOL_TOR }, - { 0xA7582898, 32, NDPI_PROTOCOL_TOR }, - { 0xA75828C8, 32, NDPI_PROTOCOL_TOR }, - { 0xA75829BB, 32, NDPI_PROTOCOL_TOR }, - { 0xA75829C2, 32, NDPI_PROTOCOL_TOR }, - { 0xA7582BF6, 32, NDPI_PROTOCOL_TOR }, - { 0xA7582C32, 32, NDPI_PROTOCOL_TOR }, - { 0xA7582C33, 32, NDPI_PROTOCOL_TOR }, - { 0xA7582C34, 32, NDPI_PROTOCOL_TOR }, - { 0xA7587066, 32, NDPI_PROTOCOL_TOR }, - { 0xA7587D43, 32, NDPI_PROTOCOL_TOR }, - { 0xA77202C0, 32, NDPI_PROTOCOL_TOR }, - { 0xA7720390, 32, NDPI_PROTOCOL_TOR }, - { 0xA77203A6, 32, NDPI_PROTOCOL_TOR }, - { 0xA772243E, 32, NDPI_PROTOCOL_TOR }, - { 0xA7722489, 32, NDPI_PROTOCOL_TOR }, - { 0xA77229D3, 32, NDPI_PROTOCOL_TOR }, - { 0xA77229D3, 32, NDPI_PROTOCOL_TOR }, - { 0xA77229D4, 32, NDPI_PROTOCOL_TOR }, - { 0xA77229D4, 32, NDPI_PROTOCOL_TOR }, - { 0xA772423D, 32, NDPI_PROTOCOL_TOR }, - { 0xA77243CC, 32, NDPI_PROTOCOL_TOR }, - { 0xA77243D4, 32, NDPI_PROTOCOL_TOR }, - { 0xA7724418, 32, NDPI_PROTOCOL_TOR }, - { 0xA7724726, 32, NDPI_PROTOCOL_TOR }, - { 0xA77247BD, 32, NDPI_PROTOCOL_TOR }, - { 0xA7726116, 32, NDPI_PROTOCOL_TOR }, - { 0xA772629A, 32, NDPI_PROTOCOL_TOR }, - { 0xA772712E, 32, NDPI_PROTOCOL_TOR }, - { 0xA7727130, 32, NDPI_PROTOCOL_TOR }, - { 0xA7727288, 32, NDPI_PROTOCOL_TOR }, - { 0xA77272D1, 32, NDPI_PROTOCOL_TOR }, - { 0xA7729864, 32, NDPI_PROTOCOL_TOR }, - { 0xA7A02CC2, 32, NDPI_PROTOCOL_TOR }, - { 0xA7A02CE2, 32, NDPI_PROTOCOL_TOR }, - { 0xA7A0A39A, 32, NDPI_PROTOCOL_TOR }, - { 0xA83ED9D8, 32, NDPI_PROTOCOL_TOR }, - { 0xA867C3FA, 32, NDPI_PROTOCOL_TOR }, - { 0xA896FB0F, 32, NDPI_PROTOCOL_TOR }, - { 0xA8EB91AF, 32, NDPI_PROTOCOL_TOR }, - { 0xA8EB9238, 32, NDPI_PROTOCOL_TOR }, - { 0xA8EB9239, 32, NDPI_PROTOCOL_TOR }, - { 0xA8EB935E, 32, NDPI_PROTOCOL_TOR }, - { 0xA8EB9361, 32, NDPI_PROTOCOL_TOR }, - { 0xA8EB9664, 32, NDPI_PROTOCOL_TOR }, - { 0xA8EB9A60, 32, NDPI_PROTOCOL_TOR }, - { 0xA8EB9CA2, 32, NDPI_PROTOCOL_TOR }, - { 0xA9E57D1B, 32, NDPI_PROTOCOL_TOR }, - { 0xA9E57D1B, 32, NDPI_PROTOCOL_TOR }, - { 0xAA4BA251, 32, NDPI_PROTOCOL_TOR }, - { 0xAA4BA257, 32, NDPI_PROTOCOL_TOR }, - { 0xAA4BA3B4, 32, NDPI_PROTOCOL_TOR }, - { 0xAB19C109, 32, NDPI_PROTOCOL_TOR }, - { 0xAB19C114, 32, NDPI_PROTOCOL_TOR }, - { 0xAB19C14D, 32, NDPI_PROTOCOL_TOR }, - { 0xAB19C14E, 32, NDPI_PROTOCOL_TOR }, - { 0xAB19C1EB, 32, NDPI_PROTOCOL_TOR }, - { 0xAB655D88, 32, NDPI_PROTOCOL_TOR }, - { 0xAC07A4C5, 32, NDPI_PROTOCOL_TOR }, - { 0xACF51678, 32, NDPI_PROTOCOL_TOR }, - { 0xACF520B9, 32, NDPI_PROTOCOL_TOR }, - { 0xACF520BA, 32, NDPI_PROTOCOL_TOR }, - { 0xACF521F9, 32, NDPI_PROTOCOL_TOR }, - { 0xACF52416, 32, NDPI_PROTOCOL_TOR }, - { 0xACF53C64, 32, NDPI_PROTOCOL_TOR }, - { 0xACF5DB85, 32, NDPI_PROTOCOL_TOR }, - { 0xACFE0D7C, 32, NDPI_PROTOCOL_TOR }, - { 0xAD08664C, 32, NDPI_PROTOCOL_TOR }, - { 0xAD0B116C, 32, NDPI_PROTOCOL_TOR }, - { 0xAD0D8D1C, 32, NDPI_PROTOCOL_TOR }, - { 0xAD10B454, 32, NDPI_PROTOCOL_TOR }, - { 0xAD12E604, 32, NDPI_PROTOCOL_TOR }, - { 0xAD16F0E2, 32, NDPI_PROTOCOL_TOR }, - { 0xAD172ADB, 32, NDPI_PROTOCOL_TOR }, - { 0xAD1C491B, 32, NDPI_PROTOCOL_TOR }, - { 0xAD2C23B2, 32, NDPI_PROTOCOL_TOR }, - { 0xAD2C3ACA, 32, NDPI_PROTOCOL_TOR }, - { 0xAD2DE436, 32, NDPI_PROTOCOL_TOR }, - { 0xAD304BF6, 32, NDPI_PROTOCOL_TOR }, - { 0xAD30B617, 32, NDPI_PROTOCOL_TOR }, - { 0xAD335037, 32, NDPI_PROTOCOL_TOR }, - { 0xAD33C620, 32, NDPI_PROTOCOL_TOR }, - { 0xAD36711E, 32, NDPI_PROTOCOL_TOR }, - { 0xAD40C757, 32, NDPI_PROTOCOL_TOR }, - { 0xAD427043, 32, NDPI_PROTOCOL_TOR }, - { 0xAD45B52A, 32, NDPI_PROTOCOL_TOR }, - { 0xAD469914, 32, NDPI_PROTOCOL_TOR }, - { 0xAD46DD71, 32, NDPI_PROTOCOL_TOR }, - { 0xAD4717F9, 32, NDPI_PROTOCOL_TOR }, - { 0xAD479C14, 32, NDPI_PROTOCOL_TOR }, - { 0xAD49717D, 32, NDPI_PROTOCOL_TOR }, - { 0xAD4CA387, 32, NDPI_PROTOCOL_TOR }, - { 0xAD5980AC, 32, NDPI_PROTOCOL_TOR }, - { 0xADA0B4BD, 32, NDPI_PROTOCOL_TOR }, - { 0xADA103A9, 32, NDPI_PROTOCOL_TOR }, - { 0xADA48BC3, 32, NDPI_PROTOCOL_TOR }, - { 0xADA4CEB5, 32, NDPI_PROTOCOL_TOR }, - { 0xADA4DBFA, 32, NDPI_PROTOCOL_TOR }, - { 0xADA5F099, 32, NDPI_PROTOCOL_TOR }, - { 0xADA71245, 32, NDPI_PROTOCOL_TOR }, - { 0xADC769FE, 32, NDPI_PROTOCOL_TOR }, - { 0xADD0C4D7, 32, NDPI_PROTOCOL_TOR }, - { 0xADD0FBB2, 32, NDPI_PROTOCOL_TOR }, - { 0xADD56C74, 32, NDPI_PROTOCOL_TOR }, - { 0xADD5719B, 32, NDPI_PROTOCOL_TOR }, - { 0xADE45AE0, 32, NDPI_PROTOCOL_TOR }, - { 0xADE45B5B, 32, NDPI_PROTOCOL_TOR }, - { 0xADE65550, 32, NDPI_PROTOCOL_TOR }, - { 0xADE68199, 32, NDPI_PROTOCOL_TOR }, - { 0xADE683CF, 32, NDPI_PROTOCOL_TOR }, - { 0xADE683CF, 32, NDPI_PROTOCOL_TOR }, - { 0xADE686EE, 32, NDPI_PROTOCOL_TOR }, - { 0xADE68ABF, 32, NDPI_PROTOCOL_TOR }, - { 0xADE68E82, 32, NDPI_PROTOCOL_TOR }, - { 0xADE694EC, 32, NDPI_PROTOCOL_TOR }, - { 0xADE69504, 32, NDPI_PROTOCOL_TOR }, - { 0xADE69A5A, 32, NDPI_PROTOCOL_TOR }, - { 0xADE69AB8, 32, NDPI_PROTOCOL_TOR }, - { 0xADECF938, 32, NDPI_PROTOCOL_TOR }, - { 0xADECFAD3, 32, NDPI_PROTOCOL_TOR }, - { 0xADECFF8E, 32, NDPI_PROTOCOL_TOR }, - { 0xADEF4FD2, 32, NDPI_PROTOCOL_TOR }, - { 0xADF279C7, 32, NDPI_PROTOCOL_TOR }, - { 0xADF66823, 32, NDPI_PROTOCOL_TOR }, - { 0xADF6FE86, 32, NDPI_PROTOCOL_TOR }, - { 0xADFED0A8, 32, NDPI_PROTOCOL_TOR }, - { 0xADFED842, 32, NDPI_PROTOCOL_TOR }, - { 0xADFED843, 32, NDPI_PROTOCOL_TOR }, - { 0xADFED844, 32, NDPI_PROTOCOL_TOR }, - { 0xADFED845, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFC24D, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFC41E, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFCD71, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFD1B5, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFD2CD, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFD3AF, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFDA6A, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFDCAB, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFDD60, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFE28E, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFE455, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFE459, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFE486, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFE8C0, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFE93C, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFED6B, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFED6B, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFEDA5, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFF217, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFF259, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFF574, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFF64E, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFF6A2, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFF7F7, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFF812, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFF869, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFF9DE, 32, NDPI_PROTOCOL_TOR }, - { 0xADFFFAF0, 32, NDPI_PROTOCOL_TOR }, - { 0xAE03A82A, 32, NDPI_PROTOCOL_TOR }, - { 0xAE064AC1, 32, NDPI_PROTOCOL_TOR }, - { 0xAE15F745, 32, NDPI_PROTOCOL_TOR }, - { 0xAE1D40A4, 32, NDPI_PROTOCOL_TOR }, - { 0xAE2DB58A, 32, NDPI_PROTOCOL_TOR }, - { 0xAE32F679, 32, NDPI_PROTOCOL_TOR }, - { 0xAE3E4833, 32, NDPI_PROTOCOL_TOR }, - { 0xAE3F713C, 32, NDPI_PROTOCOL_TOR }, - { 0xAE463C5C, 32, NDPI_PROTOCOL_TOR }, - { 0xAE475A25, 32, NDPI_PROTOCOL_TOR }, - { 0xAE5F6BA7, 32, NDPI_PROTOCOL_TOR }, - { 0xAE60D6AE, 32, NDPI_PROTOCOL_TOR }, - { 0xAE6208CA, 32, NDPI_PROTOCOL_TOR }, - { 0xAE6328BE, 32, NDPI_PROTOCOL_TOR }, - { 0xAE6C43BC, 32, NDPI_PROTOCOL_TOR }, - { 0xAE6D6112, 32, NDPI_PROTOCOL_TOR }, - { 0xAE7E102D, 32, NDPI_PROTOCOL_TOR }, - { 0xAE886956, 32, NDPI_PROTOCOL_TOR }, - { 0xAE8AC693, 32, NDPI_PROTOCOL_TOR }, - { 0xAE8FF3F7, 32, NDPI_PROTOCOL_TOR }, - { 0xAF648B8C, 32, NDPI_PROTOCOL_TOR }, - { 0xAF8741DE, 32, NDPI_PROTOCOL_TOR }, - { 0xB00901D3, 32, NDPI_PROTOCOL_TOR }, - { 0xB00904CE, 32, NDPI_PROTOCOL_TOR }, - { 0xB0090574, 32, NDPI_PROTOCOL_TOR }, - { 0xB0091051, 32, NDPI_PROTOCOL_TOR }, - { 0xB0091948, 32, NDPI_PROTOCOL_TOR }, - { 0xB00926C6, 32, NDPI_PROTOCOL_TOR }, - { 0xB0092E8D, 32, NDPI_PROTOCOL_TOR }, - { 0xB00932F0, 32, NDPI_PROTOCOL_TOR }, - { 0xB009368E, 32, NDPI_PROTOCOL_TOR }, - { 0xB0095425, 32, NDPI_PROTOCOL_TOR }, - { 0xB009558D, 32, NDPI_PROTOCOL_TOR }, - { 0xB0095AD7, 32, NDPI_PROTOCOL_TOR }, - { 0xB0096708, 32, NDPI_PROTOCOL_TOR }, - { 0xB0096714, 32, NDPI_PROTOCOL_TOR }, - { 0xB0096B68, 32, NDPI_PROTOCOL_TOR }, - { 0xB00977A7, 32, NDPI_PROTOCOL_TOR }, - { 0xB0097DD1, 32, NDPI_PROTOCOL_TOR }, - { 0xB0098BFC, 32, NDPI_PROTOCOL_TOR }, - { 0xB0098C6C, 32, NDPI_PROTOCOL_TOR }, - { 0xB0098FC8, 32, NDPI_PROTOCOL_TOR }, - { 0xB0098FD0, 32, NDPI_PROTOCOL_TOR }, - { 0xB00991C2, 32, NDPI_PROTOCOL_TOR }, - { 0xB0099344, 32, NDPI_PROTOCOL_TOR }, - { 0xB00994B0, 32, NDPI_PROTOCOL_TOR }, - { 0xB0099D4D, 32, NDPI_PROTOCOL_TOR }, - { 0xB009B42F, 32, NDPI_PROTOCOL_TOR }, - { 0xB009C0AB, 32, NDPI_PROTOCOL_TOR }, - { 0xB009ED02, 32, NDPI_PROTOCOL_TOR }, - { 0xB00A63C8, 32, NDPI_PROTOCOL_TOR }, - { 0xB00A63C8, 32, NDPI_PROTOCOL_TOR }, - { 0xB00A63C9, 32, NDPI_PROTOCOL_TOR }, - { 0xB00A63C9, 32, NDPI_PROTOCOL_TOR }, - { 0xB00A63CA, 32, NDPI_PROTOCOL_TOR }, - { 0xB00A63CA, 32, NDPI_PROTOCOL_TOR }, - { 0xB00A63CB, 32, NDPI_PROTOCOL_TOR }, - { 0xB00A63CB, 32, NDPI_PROTOCOL_TOR }, - { 0xB00A63CC, 32, NDPI_PROTOCOL_TOR }, - { 0xB00A63CC, 32, NDPI_PROTOCOL_TOR }, - { 0xB00A63CD, 32, NDPI_PROTOCOL_TOR }, - { 0xB00A63CD, 32, NDPI_PROTOCOL_TOR }, - { 0xB00A63CE, 32, NDPI_PROTOCOL_TOR }, - { 0xB00A63CE, 32, NDPI_PROTOCOL_TOR }, - { 0xB00A63CF, 32, NDPI_PROTOCOL_TOR }, - { 0xB00A63CF, 32, NDPI_PROTOCOL_TOR }, - { 0xB00A63D0, 32, NDPI_PROTOCOL_TOR }, - { 0xB00A63D0, 32, NDPI_PROTOCOL_TOR }, - { 0xB00A63D1, 32, NDPI_PROTOCOL_TOR }, - { 0xB00A63D1, 32, NDPI_PROTOCOL_TOR }, - { 0xB00A6BB4, 32, NDPI_PROTOCOL_TOR }, - { 0xB00A74A9, 32, NDPI_PROTOCOL_TOR }, - { 0xB00AFA4F, 32, NDPI_PROTOCOL_TOR }, - { 0xB00AFDDB, 32, NDPI_PROTOCOL_TOR }, - { 0xB00AFE87, 32, NDPI_PROTOCOL_TOR }, - { 0xB00C1D0C, 32, NDPI_PROTOCOL_TOR }, - { 0xB00C6B1E, 32, NDPI_PROTOCOL_TOR }, - { 0xB00E717E, 32, NDPI_PROTOCOL_TOR }, - { 0xB00F49B5, 32, NDPI_PROTOCOL_TOR }, - { 0xB00FBBA1, 32, NDPI_PROTOCOL_TOR }, - { 0xB01C0978, 32, NDPI_PROTOCOL_TOR }, - { 0xB01C0B2A, 32, NDPI_PROTOCOL_TOR }, - { 0xB01C1F79, 32, NDPI_PROTOCOL_TOR }, - { 0xB01C305E, 32, NDPI_PROTOCOL_TOR }, - { 0xB01C36D5, 32, NDPI_PROTOCOL_TOR }, - { 0xB01F1C3F, 32, NDPI_PROTOCOL_TOR }, - { 0xB01F2395, 32, NDPI_PROTOCOL_TOR }, - { 0xB01F323D, 32, NDPI_PROTOCOL_TOR }, - { 0xB01F4255, 32, NDPI_PROTOCOL_TOR }, - { 0xB01F7158, 32, NDPI_PROTOCOL_TOR }, - { 0xB01F7494, 32, NDPI_PROTOCOL_TOR }, - { 0xB01F7827, 32, NDPI_PROTOCOL_TOR }, - { 0xB01F989F, 32, NDPI_PROTOCOL_TOR }, - { 0xB01F9CC7, 32, NDPI_PROTOCOL_TOR }, - { 0xB01FB509, 32, NDPI_PROTOCOL_TOR }, - { 0xB01FBF1A, 32, NDPI_PROTOCOL_TOR }, - { 0xB024237E, 32, NDPI_PROTOCOL_TOR }, - { 0xB0245D6B, 32, NDPI_PROTOCOL_TOR }, - { 0xB02496F6, 32, NDPI_PROTOCOL_TOR }, - { 0xB0249F29, 32, NDPI_PROTOCOL_TOR }, - { 0xB0268C0D, 32, NDPI_PROTOCOL_TOR }, - { 0xB03515A2, 32, NDPI_PROTOCOL_TOR }, - { 0xB0357FC2, 32, NDPI_PROTOCOL_TOR }, - { 0xB035E825, 32, NDPI_PROTOCOL_TOR }, - { 0xB038EC53, 32, NDPI_PROTOCOL_TOR }, - { 0xB038ECAD, 32, NDPI_PROTOCOL_TOR }, - { 0xB038ED5A, 32, NDPI_PROTOCOL_TOR }, - { 0xB038EDBF, 32, NDPI_PROTOCOL_TOR }, - { 0xB03A59BC, 32, NDPI_PROTOCOL_TOR }, - { 0xB03A60C7, 32, NDPI_PROTOCOL_TOR }, - { 0xB03A61C9, 32, NDPI_PROTOCOL_TOR }, - { 0xB03A6462, 32, NDPI_PROTOCOL_TOR }, - { 0xB03A6711, 32, NDPI_PROTOCOL_TOR }, - { 0xB03A6A59, 32, NDPI_PROTOCOL_TOR }, - { 0xB03A6AC0, 32, NDPI_PROTOCOL_TOR }, - { 0xB03A7317, 32, NDPI_PROTOCOL_TOR }, - { 0xB03A7816, 32, NDPI_PROTOCOL_TOR }, - { 0xB03A799F, 32, NDPI_PROTOCOL_TOR }, - { 0xB03A9FAF, 32, NDPI_PROTOCOL_TOR }, - { 0xB03D89DD, 32, NDPI_PROTOCOL_TOR }, - { 0xB043AC1E, 32, NDPI_PROTOCOL_TOR }, - { 0xB049E604, 32, NDPI_PROTOCOL_TOR }, - { 0xB04D1A58, 32, NDPI_PROTOCOL_TOR }, - { 0xB04D226A, 32, NDPI_PROTOCOL_TOR }, - { 0xB04D2746, 32, NDPI_PROTOCOL_TOR }, - { 0xB04D29B7, 32, NDPI_PROTOCOL_TOR }, - { 0xB05019F4, 32, NDPI_PROTOCOL_TOR }, - { 0xB063C782, 32, NDPI_PROTOCOL_TOR }, - { 0xB0678035, 32, NDPI_PROTOCOL_TOR }, - { 0xB06A3636, 32, NDPI_PROTOCOL_TOR }, - { 0xB06A6B2F, 32, NDPI_PROTOCOL_TOR }, - { 0xB06CA0F1, 32, NDPI_PROTOCOL_TOR }, - { 0xB06CA0F2, 32, NDPI_PROTOCOL_TOR }, - { 0xB06CA0FD, 32, NDPI_PROTOCOL_TOR }, - { 0xB072F82F, 32, NDPI_PROTOCOL_TOR }, - { 0xB0744531, 32, NDPI_PROTOCOL_TOR }, - { 0xB0746831, 32, NDPI_PROTOCOL_TOR }, - { 0xB075128D, 32, NDPI_PROTOCOL_TOR }, - { 0xB07B065E, 32, NDPI_PROTOCOL_TOR }, - { 0xB07B0665, 32, NDPI_PROTOCOL_TOR }, - { 0xB07B1C1F, 32, NDPI_PROTOCOL_TOR }, - { 0xB07B1C22, 32, NDPI_PROTOCOL_TOR }, - { 0xB07EF45B, 32, NDPI_PROTOCOL_TOR }, - { 0xB07EFC0B, 32, NDPI_PROTOCOL_TOR }, - { 0xB07EFC0C, 32, NDPI_PROTOCOL_TOR }, - { 0xB0BCDE53, 32, NDPI_PROTOCOL_TOR }, - { 0xB0BD2641, 32, NDPI_PROTOCOL_TOR }, - { 0xB0BD77B6, 32, NDPI_PROTOCOL_TOR }, - { 0xB0C17D30, 32, NDPI_PROTOCOL_TOR }, - { 0xB0C20E92, 32, NDPI_PROTOCOL_TOR }, - { 0xB0C62CC4, 32, NDPI_PROTOCOL_TOR }, - { 0xB0C65C86, 32, NDPI_PROTOCOL_TOR }, - { 0xB0C6642D, 32, NDPI_PROTOCOL_TOR }, - { 0xB0C67537, 32, NDPI_PROTOCOL_TOR }, - { 0xB0C7E07F, 32, NDPI_PROTOCOL_TOR }, - { 0xB0C7E590, 32, NDPI_PROTOCOL_TOR }, - { 0xB0D496A3, 32, NDPI_PROTOCOL_TOR }, - { 0xB0DD2E35, 32, NDPI_PROTOCOL_TOR }, - { 0xB0DECAC3, 32, NDPI_PROTOCOL_TOR }, - { 0xB0E2DAFF, 32, NDPI_PROTOCOL_TOR }, - { 0xB10648C6, 32, NDPI_PROTOCOL_TOR }, - { 0xB12F6D15, 32, NDPI_PROTOCOL_TOR }, - { 0xB15C1B98, 32, NDPI_PROTOCOL_TOR }, - { 0xB18D1209, 32, NDPI_PROTOCOL_TOR }, - { 0xB194ACC4, 32, NDPI_PROTOCOL_TOR }, - { 0xB1BC41E6, 32, NDPI_PROTOCOL_TOR }, - { 0xB1CD10C8, 32, NDPI_PROTOCOL_TOR }, - { 0xB2011DB1, 32, NDPI_PROTOCOL_TOR }, - { 0xB202DFF0, 32, NDPI_PROTOCOL_TOR }, - { 0xB202E307, 32, NDPI_PROTOCOL_TOR }, - { 0xB2031B59, 32, NDPI_PROTOCOL_TOR }, - { 0xB204CFB7, 32, NDPI_PROTOCOL_TOR }, - { 0xB2067327, 32, NDPI_PROTOCOL_TOR }, - { 0xB2070DE7, 32, NDPI_PROTOCOL_TOR }, - { 0xB20BA25E, 32, NDPI_PROTOCOL_TOR }, - { 0xB2102D5A, 32, NDPI_PROTOCOL_TOR }, - { 0xB210D038, 32, NDPI_PROTOCOL_TOR }, - { 0xB210D039, 32, NDPI_PROTOCOL_TOR }, - { 0xB211AA0B, 32, NDPI_PROTOCOL_TOR }, - { 0xB211AA13, 32, NDPI_PROTOCOL_TOR }, - { 0xB212106C, 32, NDPI_PROTOCOL_TOR }, - { 0xB21211CC, 32, NDPI_PROTOCOL_TOR }, - { 0xB21211EA, 32, NDPI_PROTOCOL_TOR }, - { 0xB21253D7, 32, NDPI_PROTOCOL_TOR }, - { 0xB2128308, 32, NDPI_PROTOCOL_TOR }, - { 0xB2143710, 32, NDPI_PROTOCOL_TOR }, - { 0xB2143712, 32, NDPI_PROTOCOL_TOR }, - { 0xB2151456, 32, NDPI_PROTOCOL_TOR }, - { 0xB2157245, 32, NDPI_PROTOCOL_TOR }, - { 0xB21572B9, 32, NDPI_PROTOCOL_TOR }, - { 0xB2182081, 32, NDPI_PROTOCOL_TOR }, - { 0xB218CF5C, 32, NDPI_PROTOCOL_TOR }, - { 0xB21944AC, 32, NDPI_PROTOCOL_TOR }, - { 0xB21968A9, 32, NDPI_PROTOCOL_TOR }, - { 0xB2198DE6, 32, NDPI_PROTOCOL_TOR }, - { 0xB21A57B7, 32, NDPI_PROTOCOL_TOR }, - { 0xB21A76A9, 32, NDPI_PROTOCOL_TOR }, - { 0xB21A8269, 32, NDPI_PROTOCOL_TOR }, - { 0xB21AB707, 32, NDPI_PROTOCOL_TOR }, - { 0xB21AC341, 32, NDPI_PROTOCOL_TOR }, - { 0xB21B383A, 32, NDPI_PROTOCOL_TOR }, - { 0xB21B78E5, 32, NDPI_PROTOCOL_TOR }, - { 0xB21B7ACB, 32, NDPI_PROTOCOL_TOR }, - { 0xB220225B, 32, NDPI_PROTOCOL_TOR }, - { 0xB2202C9D, 32, NDPI_PROTOCOL_TOR }, - { 0xB2203E91, 32, NDPI_PROTOCOL_TOR }, - { 0xB22064D7, 32, NDPI_PROTOCOL_TOR }, - { 0xB220784B, 32, NDPI_PROTOCOL_TOR }, - { 0xB2207A41, 32, NDPI_PROTOCOL_TOR }, - { 0xB2208FAF, 32, NDPI_PROTOCOL_TOR }, - { 0xB2208FAF, 32, NDPI_PROTOCOL_TOR }, - { 0xB220B560, 32, NDPI_PROTOCOL_TOR }, - { 0xB220B561, 32, NDPI_PROTOCOL_TOR }, - { 0xB220B562, 32, NDPI_PROTOCOL_TOR }, - { 0xB220B563, 32, NDPI_PROTOCOL_TOR }, - { 0xB220D861, 32, NDPI_PROTOCOL_TOR }, - { 0xB220D892, 32, NDPI_PROTOCOL_TOR }, - { 0xB220DBC5, 32, NDPI_PROTOCOL_TOR }, - { 0xB220DC0C, 32, NDPI_PROTOCOL_TOR }, - { 0xB220DC18, 32, NDPI_PROTOCOL_TOR }, - { 0xB220DD97, 32, NDPI_PROTOCOL_TOR }, - { 0xB220DDCF, 32, NDPI_PROTOCOL_TOR }, - { 0xB220DE15, 32, NDPI_PROTOCOL_TOR }, - { 0xB220EE9E, 32, NDPI_PROTOCOL_TOR }, - { 0xB2212397, 32, NDPI_PROTOCOL_TOR }, - { 0xB22170AB, 32, NDPI_PROTOCOL_TOR }, - { 0xB22EA34B, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E0999, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E0E7F, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E0E97, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E102A, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E12D7, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E1384, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E1A53, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E2520, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E27CA, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E2E07, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E3405, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E354B, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E36E3, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E38A3, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E3910, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E3A50, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E414D, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E4DB6, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E4E51, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E507C, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E5660, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E56CE, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E5A6F, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E5D24, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E5EF3, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E60A0, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E64C1, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E6892, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E6DA4, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E6E8D, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E6F30, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E7047, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E769A, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E83D8, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E9871, 32, NDPI_PROTOCOL_TOR }, - { 0xB23E9E9C, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EA3E3, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EA7B2, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EADCB, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EB2E4, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EB893, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EBA9B, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EBD4F, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EC4B1, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EC658, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EC6D5, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EC7E2, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EC927, 32, NDPI_PROTOCOL_TOR }, - { 0xB23ECC5B, 32, NDPI_PROTOCOL_TOR }, - { 0xB23ECC63, 32, NDPI_PROTOCOL_TOR }, - { 0xB23ED1FC, 32, NDPI_PROTOCOL_TOR }, - { 0xB23ED47B, 32, NDPI_PROTOCOL_TOR }, - { 0xB23ED986, 32, NDPI_PROTOCOL_TOR }, - { 0xB23ED9E9, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EDAA0, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EDE81, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EE525, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EE5D1, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EE707, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EEA99, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EEB68, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EEE78, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EF11E, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EF140, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EF877, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EFB08, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EFC52, 32, NDPI_PROTOCOL_TOR }, - { 0xB23EFCEA, 32, NDPI_PROTOCOL_TOR }, - { 0xB23F00A1, 32, NDPI_PROTOCOL_TOR }, - { 0xB23F1030, 32, NDPI_PROTOCOL_TOR }, - { 0xB23F2E61, 32, NDPI_PROTOCOL_TOR }, - { 0xB23F3D43, 32, NDPI_PROTOCOL_TOR }, - { 0xB23F41B3, 32, NDPI_PROTOCOL_TOR }, - { 0xB23F4AC4, 32, NDPI_PROTOCOL_TOR }, - { 0xB23F4AF5, 32, NDPI_PROTOCOL_TOR }, - { 0xB23F5E90, 32, NDPI_PROTOCOL_TOR }, - { 0xB23F604F, 32, NDPI_PROTOCOL_TOR }, - { 0xB23F6122, 32, NDPI_PROTOCOL_TOR }, - { 0xB23F65C5, 32, NDPI_PROTOCOL_TOR }, - { 0xB23F6E97, 32, NDPI_PROTOCOL_TOR }, - { 0xB23F749D, 32, NDPI_PROTOCOL_TOR }, - { 0xB23F91E2, 32, NDPI_PROTOCOL_TOR }, - { 0xB23F9A5D, 32, NDPI_PROTOCOL_TOR }, - { 0xB23FA2D4, 32, NDPI_PROTOCOL_TOR }, - { 0xB23FD133, 32, NDPI_PROTOCOL_TOR }, - { 0xB24021FC, 32, NDPI_PROTOCOL_TOR }, - { 0xB246D353, 32, NDPI_PROTOCOL_TOR }, - { 0xB248584D, 32, NDPI_PROTOCOL_TOR }, - { 0xB249D276, 32, NDPI_PROTOCOL_TOR }, - { 0xB249D2F0, 32, NDPI_PROTOCOL_TOR }, - { 0xB24A67E4, 32, NDPI_PROTOCOL_TOR }, - { 0xB24D627C, 32, NDPI_PROTOCOL_TOR }, - { 0xB24D7B29, 32, NDPI_PROTOCOL_TOR }, - { 0xB24ED425, 32, NDPI_PROTOCOL_TOR }, - { 0xB24EEAC3, 32, NDPI_PROTOCOL_TOR }, - { 0xB24F8540, 32, NDPI_PROTOCOL_TOR }, - { 0xB24F8623, 32, NDPI_PROTOCOL_TOR }, - { 0xB24F86B7, 32, NDPI_PROTOCOL_TOR }, - { 0xB24F86B7, 32, NDPI_PROTOCOL_TOR }, - { 0xB24F86C4, 32, NDPI_PROTOCOL_TOR }, - { 0xB24F88E6, 32, NDPI_PROTOCOL_TOR }, - { 0xB24F8B11, 32, NDPI_PROTOCOL_TOR }, - { 0xB24F8B2E, 32, NDPI_PROTOCOL_TOR }, - { 0xB24F8D6C, 32, NDPI_PROTOCOL_TOR }, - { 0xB24F8EE0, 32, NDPI_PROTOCOL_TOR }, - { 0xB24F901C, 32, NDPI_PROTOCOL_TOR }, - { 0xB24F901C, 32, NDPI_PROTOCOL_TOR }, - { 0xB24F9D24, 32, NDPI_PROTOCOL_TOR }, - { 0xB24F9D24, 32, NDPI_PROTOCOL_TOR }, - { 0xB24F9F93, 32, NDPI_PROTOCOL_TOR }, - { 0xB24F9FE0, 32, NDPI_PROTOCOL_TOR }, - { 0xB24FA039, 32, NDPI_PROTOCOL_TOR }, - { 0xB24FA198, 32, NDPI_PROTOCOL_TOR }, - { 0xB24FA1B1, 32, NDPI_PROTOCOL_TOR }, - { 0xB24FA1ED, 32, NDPI_PROTOCOL_TOR }, - { 0xB24FA1ED, 32, NDPI_PROTOCOL_TOR }, - { 0xB24FA3A9, 32, NDPI_PROTOCOL_TOR }, - { 0xB24FA515, 32, NDPI_PROTOCOL_TOR }, - { 0xB24FA858, 32, NDPI_PROTOCOL_TOR }, - { 0xB24FAAAD, 32, NDPI_PROTOCOL_TOR }, - { 0xB24FAAB5, 32, NDPI_PROTOCOL_TOR }, - { 0xB24FAAB5, 32, NDPI_PROTOCOL_TOR }, - { 0xB24FB060, 32, NDPI_PROTOCOL_TOR }, - { 0xB24FB072, 32, NDPI_PROTOCOL_TOR }, - { 0xB24FB0B9, 32, NDPI_PROTOCOL_TOR }, - { 0xB24FB5E6, 32, NDPI_PROTOCOL_TOR }, - { 0xB24FBCD4, 32, NDPI_PROTOCOL_TOR }, - { 0xB2520865, 32, NDPI_PROTOCOL_TOR }, - { 0xB2522270, 32, NDPI_PROTOCOL_TOR }, - { 0xB2522871, 32, NDPI_PROTOCOL_TOR }, - { 0xB2524269, 32, NDPI_PROTOCOL_TOR }, - { 0xB2534549, 32, NDPI_PROTOCOL_TOR }, - { 0xB2560A58, 32, NDPI_PROTOCOL_TOR }, - { 0xB281AD8F, 32, NDPI_PROTOCOL_TOR }, - { 0xB289B71D, 32, NDPI_PROTOCOL_TOR }, - { 0xB28C33AD, 32, NDPI_PROTOCOL_TOR }, - { 0xB28C33AD, 32, NDPI_PROTOCOL_TOR }, - { 0xB28C6812, 32, NDPI_PROTOCOL_TOR }, - { 0xB28CC54B, 32, NDPI_PROTOCOL_TOR }, - { 0xB28E0705, 32, NDPI_PROTOCOL_TOR }, - { 0xB2A23DD6, 32, NDPI_PROTOCOL_TOR }, - { 0xB2A242D4, 32, NDPI_PROTOCOL_TOR }, - { 0xB2A2C21E, 32, NDPI_PROTOCOL_TOR }, - { 0xB2A2C252, 32, NDPI_PROTOCOL_TOR }, - { 0xB2A2C2D2, 32, NDPI_PROTOCOL_TOR }, - { 0xB2A2C505, 32, NDPI_PROTOCOL_TOR }, - { 0xB2A746AA, 32, NDPI_PROTOCOL_TOR }, - { 0xB2AA6FC2, 32, NDPI_PROTOCOL_TOR }, - { 0xB2AF83C2, 32, NDPI_PROTOCOL_TOR }, - { 0xB2AF8B8A, 32, NDPI_PROTOCOL_TOR }, - { 0xB2AF8B8A, 32, NDPI_PROTOCOL_TOR }, - { 0xB2AF8B8B, 32, NDPI_PROTOCOL_TOR }, - { 0xB2AF8B8B, 32, NDPI_PROTOCOL_TOR }, - { 0xB2AF8B8C, 32, NDPI_PROTOCOL_TOR }, - { 0xB2AF8B8C, 32, NDPI_PROTOCOL_TOR }, - { 0xB2AF8B8D, 32, NDPI_PROTOCOL_TOR }, - { 0xB2AF8B8D, 32, NDPI_PROTOCOL_TOR }, - { 0xB2AF8B8E, 32, NDPI_PROTOCOL_TOR }, - { 0xB2AF8B8E, 32, NDPI_PROTOCOL_TOR }, - { 0xB2BA743C, 32, NDPI_PROTOCOL_TOR }, - { 0xB2BED2D1, 32, NDPI_PROTOCOL_TOR }, - { 0xB2BFC29E, 32, NDPI_PROTOCOL_TOR }, - { 0xB2C0BBAF, 32, NDPI_PROTOCOL_TOR }, - { 0xB2C3EA94, 32, NDPI_PROTOCOL_TOR }, - { 0xB2C7EAC0, 32, NDPI_PROTOCOL_TOR }, - { 0xB2C861B6, 32, NDPI_PROTOCOL_TOR }, - { 0xB2C8CBEE, 32, NDPI_PROTOCOL_TOR }, - { 0xB2C8EE97, 32, NDPI_PROTOCOL_TOR }, - { 0xB2C92FF5, 32, NDPI_PROTOCOL_TOR }, - { 0xB2C98985, 32, NDPI_PROTOCOL_TOR }, - { 0xB2C9B19C, 32, NDPI_PROTOCOL_TOR }, - { 0xB2CA6B7B, 32, NDPI_PROTOCOL_TOR }, - { 0xB2CB9302, 32, NDPI_PROTOCOL_TOR }, - { 0xB2CB9A4F, 32, NDPI_PROTOCOL_TOR }, - { 0xB2CBBF12, 32, NDPI_PROTOCOL_TOR }, - { 0xB2D13297, 32, NDPI_PROTOCOL_TOR }, - { 0xB2D13363, 32, NDPI_PROTOCOL_TOR }, - { 0xB2D134A2, 32, NDPI_PROTOCOL_TOR }, - { 0xB2D3238A, 32, NDPI_PROTOCOL_TOR }, - { 0xB2D808F5, 32, NDPI_PROTOCOL_TOR }, - { 0xB2D83B33, 32, NDPI_PROTOCOL_TOR }, - { 0xB2D85C75, 32, NDPI_PROTOCOL_TOR }, - { 0xB2D9B820, 32, NDPI_PROTOCOL_TOR }, - { 0xB2D9B943, 32, NDPI_PROTOCOL_TOR }, - { 0xB2D9BB05, 32, NDPI_PROTOCOL_TOR }, - { 0xB2D9BB06, 32, NDPI_PROTOCOL_TOR }, - { 0xB2D9BB27, 32, NDPI_PROTOCOL_TOR }, - { 0xB2DBF5D6, 32, NDPI_PROTOCOL_TOR }, - { 0xB2EEDF43, 32, NDPI_PROTOCOL_TOR }, - { 0xB2EEE084, 32, NDPI_PROTOCOL_TOR }, - { 0xB2EEE16C, 32, NDPI_PROTOCOL_TOR }, - { 0xB2EEE19E, 32, NDPI_PROTOCOL_TOR }, - { 0xB2EEE40C, 32, NDPI_PROTOCOL_TOR }, - { 0xB2EEED2C, 32, NDPI_PROTOCOL_TOR }, - { 0xB2EF3CAC, 32, NDPI_PROTOCOL_TOR }, - { 0xB2EFB113, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FAF3D9, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FD60A6, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE0615, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE08BB, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE0987, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE1486, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE1486, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE16E4, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE193E, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE19A5, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE1AF4, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE1C14, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE1E56, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE1FAD, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE1FD1, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE23E0, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE25C5, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE2805, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE2BF4, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE2C5B, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE2C5B, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE2C87, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE2C87, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE2CEA, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE2CEA, 32, NDPI_PROTOCOL_TOR }, - { 0xB2FE3765, 32, NDPI_PROTOCOL_TOR }, - { 0xB300C293, 32, NDPI_PROTOCOL_TOR }, - { 0xB32B8522, 32, NDPI_PROTOCOL_TOR }, - { 0xB36FE5E8, 32, NDPI_PROTOCOL_TOR }, - { 0xB3E8F4B7, 32, NDPI_PROTOCOL_TOR }, - { 0xB4DE4452, 32, NDPI_PROTOCOL_TOR }, - { 0xB529C599, 32, NDPI_PROTOCOL_TOR }, - { 0xB529DB75, 32, NDPI_PROTOCOL_TOR }, - { 0xB52E9531, 32, NDPI_PROTOCOL_TOR }, - { 0xB5A073AC, 32, NDPI_PROTOCOL_TOR }, - { 0xB6A70430, 32, NDPI_PROTOCOL_TOR }, - { 0xB7574B02, 32, NDPI_PROTOCOL_TOR }, - { 0xB75806AD, 32, NDPI_PROTOCOL_TOR }, - { 0xB8129B07, 32, NDPI_PROTOCOL_TOR }, - { 0xB812D6D9, 32, NDPI_PROTOCOL_TOR }, - { 0xB8230910, 32, NDPI_PROTOCOL_TOR }, - { 0xB827A1D3, 32, NDPI_PROTOCOL_TOR }, - { 0xB8486A34, 32, NDPI_PROTOCOL_TOR }, - { 0xB84E9433, 32, NDPI_PROTOCOL_TOR }, - { 0xB85EE222, 32, NDPI_PROTOCOL_TOR }, - { 0xB8645406, 32, NDPI_PROTOCOL_TOR }, - { 0xB869CB85, 32, NDPI_PROTOCOL_TOR }, - { 0xB869DC18, 32, NDPI_PROTOCOL_TOR }, - { 0xB869EB44, 32, NDPI_PROTOCOL_TOR }, - { 0xB86A6DF4, 32, NDPI_PROTOCOL_TOR }, - { 0xB86AD762, 32, NDPI_PROTOCOL_TOR }, - { 0xB8944B0F, 32, NDPI_PROTOCOL_TOR }, - { 0xB89BBBCD, 32, NDPI_PROTOCOL_TOR }, - { 0xB8A3447D, 32, NDPI_PROTOCOL_TOR }, - { 0xB8A48472, 32, NDPI_PROTOCOL_TOR }, - { 0xB8A4F401, 32, NDPI_PROTOCOL_TOR }, - { 0xB8A4F601, 32, NDPI_PROTOCOL_TOR }, - { 0xB8AA68F7, 32, NDPI_PROTOCOL_TOR }, - { 0xB8AF118B, 32, NDPI_PROTOCOL_TOR }, - { 0xB8AF2873, 32, NDPI_PROTOCOL_TOR }, - { 0xB8B07919, 32, NDPI_PROTOCOL_TOR }, - { 0xB8B705CB, 32, NDPI_PROTOCOL_TOR }, - { 0xB904E322, 32, NDPI_PROTOCOL_TOR }, - { 0xB9050983, 32, NDPI_PROTOCOL_TOR }, - { 0xB9053482, 32, NDPI_PROTOCOL_TOR }, - { 0xB905355D, 32, NDPI_PROTOCOL_TOR }, - { 0xB907944E, 32, NDPI_PROTOCOL_TOR }, - { 0xB908EC83, 32, NDPI_PROTOCOL_TOR }, - { 0xB908ED1B, 32, NDPI_PROTOCOL_TOR }, - { 0xB908EDD0, 32, NDPI_PROTOCOL_TOR }, - { 0xB908EE42, 32, NDPI_PROTOCOL_TOR }, - { 0xB908EE8B, 32, NDPI_PROTOCOL_TOR }, - { 0xB908EE8C, 32, NDPI_PROTOCOL_TOR }, - { 0xB90A1DF7, 32, NDPI_PROTOCOL_TOR }, - { 0xB90A4750, 32, NDPI_PROTOCOL_TOR }, - { 0xB90BA670, 32, NDPI_PROTOCOL_TOR }, - { 0xB90C0C85, 32, NDPI_PROTOCOL_TOR }, - { 0xB90C0E76, 32, NDPI_PROTOCOL_TOR }, - { 0xB90D259E, 32, NDPI_PROTOCOL_TOR }, - { 0xB90D2631, 32, NDPI_PROTOCOL_TOR }, - { 0xB90D2684, 32, NDPI_PROTOCOL_TOR }, - { 0xB90D26B9, 32, NDPI_PROTOCOL_TOR }, - { 0xB90D27C5, 32, NDPI_PROTOCOL_TOR }, - { 0xB90E1C6A, 32, NDPI_PROTOCOL_TOR }, - { 0xB90E1F3B, 32, NDPI_PROTOCOL_TOR }, - { 0xB90EB80D, 32, NDPI_PROTOCOL_TOR }, - { 0xB90EB9F0, 32, NDPI_PROTOCOL_TOR }, - { 0xB90FF47C, 32, NDPI_PROTOCOL_TOR }, - { 0xB9103C53, 32, NDPI_PROTOCOL_TOR }, - { 0xB9107C88, 32, NDPI_PROTOCOL_TOR }, - { 0xB910AC9B, 32, NDPI_PROTOCOL_TOR }, - { 0xB910AD54, 32, NDPI_PROTOCOL_TOR }, - { 0xB910AD56, 32, NDPI_PROTOCOL_TOR }, - { 0xB910C8B0, 32, NDPI_PROTOCOL_TOR }, - { 0xB910C91C, 32, NDPI_PROTOCOL_TOR }, - { 0xB911908A, 32, NDPI_PROTOCOL_TOR }, - { 0xB911B8E4, 32, NDPI_PROTOCOL_TOR }, - { 0xB9129404, 32, NDPI_PROTOCOL_TOR }, - { 0xB9135724, 32, NDPI_PROTOCOL_TOR }, - { 0xB9156432, 32, NDPI_PROTOCOL_TOR }, - { 0xB915671F, 32, NDPI_PROTOCOL_TOR }, - { 0xB915D8A6, 32, NDPI_PROTOCOL_TOR }, - { 0xB915D908, 32, NDPI_PROTOCOL_TOR }, - { 0xB9163F22, 32, NDPI_PROTOCOL_TOR }, - { 0xB918EBCD, 32, NDPI_PROTOCOL_TOR }, - { 0xB919D8ED, 32, NDPI_PROTOCOL_TOR }, - { 0xB91A7CB4, 32, NDPI_PROTOCOL_TOR }, - { 0xB91A9C1C, 32, NDPI_PROTOCOL_TOR }, - { 0xB91A9C1D, 32, NDPI_PROTOCOL_TOR }, - { 0xB91BAF18, 32, NDPI_PROTOCOL_TOR }, - { 0xB91F644B, 32, NDPI_PROTOCOL_TOR }, - { 0xB9222102, 32, NDPI_PROTOCOL_TOR }, - { 0xB9246491, 32, NDPI_PROTOCOL_TOR }, - { 0xB92592AC, 32, NDPI_PROTOCOL_TOR }, - { 0xB925E2C5, 32, NDPI_PROTOCOL_TOR }, - { 0xB9262FE0, 32, NDPI_PROTOCOL_TOR }, - { 0xB928870A, 32, NDPI_PROTOCOL_TOR }, - { 0xB92DC039, 32, NDPI_PROTOCOL_TOR }, - { 0xB92DC069, 32, NDPI_PROTOCOL_TOR }, - { 0xB92DC0BC, 32, NDPI_PROTOCOL_TOR }, - { 0xB92DC1F2, 32, NDPI_PROTOCOL_TOR }, - { 0xB9310ED3, 32, NDPI_PROTOCOL_TOR }, - { 0xB932BFFA, 32, NDPI_PROTOCOL_TOR }, - { 0xB932E9E0, 32, NDPI_PROTOCOL_TOR }, - { 0xB935A306, 32, NDPI_PROTOCOL_TOR }, - { 0xB936EE88, 32, NDPI_PROTOCOL_TOR }, - { 0xB9385426, 32, NDPI_PROTOCOL_TOR }, - { 0xB9395219, 32, NDPI_PROTOCOL_TOR }, - { 0xB93D8932, 32, NDPI_PROTOCOL_TOR }, - { 0xB93D8932, 32, NDPI_PROTOCOL_TOR }, - { 0xB93D8949, 32, NDPI_PROTOCOL_TOR }, - { 0xB93D8949, 32, NDPI_PROTOCOL_TOR }, - { 0xB93D942E, 32, NDPI_PROTOCOL_TOR }, - { 0xB93D9450, 32, NDPI_PROTOCOL_TOR }, - { 0xB93D945D, 32, NDPI_PROTOCOL_TOR }, - { 0xB93D9474, 32, NDPI_PROTOCOL_TOR }, - { 0xB93D948D, 32, NDPI_PROTOCOL_TOR }, - { 0xB93D948E, 32, NDPI_PROTOCOL_TOR }, - { 0xB93D94B7, 32, NDPI_PROTOCOL_TOR }, - { 0xB93D94BD, 32, NDPI_PROTOCOL_TOR }, - { 0xB93D94C1, 32, NDPI_PROTOCOL_TOR }, - { 0xB93D94E4, 32, NDPI_PROTOCOL_TOR }, - { 0xB93D956D, 32, NDPI_PROTOCOL_TOR }, - { 0xB93D9574, 32, NDPI_PROTOCOL_TOR }, - { 0xB93D9576, 32, NDPI_PROTOCOL_TOR }, - { 0xB93D9577, 32, NDPI_PROTOCOL_TOR }, - { 0xB93D95B0, 32, NDPI_PROTOCOL_TOR }, - { 0xB93D95C1, 32, NDPI_PROTOCOL_TOR }, - { 0xB93FBC7C, 32, NDPI_PROTOCOL_TOR }, - { 0xB941C85D, 32, NDPI_PROTOCOL_TOR }, - { 0xB941CD12, 32, NDPI_PROTOCOL_TOR }, - { 0xB9453693, 32, NDPI_PROTOCOL_TOR }, - { 0xB9453744, 32, NDPI_PROTOCOL_TOR }, - { 0xB948B169, 32, NDPI_PROTOCOL_TOR }, - { 0xB948E86B, 32, NDPI_PROTOCOL_TOR }, - { 0xB948F791, 32, NDPI_PROTOCOL_TOR }, - { 0xB94B382C, 32, NDPI_PROTOCOL_TOR }, - { 0xB94B382C, 32, NDPI_PROTOCOL_TOR }, - { 0xB94B3874, 32, NDPI_PROTOCOL_TOR }, - { 0xB94B3874, 32, NDPI_PROTOCOL_TOR }, - { 0xB952C8E0, 32, NDPI_PROTOCOL_TOR }, - { 0xBA160C6E, 32, NDPI_PROTOCOL_TOR }, - { 0xBA1A4002, 32, NDPI_PROTOCOL_TOR }, - { 0xBA6B7BAE, 32, NDPI_PROTOCOL_TOR }, - { 0xBB3B6D26, 32, NDPI_PROTOCOL_TOR }, - { 0xBB3F6418, 32, NDPI_PROTOCOL_TOR }, - { 0xBB5F2203, 32, NDPI_PROTOCOL_TOR }, - { 0xBBD34A78, 32, NDPI_PROTOCOL_TOR }, - { 0xBBFEE732, 32, NDPI_PROTOCOL_TOR }, - { 0xBC0262D8, 32, NDPI_PROTOCOL_TOR }, - { 0xBC04F2B2, 32, NDPI_PROTOCOL_TOR }, - { 0xBC060D5B, 32, NDPI_PROTOCOL_TOR }, - { 0xBC06497F, 32, NDPI_PROTOCOL_TOR }, - { 0xBC18F4FF, 32, NDPI_PROTOCOL_TOR }, - { 0xBC208F85, 32, NDPI_PROTOCOL_TOR }, - { 0xBC20F2F4, 32, NDPI_PROTOCOL_TOR }, - { 0xBC28209A, 32, NDPI_PROTOCOL_TOR }, - { 0xBC2821D9, 32, NDPI_PROTOCOL_TOR }, - { 0xBC2825C8, 32, NDPI_PROTOCOL_TOR }, - { 0xBC2833E8, 32, NDPI_PROTOCOL_TOR }, - { 0xBC283512, 32, NDPI_PROTOCOL_TOR }, - { 0xBC283B50, 32, NDPI_PROTOCOL_TOR }, - { 0xBC283C8E, 32, NDPI_PROTOCOL_TOR }, - { 0xBC283CF2, 32, NDPI_PROTOCOL_TOR }, - { 0xBC284C73, 32, NDPI_PROTOCOL_TOR }, - { 0xBC286345, 32, NDPI_PROTOCOL_TOR }, - { 0xBC286BCD, 32, NDPI_PROTOCOL_TOR }, - { 0xBC2880F6, 32, NDPI_PROTOCOL_TOR }, - { 0xBC2899F2, 32, NDPI_PROTOCOL_TOR }, - { 0xBC28B34A, 32, NDPI_PROTOCOL_TOR }, - { 0xBC28CE05, 32, NDPI_PROTOCOL_TOR }, - { 0xBC28EBD7, 32, NDPI_PROTOCOL_TOR }, - { 0xBC28F839, 32, NDPI_PROTOCOL_TOR }, - { 0xBC2AFD0B, 32, NDPI_PROTOCOL_TOR }, - { 0xBC322E9A, 32, NDPI_PROTOCOL_TOR }, - { 0xBC3CC333, 32, NDPI_PROTOCOL_TOR }, - { 0xBC3E5662, 32, NDPI_PROTOCOL_TOR }, - { 0xBC499110, 32, NDPI_PROTOCOL_TOR }, - { 0xBC4DD834, 32, NDPI_PROTOCOL_TOR }, - { 0xBC4ED027, 32, NDPI_PROTOCOL_TOR }, - { 0xBC553281, 32, NDPI_PROTOCOL_TOR }, - { 0xBC57A8F9, 32, NDPI_PROTOCOL_TOR }, - { 0xBC5D117B, 32, NDPI_PROTOCOL_TOR }, - { 0xBC5DD54B, 32, NDPI_PROTOCOL_TOR }, - { 0xBC5FF78C, 32, NDPI_PROTOCOL_TOR }, - { 0xBC603CB8, 32, NDPI_PROTOCOL_TOR }, - { 0xBC607AC3, 32, NDPI_PROTOCOL_TOR }, - { 0xBC617F79, 32, NDPI_PROTOCOL_TOR }, - { 0xBC62D521, 32, NDPI_PROTOCOL_TOR }, - { 0xBC6450C9, 32, NDPI_PROTOCOL_TOR }, - { 0xBC67690F, 32, NDPI_PROTOCOL_TOR }, - { 0xBC676B47, 32, NDPI_PROTOCOL_TOR }, - { 0xBC6CD29D, 32, NDPI_PROTOCOL_TOR }, - { 0xBC6D5CC5, 32, NDPI_PROTOCOL_TOR }, - { 0xBC717278, 32, NDPI_PROTOCOL_TOR }, - { 0xBC728C79, 32, NDPI_PROTOCOL_TOR }, - { 0xBC769BEF, 32, NDPI_PROTOCOL_TOR }, - { 0xBC780C35, 32, NDPI_PROTOCOL_TOR }, - { 0xBC78EBA5, 32, NDPI_PROTOCOL_TOR }, - { 0xBC78EFF1, 32, NDPI_PROTOCOL_TOR }, - { 0xBC78FD27, 32, NDPI_PROTOCOL_TOR }, - { 0xBC7A05A1, 32, NDPI_PROTOCOL_TOR }, - { 0xBC7AD504, 32, NDPI_PROTOCOL_TOR }, - { 0xBC7B2F13, 32, NDPI_PROTOCOL_TOR }, - { 0xBC7C951D, 32, NDPI_PROTOCOL_TOR }, - { 0xBC7E5D51, 32, NDPI_PROTOCOL_TOR }, - { 0xBC7E5D5F, 32, NDPI_PROTOCOL_TOR }, - { 0xBC817CFA, 32, NDPI_PROTOCOL_TOR }, - { 0xBC860642, 32, NDPI_PROTOCOL_TOR }, - { 0xBC860C22, 32, NDPI_PROTOCOL_TOR }, - { 0xBC860CEC, 32, NDPI_PROTOCOL_TOR }, - { 0xBC864432, 32, NDPI_PROTOCOL_TOR }, - { 0xBC864BD3, 32, NDPI_PROTOCOL_TOR }, - { 0xBC8653AB, 32, NDPI_PROTOCOL_TOR }, - { 0xBC8A01E5, 32, NDPI_PROTOCOL_TOR }, - { 0xBC8A01E5, 32, NDPI_PROTOCOL_TOR }, - { 0xBC8A0931, 32, NDPI_PROTOCOL_TOR }, - { 0xBC8A0931, 32, NDPI_PROTOCOL_TOR }, - { 0xBC8A09D0, 32, NDPI_PROTOCOL_TOR }, - { 0xBC8A09D0, 32, NDPI_PROTOCOL_TOR }, - { 0xBC8A110F, 32, NDPI_PROTOCOL_TOR }, - { 0xBC8A110F, 32, NDPI_PROTOCOL_TOR }, - { 0xBC8A5886, 32, NDPI_PROTOCOL_TOR }, - { 0xBC8A58A8, 32, NDPI_PROTOCOL_TOR }, - { 0xBC8A6574, 32, NDPI_PROTOCOL_TOR }, - { 0xBC8A6A8A, 32, NDPI_PROTOCOL_TOR }, - { 0xBC8A703C, 32, NDPI_PROTOCOL_TOR }, - { 0xBC8A70E2, 32, NDPI_PROTOCOL_TOR }, - { 0xBC8A7976, 32, NDPI_PROTOCOL_TOR }, - { 0xBC8A7DD1, 32, NDPI_PROTOCOL_TOR }, - { 0xBC8A7DD1, 32, NDPI_PROTOCOL_TOR }, - { 0xBC8D5359, 32, NDPI_PROTOCOL_TOR }, - { 0xBC8E70F6, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA5033F, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA5033F, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA519D2, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA51A0D, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA51A0D, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA53B2B, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA55E69, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA57B5F, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA57BF4, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA58822, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA58A8D, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA58AB5, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA58AB5, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA5919D, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA5A4A3, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA5A4A3, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA5C181, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA5C88A, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA5D59C, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA5E828, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA5EC12, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA5F1D8, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA609DA, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA60CD4, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA60DE6, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA61250, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA61286, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA6234D, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA624A3, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA625AD, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA625D7, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA62B21, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA62B3D, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA62BC8, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA62D23, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA62EAB, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA63064, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA630B1, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA63152, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA631B4, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA63271, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA63575, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA638B3, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA63C9E, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA63E18, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA73D86, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA745E0, 32, NDPI_PROTOCOL_TOR }, - { 0xBCA8225A, 32, NDPI_PROTOCOL_TOR }, - { 0xBCAE49D9, 32, NDPI_PROTOCOL_TOR }, - { 0xBCAE5D48, 32, NDPI_PROTOCOL_TOR }, - { 0xBCAEA791, 32, NDPI_PROTOCOL_TOR }, - { 0xBCAEB379, 32, NDPI_PROTOCOL_TOR }, - { 0xBCAED97F, 32, NDPI_PROTOCOL_TOR }, - { 0xBCB55D55, 32, NDPI_PROTOCOL_TOR }, - { 0xBCB7841D, 32, NDPI_PROTOCOL_TOR }, - { 0xBCBA10EC, 32, NDPI_PROTOCOL_TOR }, - { 0xBCC02309, 32, NDPI_PROTOCOL_TOR }, - { 0xBCC0A86E, 32, NDPI_PROTOCOL_TOR }, - { 0xBCC1632B, 32, NDPI_PROTOCOL_TOR }, - { 0xBCC1C8F8, 32, NDPI_PROTOCOL_TOR }, - { 0xBCC2C9AE, 32, NDPI_PROTOCOL_TOR }, - { 0xBCC30886, 32, NDPI_PROTOCOL_TOR }, - { 0xBCC348B3, 32, NDPI_PROTOCOL_TOR }, - { 0xBCC3D1FD, 32, NDPI_PROTOCOL_TOR }, - { 0xBCCAFCC1, 32, NDPI_PROTOCOL_TOR }, - { 0xBCD519EA, 32, NDPI_PROTOCOL_TOR }, - { 0xBCD58F17, 32, NDPI_PROTOCOL_TOR }, - { 0xBCD65D16, 32, NDPI_PROTOCOL_TOR }, - { 0xBCDF3258, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE23EAE, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE294A1, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE2957C, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE2AB6F, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE2ACAA, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE2BB8A, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE2BD35, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE2BE71, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE2BF12, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE2C030, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE2C5E0, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE2C7A0, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE2C8D8, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE2CEC8, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE2D6B1, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE2D98E, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE2DC10, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE2DCE2, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE2DDF3, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE2E196, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE2E396, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE2E839, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE2FA52, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE2FDB5, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE2FE59, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE3C986, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE3E068, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE4234B, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE43194, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE63CF6, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE65B87, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE6A6EB, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE6DFB2, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE8B717, 32, NDPI_PROTOCOL_TOR }, - { 0xBCE94947, 32, NDPI_PROTOCOL_TOR }, - { 0xBCF17195, 32, NDPI_PROTOCOL_TOR }, - { 0xBCF17251, 32, NDPI_PROTOCOL_TOR }, - { 0xBCF18C77, 32, NDPI_PROTOCOL_TOR }, - { 0xBCF18C86, 32, NDPI_PROTOCOL_TOR }, - { 0xBCF18C94, 32, NDPI_PROTOCOL_TOR }, - { 0xBCF18D13, 32, NDPI_PROTOCOL_TOR }, - { 0xBCF18D15, 32, NDPI_PROTOCOL_TOR }, - { 0xBCF18D87, 32, NDPI_PROTOCOL_TOR }, - { 0xBCF18DAA, 32, NDPI_PROTOCOL_TOR }, - { 0xBCF423AB, 32, NDPI_PROTOCOL_TOR }, - { 0xBCF64BB2, 32, NDPI_PROTOCOL_TOR }, - { 0xBCF6CC43, 32, NDPI_PROTOCOL_TOR }, - { 0xBCF764B8, 32, NDPI_PROTOCOL_TOR }, - { 0xBCFF1E24, 32, NDPI_PROTOCOL_TOR }, - { 0xBCFF70E0, 32, NDPI_PROTOCOL_TOR }, - { 0xBD446D80, 32, NDPI_PROTOCOL_TOR }, - { 0xBDD4A056, 32, NDPI_PROTOCOL_TOR }, - { 0xBDF2D9EF, 32, NDPI_PROTOCOL_TOR }, - { 0xBE03A993, 32, NDPI_PROTOCOL_TOR }, - { 0xBE589587, 32, NDPI_PROTOCOL_TOR }, - { 0xBE78E41E, 32, NDPI_PROTOCOL_TOR }, - { 0xBE7B2D60, 32, NDPI_PROTOCOL_TOR }, - { 0xBE7B2F74, 32, NDPI_PROTOCOL_TOR }, - { 0xBEBD7608, 32, NDPI_PROTOCOL_TOR }, - { 0xBEC0A60C, 32, NDPI_PROTOCOL_TOR }, - { 0xBEE25D6B, 32, NDPI_PROTOCOL_TOR }, - { 0xBF151340, 32, NDPI_PROTOCOL_TOR }, - { 0xBF6502EB, 32, NDPI_PROTOCOL_TOR }, - { 0xBF6598A6, 32, NDPI_PROTOCOL_TOR }, - { 0xBFEFD3DC, 32, NDPI_PROTOCOL_TOR }, - { 0xC0009D29, 32, NDPI_PROTOCOL_TOR }, - { 0xC0031CF2, 32, NDPI_PROTOCOL_TOR }, - { 0xC0031EDF, 32, NDPI_PROTOCOL_TOR }, - { 0xC0039416, 32, NDPI_PROTOCOL_TOR }, - { 0xC003941B, 32, NDPI_PROTOCOL_TOR }, - { 0xC00396AA, 32, NDPI_PROTOCOL_TOR }, - { 0xC0039DD4, 32, NDPI_PROTOCOL_TOR }, - { 0xC003A076, 32, NDPI_PROTOCOL_TOR }, - { 0xC003A4E3, 32, NDPI_PROTOCOL_TOR }, - { 0xC003ACEC, 32, NDPI_PROTOCOL_TOR }, - { 0xC003AD58, 32, NDPI_PROTOCOL_TOR }, - { 0xC003B1A7, 32, NDPI_PROTOCOL_TOR }, - { 0xC003B426, 32, NDPI_PROTOCOL_TOR }, - { 0xC003C9E2, 32, NDPI_PROTOCOL_TOR }, - { 0xC003C9F9, 32, NDPI_PROTOCOL_TOR }, - { 0xC003D27D, 32, NDPI_PROTOCOL_TOR }, - { 0xC00C211A, 32, NDPI_PROTOCOL_TOR }, - { 0xC00C211B, 32, NDPI_PROTOCOL_TOR }, - { 0xC01E202C, 32, NDPI_PROTOCOL_TOR }, - { 0xC0223B30, 32, NDPI_PROTOCOL_TOR }, - { 0xC0223F89, 32, NDPI_PROTOCOL_TOR }, - { 0xC022E022, 32, NDPI_PROTOCOL_TOR }, - { 0xC0264C03, 32, NDPI_PROTOCOL_TOR }, - { 0xC0266D90, 32, NDPI_PROTOCOL_TOR }, - { 0xC02A7410, 32, NDPI_PROTOCOL_TOR }, - { 0xC02A74A1, 32, NDPI_PROTOCOL_TOR }, - { 0xC02BF408, 32, NDPI_PROTOCOL_TOR }, - { 0xC02BF408, 32, NDPI_PROTOCOL_TOR }, - { 0xC02BF42A, 32, NDPI_PROTOCOL_TOR }, - { 0xC02BF42A, 32, NDPI_PROTOCOL_TOR }, - { 0xC02C1E28, 32, NDPI_PROTOCOL_TOR }, - { 0xC0405266, 32, NDPI_PROTOCOL_TOR }, - { 0xC043DE05, 32, NDPI_PROTOCOL_TOR }, - { 0xC045177C, 32, NDPI_PROTOCOL_TOR }, - { 0xC0455E39, 32, NDPI_PROTOCOL_TOR }, - { 0xC0479724, 32, NDPI_PROTOCOL_TOR }, - { 0xC047DAA0, 32, NDPI_PROTOCOL_TOR }, - { 0xC047F524, 32, NDPI_PROTOCOL_TOR }, - { 0xC047F589, 32, NDPI_PROTOCOL_TOR }, - { 0xC047F589, 32, NDPI_PROTOCOL_TOR }, - { 0xC047F5D7, 32, NDPI_PROTOCOL_TOR }, - { 0xC049EC12, 32, NDPI_PROTOCOL_TOR }, - { 0xC049EF53, 32, NDPI_PROTOCOL_TOR }, - { 0xC051842E, 32, NDPI_PROTOCOL_TOR }, - { 0xC051DC5B, 32, NDPI_PROTOCOL_TOR }, - { 0xC051DDA2, 32, NDPI_PROTOCOL_TOR }, - { 0xC051F91F, 32, NDPI_PROTOCOL_TOR }, - { 0xC0571C1C, 32, NDPI_PROTOCOL_TOR }, - { 0xC0571C52, 32, NDPI_PROTOCOL_TOR }, - { 0xC057E0BD, 32, NDPI_PROTOCOL_TOR }, - { 0xC05BEBE6, 32, NDPI_PROTOCOL_TOR }, - { 0xC05F1A3A, 32, NDPI_PROTOCOL_TOR }, - { 0xC05F1B8F, 32, NDPI_PROTOCOL_TOR }, - { 0xC05F2889, 32, NDPI_PROTOCOL_TOR }, - { 0xC05F2CA9, 32, NDPI_PROTOCOL_TOR }, - { 0xC0630289, 32, NDPI_PROTOCOL_TOR }, - { 0xC0630289, 32, NDPI_PROTOCOL_TOR }, - { 0xC0630620, 32, NDPI_PROTOCOL_TOR }, - { 0xC0630852, 32, NDPI_PROTOCOL_TOR }, - { 0xC0630B30, 32, NDPI_PROTOCOL_TOR }, - { 0xC0630F7A, 32, NDPI_PROTOCOL_TOR }, - { 0xC0630FDC, 32, NDPI_PROTOCOL_TOR }, - { 0xC063259C, 32, NDPI_PROTOCOL_TOR }, - { 0xC0632B71, 32, NDPI_PROTOCOL_TOR }, - { 0xC0632B9C, 32, NDPI_PROTOCOL_TOR }, - { 0xC0632BCE, 32, NDPI_PROTOCOL_TOR }, - { 0xC063681B, 32, NDPI_PROTOCOL_TOR }, - { 0xC063914E, 32, NDPI_PROTOCOL_TOR }, - { 0xC0639A18, 32, NDPI_PROTOCOL_TOR }, - { 0xC0639A4B, 32, NDPI_PROTOCOL_TOR }, - { 0xC0639A50, 32, NDPI_PROTOCOL_TOR }, - { 0xC0639AEA, 32, NDPI_PROTOCOL_TOR }, - { 0xC063A866, 32, NDPI_PROTOCOL_TOR }, - { 0xC063A93D, 32, NDPI_PROTOCOL_TOR }, - { 0xC063BA5E, 32, NDPI_PROTOCOL_TOR }, - { 0xC063C1C1, 32, NDPI_PROTOCOL_TOR }, - { 0xC063D48B, 32, NDPI_PROTOCOL_TOR }, - { 0xC063D497, 32, NDPI_PROTOCOL_TOR }, - { 0xC063F665, 32, NDPI_PROTOCOL_TOR }, - { 0xC063F7EA, 32, NDPI_PROTOCOL_TOR }, - { 0xC063FA8F, 32, NDPI_PROTOCOL_TOR }, - { 0xC07247DE, 32, NDPI_PROTOCOL_TOR }, - { 0xC0794208, 32, NDPI_PROTOCOL_TOR }, - { 0xC079AA4B, 32, NDPI_PROTOCOL_TOR }, - { 0xC07CFA53, 32, NDPI_PROTOCOL_TOR }, - { 0xC087A8FB, 32, NDPI_PROTOCOL_TOR }, - { 0xC0965E31, 32, NDPI_PROTOCOL_TOR }, - { 0xC0979A8E, 32, NDPI_PROTOCOL_TOR }, - { 0xC0999AF4, 32, NDPI_PROTOCOL_TOR }, - { 0xC09B506F, 32, NDPI_PROTOCOL_TOR }, - { 0xC09B5365, 32, NDPI_PROTOCOL_TOR }, - { 0xC09B5736, 32, NDPI_PROTOCOL_TOR }, - { 0xC09B5874, 32, NDPI_PROTOCOL_TOR }, - { 0xC09B5D65, 32, NDPI_PROTOCOL_TOR }, - { 0xC09B5F7A, 32, NDPI_PROTOCOL_TOR }, - { 0xC09B5F7A, 32, NDPI_PROTOCOL_TOR }, - { 0xC09B5FDE, 32, NDPI_PROTOCOL_TOR }, - { 0xC09DC04F, 32, NDPI_PROTOCOL_TOR }, - { 0xC09DEFF3, 32, NDPI_PROTOCOL_TOR }, - { 0xC09DFD7D, 32, NDPI_PROTOCOL_TOR }, - { 0xC0A0C16E, 32, NDPI_PROTOCOL_TOR }, - { 0xC0A264D5, 32, NDPI_PROTOCOL_TOR }, - { 0xC0A2650F, 32, NDPI_PROTOCOL_TOR }, - { 0xC0A3E033, 32, NDPI_PROTOCOL_TOR }, - { 0xC0AB3D72, 32, NDPI_PROTOCOL_TOR }, - { 0xC0B82075, 32, NDPI_PROTOCOL_TOR }, - { 0xC0B8502A, 32, NDPI_PROTOCOL_TOR }, - { 0xC0B85175, 32, NDPI_PROTOCOL_TOR }, - { 0xC0B851A0, 32, NDPI_PROTOCOL_TOR }, - { 0xC0B85280, 32, NDPI_PROTOCOL_TOR }, - { 0xC0B8555C, 32, NDPI_PROTOCOL_TOR }, - { 0xC0B858CF, 32, NDPI_PROTOCOL_TOR }, - { 0xC0B85E6F, 32, NDPI_PROTOCOL_TOR }, - { 0xC0BB6A92, 32, NDPI_PROTOCOL_TOR }, - { 0xC0C8EC20, 32, NDPI_PROTOCOL_TOR }, - { 0xC0D28AA3, 32, NDPI_PROTOCOL_TOR }, - { 0xC0D28AAB, 32, NDPI_PROTOCOL_TOR }, - { 0xC0D2C7B1, 32, NDPI_PROTOCOL_TOR }, - { 0xC0D2CC27, 32, NDPI_PROTOCOL_TOR }, - { 0xC0D2CEBD, 32, NDPI_PROTOCOL_TOR }, - { 0xC0D2E780, 32, NDPI_PROTOCOL_TOR }, - { 0xC0D2F0D9, 32, NDPI_PROTOCOL_TOR }, - { 0xC0E28C77, 32, NDPI_PROTOCOL_TOR }, - { 0xC0E38B12, 32, NDPI_PROTOCOL_TOR }, - { 0xC0E38F11, 32, NDPI_PROTOCOL_TOR }, - { 0xC0E3E71B, 32, NDPI_PROTOCOL_TOR }, - { 0xC0EB4E13, 32, NDPI_PROTOCOL_TOR }, - { 0xC0EB4EDB, 32, NDPI_PROTOCOL_TOR }, - { 0xC0EDD411, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F158B5, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F183E9, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F1863E, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F192D5, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F19438, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F1B238, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F1B41B, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F1B4A3, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F1B57A, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F1C4B2, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F1C66A, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F1C7D0, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F1CAD6, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F1CEAB, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F1D063, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F1D265, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F1D878, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F1E9CB, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F1E9F2, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F1FC3F, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F37E51, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F9380B, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F93EB7, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F93F97, 32, NDPI_PROTOCOL_TOR }, - { 0xC0F93F9C, 32, NDPI_PROTOCOL_TOR }, - { 0xC0FC828E, 32, NDPI_PROTOCOL_TOR }, - { 0xC0FEA81A, 32, NDPI_PROTOCOL_TOR }, - { 0xC101C19C, 32, NDPI_PROTOCOL_TOR }, - { 0xC106DE6E, 32, NDPI_PROTOCOL_TOR }, - { 0xC107B1DF, 32, NDPI_PROTOCOL_TOR }, - { 0xC10B722B, 32, NDPI_PROTOCOL_TOR }, - { 0xC10B722D, 32, NDPI_PROTOCOL_TOR }, - { 0xC10B722E, 32, NDPI_PROTOCOL_TOR }, - { 0xC10B722F, 32, NDPI_PROTOCOL_TOR }, - { 0xC10B8978, 32, NDPI_PROTOCOL_TOR }, - { 0xC10BA4F3, 32, NDPI_PROTOCOL_TOR }, - { 0xC10BA6C2, 32, NDPI_PROTOCOL_TOR }, - { 0xC10BA6C2, 32, NDPI_PROTOCOL_TOR }, - { 0xC10C4907, 32, NDPI_PROTOCOL_TOR }, - { 0xC10D6125, 32, NDPI_PROTOCOL_TOR }, - { 0xC10E9FCC, 32, NDPI_PROTOCOL_TOR }, - { 0xC117F4F4, 32, NDPI_PROTOCOL_TOR }, - { 0xC118D194, 32, NDPI_PROTOCOL_TOR }, - { 0xC118D27E, 32, NDPI_PROTOCOL_TOR }, - { 0xC119019D, 32, NDPI_PROTOCOL_TOR }, - { 0xC11CE446, 32, NDPI_PROTOCOL_TOR }, - { 0xC121D817, 32, NDPI_PROTOCOL_TOR }, - { 0xC1220201, 32, NDPI_PROTOCOL_TOR }, - { 0xC1233435, 32, NDPI_PROTOCOL_TOR }, - { 0xC12598C7, 32, NDPI_PROTOCOL_TOR }, - { 0xC12598F1, 32, NDPI_PROTOCOL_TOR }, - { 0xC1530139, 32, NDPI_PROTOCOL_TOR }, - { 0xC15A0C56, 32, NDPI_PROTOCOL_TOR }, - { 0xC15A0C57, 32, NDPI_PROTOCOL_TOR }, - { 0xC15A0C58, 32, NDPI_PROTOCOL_TOR }, - { 0xC15A0C59, 32, NDPI_PROTOCOL_TOR }, - { 0xC15A0C5A, 32, NDPI_PROTOCOL_TOR }, - { 0xC15FE4E8, 32, NDPI_PROTOCOL_TOR }, - { 0xC15FF2D5, 32, NDPI_PROTOCOL_TOR }, - { 0xC168DC23, 32, NDPI_PROTOCOL_TOR }, - { 0xC168DC36, 32, NDPI_PROTOCOL_TOR }, - { 0xC1698632, 32, NDPI_PROTOCOL_TOR }, - { 0xC169869C, 32, NDPI_PROTOCOL_TOR }, - { 0xC16B131E, 32, NDPI_PROTOCOL_TOR }, - { 0xC16B5538, 32, NDPI_PROTOCOL_TOR }, - { 0xC16B5539, 32, NDPI_PROTOCOL_TOR }, - { 0xC16B553D, 32, NDPI_PROTOCOL_TOR }, - { 0xC16B553E, 32, NDPI_PROTOCOL_TOR }, - { 0xC16E9D97, 32, NDPI_PROTOCOL_TOR }, - { 0xC16F1A16, 32, NDPI_PROTOCOL_TOR }, - { 0xC16F8D6E, 32, NDPI_PROTOCOL_TOR }, - { 0xC188CC75, 32, NDPI_PROTOCOL_TOR }, - { 0xC189ADD9, 32, NDPI_PROTOCOL_TOR }, - { 0xC18A7603, 32, NDPI_PROTOCOL_TOR }, - { 0xC18A7608, 32, NDPI_PROTOCOL_TOR }, - { 0xC18AD865, 32, NDPI_PROTOCOL_TOR }, - { 0xC1960E3E, 32, NDPI_PROTOCOL_TOR }, - { 0xC196791A, 32, NDPI_PROTOCOL_TOR }, - { 0xC1967942, 32, NDPI_PROTOCOL_TOR }, - { 0xC19A0D98, 32, NDPI_PROTOCOL_TOR }, - { 0xC19D73FA, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A3DC8F, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A48535, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A4D955, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A744, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A745, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A746, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A747, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A748, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A749, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A74A, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A74B, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A74C, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A74D, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A74E, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A74F, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A750, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A751, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A752, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A753, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A754, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A755, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A756, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A757, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A758, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A759, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A75A, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A75B, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A75C, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A75D, 32, NDPI_PROTOCOL_TOR }, - { 0xC1A6A75E, 32, NDPI_PROTOCOL_TOR }, - { 0xC1AE0614, 32, NDPI_PROTOCOL_TOR }, - { 0xC1B69035, 32, NDPI_PROTOCOL_TOR }, - { 0xC1B763D5, 32, NDPI_PROTOCOL_TOR }, - { 0xC1BEA835, 32, NDPI_PROTOCOL_TOR }, - { 0xC1CB312E, 32, NDPI_PROTOCOL_TOR }, - { 0xC1DB24CF, 32, NDPI_PROTOCOL_TOR }, - { 0xC1E0A32B, 32, NDPI_PROTOCOL_TOR }, - { 0xC1F66F3E, 32, NDPI_PROTOCOL_TOR }, - { 0xC20EB3B8, 32, NDPI_PROTOCOL_TOR }, - { 0xC2173CFA, 32, NDPI_PROTOCOL_TOR }, - { 0xC230DA31, 32, NDPI_PROTOCOL_TOR }, - { 0xC2601297, 32, NDPI_PROTOCOL_TOR }, - { 0xC2680064, 32, NDPI_PROTOCOL_TOR }, - { 0xC26DCED4, 32, NDPI_PROTOCOL_TOR }, - { 0xC276346F, 32, NDPI_PROTOCOL_TOR }, - { 0xC276D253, 32, NDPI_PROTOCOL_TOR }, - { 0xC27EC6E4, 32, NDPI_PROTOCOL_TOR }, - { 0xC296A84F, 32, NDPI_PROTOCOL_TOR }, - { 0xC296A85F, 32, NDPI_PROTOCOL_TOR }, - { 0xC296A86C, 32, NDPI_PROTOCOL_TOR }, - { 0xC2A6A031, 32, NDPI_PROTOCOL_TOR }, - { 0xC313AE72, 32, NDPI_PROTOCOL_TOR }, - { 0xC313AE73, 32, NDPI_PROTOCOL_TOR }, - { 0xC31DA8CE, 32, NDPI_PROTOCOL_TOR }, - { 0xC3236D3D, 32, NDPI_PROTOCOL_TOR }, - { 0xC325BE55, 32, NDPI_PROTOCOL_TOR }, - { 0xC328B523, 32, NDPI_PROTOCOL_TOR }, - { 0xC32EB925, 32, NDPI_PROTOCOL_TOR }, - { 0xC3409582, 32, NDPI_PROTOCOL_TOR }, - { 0xC3474454, 32, NDPI_PROTOCOL_TOR }, - { 0xC3527C6F, 32, NDPI_PROTOCOL_TOR }, - { 0xC358543B, 32, NDPI_PROTOCOL_TOR }, - { 0xC35BED96, 32, NDPI_PROTOCOL_TOR }, - { 0xC36E061F, 32, NDPI_PROTOCOL_TOR }, - { 0xC36E09E8, 32, NDPI_PROTOCOL_TOR }, - { 0xC38AF902, 32, NDPI_PROTOCOL_TOR }, - { 0xC38CFE59, 32, NDPI_PROTOCOL_TOR }, - { 0xC3947CC7, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A057B, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A05CD, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A0937, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A0A9B, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A0C42, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A0D0A, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A0D60, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A0E28, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A0F75, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A2A65, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A40D6, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A411D, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A43E5, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A4682, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A4B54, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A4BA5, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A4DC8, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A4E71, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A4E73, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A516C, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A516E, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A51E3, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A51F5, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A5258, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A533C, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A57E7, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A5B8B, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A610A, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A6111, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A611B, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A61A0, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A6775, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A6886, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A6935, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A6939, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A6B56, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A6B97, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A6C4E, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A6D1E, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A6D34, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A6D9D, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A6DCB, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A6DDD, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A6E4C, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A7095, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A72B9, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A742B, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A74E8, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A75A3, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A76AC, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A7763, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A79C6, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A79EA, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A7BDE, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A7E2B, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A7EA5, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A7FF6, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A803A, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A8097, 32, NDPI_PROTOCOL_TOR }, - { 0xC39A8879, 32, NDPI_PROTOCOL_TOR }, - { 0xC39AA671, 32, NDPI_PROTOCOL_TOR }, - { 0xC39AA671, 32, NDPI_PROTOCOL_TOR }, - { 0xC39AAF14, 32, NDPI_PROTOCOL_TOR }, - { 0xC39AB416, 32, NDPI_PROTOCOL_TOR }, - { 0xC39AD7F0, 32, NDPI_PROTOCOL_TOR }, - { 0xC39ADDED, 32, NDPI_PROTOCOL_TOR }, - { 0xC39AE205, 32, NDPI_PROTOCOL_TOR }, - { 0xC39AE93A, 32, NDPI_PROTOCOL_TOR }, - { 0xC39AF076, 32, NDPI_PROTOCOL_TOR }, - { 0xC39AFB5E, 32, NDPI_PROTOCOL_TOR }, - { 0xC39FA2C2, 32, NDPI_PROTOCOL_TOR }, - { 0xC3A6C926, 32, NDPI_PROTOCOL_TOR }, - { 0xC3A97DE2, 32, NDPI_PROTOCOL_TOR }, - { 0xC3A9C4BC, 32, NDPI_PROTOCOL_TOR }, - { 0xC3A9CF36, 32, NDPI_PROTOCOL_TOR }, - { 0xC3A9D8BF, 32, NDPI_PROTOCOL_TOR }, - { 0xC3B2B57B, 32, NDPI_PROTOCOL_TOR }, - { 0xC3B40BC4, 32, NDPI_PROTOCOL_TOR }, - { 0xC3BFE9DD, 32, NDPI_PROTOCOL_TOR }, - { 0xC3C6F2C2, 32, NDPI_PROTOCOL_TOR }, - { 0xC3CAD33B, 32, NDPI_PROTOCOL_TOR }, - { 0xC3D21DED, 32, NDPI_PROTOCOL_TOR }, - { 0xC3E1D31A, 32, NDPI_PROTOCOL_TOR }, - { 0xC3E42DB0, 32, NDPI_PROTOCOL_TOR }, - { 0xC3E44B83, 32, NDPI_PROTOCOL_TOR }, - { 0xC3E6A853, 32, NDPI_PROTOCOL_TOR }, - { 0xC3EA9856, 32, NDPI_PROTOCOL_TOR }, - { 0xC3F25002, 32, NDPI_PROTOCOL_TOR }, - { 0xC3FAA3B1, 32, NDPI_PROTOCOL_TOR }, - { 0xC3FBFCE2, 32, NDPI_PROTOCOL_TOR }, - { 0xC4252C59, 32, NDPI_PROTOCOL_TOR }, - { 0xC55752E7, 32, NDPI_PROTOCOL_TOR }, - { 0xC5E7DDD3, 32, NDPI_PROTOCOL_TOR }, - { 0xC60C50BB, 32, NDPI_PROTOCOL_TOR }, - { 0xC60C5B69, 32, NDPI_PROTOCOL_TOR }, - { 0xC60C68D0, 32, NDPI_PROTOCOL_TOR }, - { 0xC60F4FC5, 32, NDPI_PROTOCOL_TOR }, - { 0xC61799A1, 32, NDPI_PROTOCOL_TOR }, - { 0xC617B141, 32, NDPI_PROTOCOL_TOR }, - { 0xC617BB9E, 32, NDPI_PROTOCOL_TOR }, - { 0xC617F7CC, 32, NDPI_PROTOCOL_TOR }, - { 0xC61B447E, 32, NDPI_PROTOCOL_TOR }, - { 0xC61B562B, 32, NDPI_PROTOCOL_TOR }, - { 0xC61B562D, 32, NDPI_PROTOCOL_TOR }, - { 0xC61B6D24, 32, NDPI_PROTOCOL_TOR }, - { 0xC6257224, 32, NDPI_PROTOCOL_TOR }, - { 0xC62E8E4A, 32, NDPI_PROTOCOL_TOR }, - { 0xC62E9933, 32, NDPI_PROTOCOL_TOR }, - { 0xC6329148, 32, NDPI_PROTOCOL_TOR }, - { 0xC63291CF, 32, NDPI_PROTOCOL_TOR }, - { 0xC6329228, 32, NDPI_PROTOCOL_TOR }, - { 0xC63292FC, 32, NDPI_PROTOCOL_TOR }, - { 0xC63293EF, 32, NDPI_PROTOCOL_TOR }, - { 0xC632957F, 32, NDPI_PROTOCOL_TOR }, - { 0xC63295A0, 32, NDPI_PROTOCOL_TOR }, - { 0xC632970A, 32, NDPI_PROTOCOL_TOR }, - { 0xC6329766, 32, NDPI_PROTOCOL_TOR }, - { 0xC6329811, 32, NDPI_PROTOCOL_TOR }, - { 0xC6329C4E, 32, NDPI_PROTOCOL_TOR }, - { 0xC632B758, 32, NDPI_PROTOCOL_TOR }, - { 0xC632BF5F, 32, NDPI_PROTOCOL_TOR }, - { 0xC632E716, 32, NDPI_PROTOCOL_TOR }, - { 0xC63482DA, 32, NDPI_PROTOCOL_TOR }, - { 0xC634A041, 32, NDPI_PROTOCOL_TOR }, - { 0xC634A090, 32, NDPI_PROTOCOL_TOR }, - { 0xC634C827, 32, NDPI_PROTOCOL_TOR }, - { 0xC634F4ED, 32, NDPI_PROTOCOL_TOR }, - { 0xC634F7A0, 32, NDPI_PROTOCOL_TOR }, - { 0xC634F7A2, 32, NDPI_PROTOCOL_TOR }, - { 0xC634F7F7, 32, NDPI_PROTOCOL_TOR }, - { 0xC634F7FA, 32, NDPI_PROTOCOL_TOR }, - { 0xC63A601C, 32, NDPI_PROTOCOL_TOR }, - { 0xC63A6079, 32, NDPI_PROTOCOL_TOR }, - { 0xC63A66EA, 32, NDPI_PROTOCOL_TOR }, - { 0xC63A6793, 32, NDPI_PROTOCOL_TOR }, - { 0xC63A6793, 32, NDPI_PROTOCOL_TOR }, - { 0xC63A6AF5, 32, NDPI_PROTOCOL_TOR }, - { 0xC63A6AF5, 32, NDPI_PROTOCOL_TOR }, - { 0xC63A6B34, 32, NDPI_PROTOCOL_TOR }, - { 0xC63A6B34, 32, NDPI_PROTOCOL_TOR }, - { 0xC63A6B35, 32, NDPI_PROTOCOL_TOR }, - { 0xC63A6D52, 32, NDPI_PROTOCOL_TOR }, - { 0xC63A73D2, 32, NDPI_PROTOCOL_TOR }, - { 0xC63A7FC9, 32, NDPI_PROTOCOL_TOR }, - { 0xC6475142, 32, NDPI_PROTOCOL_TOR }, - { 0xC648E7E9, 32, NDPI_PROTOCOL_TOR }, - { 0xC6493247, 32, NDPI_PROTOCOL_TOR }, - { 0xC64A38BF, 32, NDPI_PROTOCOL_TOR }, - { 0xC64A3A10, 32, NDPI_PROTOCOL_TOR }, - { 0xC64A3ACE, 32, NDPI_PROTOCOL_TOR }, - { 0xC64A3C1A, 32, NDPI_PROTOCOL_TOR }, - { 0xC64A3E6B, 32, NDPI_PROTOCOL_TOR }, - { 0xC654A10C, 32, NDPI_PROTOCOL_TOR }, - { 0xC654F0E5, 32, NDPI_PROTOCOL_TOR }, - { 0xC654F96A, 32, NDPI_PROTOCOL_TOR }, - { 0xC6609B03, 32, NDPI_PROTOCOL_TOR }, - { 0xC6623103, 32, NDPI_PROTOCOL_TOR }, - { 0xC6623495, 32, NDPI_PROTOCOL_TOR }, - { 0xC662358D, 32, NDPI_PROTOCOL_TOR }, - { 0xC6649014, 32, NDPI_PROTOCOL_TOR }, - { 0xC664904B, 32, NDPI_PROTOCOL_TOR }, - { 0xC6649470, 32, NDPI_PROTOCOL_TOR }, - { 0xC664947B, 32, NDPI_PROTOCOL_TOR }, - { 0xC664959F, 32, NDPI_PROTOCOL_TOR }, - { 0xC6649B36, 32, NDPI_PROTOCOL_TOR }, - { 0xC6649BC2, 32, NDPI_PROTOCOL_TOR }, - { 0xC6697D25, 32, NDPI_PROTOCOL_TOR }, - { 0xC6697DB2, 32, NDPI_PROTOCOL_TOR }, - { 0xC669D0A4, 32, NDPI_PROTOCOL_TOR }, - { 0xC669DF92, 32, NDPI_PROTOCOL_TOR }, - { 0xC68F88ED, 32, NDPI_PROTOCOL_TOR }, - { 0xC693141D, 32, NDPI_PROTOCOL_TOR }, - { 0xC693174D, 32, NDPI_PROTOCOL_TOR }, - { 0xC69451A7, 32, NDPI_PROTOCOL_TOR }, - { 0xC6A7895C, 32, NDPI_PROTOCOL_TOR }, - { 0xC6A78F95, 32, NDPI_PROTOCOL_TOR }, - { 0xC6B49609, 32, NDPI_PROTOCOL_TOR }, - { 0xC6C74845, 32, NDPI_PROTOCOL_TOR }, - { 0xC6C76BDC, 32, NDPI_PROTOCOL_TOR }, - { 0xC6C77079, 32, NDPI_PROTOCOL_TOR }, - { 0xC6C77231, 32, NDPI_PROTOCOL_TOR }, - { 0xC6C775A4, 32, NDPI_PROTOCOL_TOR }, - { 0xC6C77A11, 32, NDPI_PROTOCOL_TOR }, - { 0xC6CD713B, 32, NDPI_PROTOCOL_TOR }, - { 0xC6D36392, 32, NDPI_PROTOCOL_TOR }, - { 0xC6D37ABF, 32, NDPI_PROTOCOL_TOR }, - { 0xC6D37B5C, 32, NDPI_PROTOCOL_TOR }, - { 0xC6D37CD6, 32, NDPI_PROTOCOL_TOR }, - { 0xC6D37DF2, 32, NDPI_PROTOCOL_TOR }, - { 0xC6D37E53, 32, NDPI_PROTOCOL_TOR }, - { 0xC6F464C8, 32, NDPI_PROTOCOL_TOR }, - { 0xC6F46963, 32, NDPI_PROTOCOL_TOR }, - { 0xC6F53294, 32, NDPI_PROTOCOL_TOR }, - { 0xC6F53C28, 32, NDPI_PROTOCOL_TOR }, - { 0xC6F53C93, 32, NDPI_PROTOCOL_TOR }, - { 0xC6F53CC2, 32, NDPI_PROTOCOL_TOR }, - { 0xC6F53E68, 32, NDPI_PROTOCOL_TOR }, - { 0xC6F53FE4, 32, NDPI_PROTOCOL_TOR }, - { 0xC6FC9957, 32, NDPI_PROTOCOL_TOR }, - { 0xC6FC996B, 32, NDPI_PROTOCOL_TOR }, - { 0xC710BF3A, 32, NDPI_PROTOCOL_TOR }, - { 0xC71355FC, 32, NDPI_PROTOCOL_TOR }, - { 0xC713D5B0, 32, NDPI_PROTOCOL_TOR }, - { 0xC726567A, 32, NDPI_PROTOCOL_TOR }, - { 0xC73A530A, 32, NDPI_PROTOCOL_TOR }, - { 0xC7579AFF, 32, NDPI_PROTOCOL_TOR }, - { 0xC7737387, 32, NDPI_PROTOCOL_TOR }, - { 0xC773CDF1, 32, NDPI_PROTOCOL_TOR }, - { 0xC773CDF2, 32, NDPI_PROTOCOL_TOR }, - { 0xC773CDF3, 32, NDPI_PROTOCOL_TOR }, - { 0xC773CDF5, 32, NDPI_PROTOCOL_TOR }, - { 0xC773CDF8, 32, NDPI_PROTOCOL_TOR }, - { 0xC77FE240, 32, NDPI_PROTOCOL_TOR }, - { 0xC7A78088, 32, NDPI_PROTOCOL_TOR }, - { 0xC7A7A1C3, 32, NDPI_PROTOCOL_TOR }, - { 0xC7A7C679, 32, NDPI_PROTOCOL_TOR }, - { 0xC7BC649A, 32, NDPI_PROTOCOL_TOR }, - { 0xC7BCC235, 32, NDPI_PROTOCOL_TOR }, - { 0xC7C173D1, 32, NDPI_PROTOCOL_TOR }, - { 0xC7C1FD31, 32, NDPI_PROTOCOL_TOR }, - { 0xC7C3C116, 32, NDPI_PROTOCOL_TOR }, - { 0xC7C3F83C, 32, NDPI_PROTOCOL_TOR }, - { 0xC7C3F890, 32, NDPI_PROTOCOL_TOR }, - { 0xC7C3F9D4, 32, NDPI_PROTOCOL_TOR }, - { 0xC7CA151D, 32, NDPI_PROTOCOL_TOR }, - { 0xC7FEEE2C, 32, NDPI_PROTOCOL_TOR }, - { 0xC7FEEE34, 32, NDPI_PROTOCOL_TOR }, - { 0xC7FEEE34, 32, NDPI_PROTOCOL_TOR }, - { 0xC7FFDF58, 32, NDPI_PROTOCOL_TOR }, - { 0xC811D20C, 32, NDPI_PROTOCOL_TOR }, - { 0xC8628B17, 32, NDPI_PROTOCOL_TOR }, - { 0xC86CEC4B, 32, NDPI_PROTOCOL_TOR }, - { 0xC8B55A41, 32, NDPI_PROTOCOL_TOR }, - { 0xC8DFD4D2, 32, NDPI_PROTOCOL_TOR }, - { 0xC906897F, 32, NDPI_PROTOCOL_TOR }, - { 0xC91BEB7F, 32, NDPI_PROTOCOL_TOR }, - { 0xC9AA12B7, 32, NDPI_PROTOCOL_TOR }, - { 0xC9D46CB8, 32, NDPI_PROTOCOL_TOR }, - { 0xC9DA72A2, 32, NDPI_PROTOCOL_TOR }, - { 0xCA07F408, 32, NDPI_PROTOCOL_TOR }, - { 0xCA3C4220, 32, NDPI_PROTOCOL_TOR }, - { 0xCA4A2C0F, 32, NDPI_PROTOCOL_TOR }, - { 0xCA536AB3, 32, NDPI_PROTOCOL_TOR }, - { 0xCA55E922, 32, NDPI_PROTOCOL_TOR }, - { 0xCAAB9C54, 32, NDPI_PROTOCOL_TOR }, - { 0xCAAC1039, 32, NDPI_PROTOCOL_TOR }, - { 0xCB56CAA7, 32, NDPI_PROTOCOL_TOR }, - { 0xCB56CD2E, 32, NDPI_PROTOCOL_TOR }, - { 0xCB6DE90F, 32, NDPI_PROTOCOL_TOR }, - { 0xCB71AC95, 32, NDPI_PROTOCOL_TOR }, - { 0xCB71AC98, 32, NDPI_PROTOCOL_TOR }, - { 0xCB71AC9A, 32, NDPI_PROTOCOL_TOR }, - { 0xCB7B3001, 32, NDPI_PROTOCOL_TOR }, - { 0xCB7E7B52, 32, NDPI_PROTOCOL_TOR }, - { 0xCB8A63DA, 32, NDPI_PROTOCOL_TOR }, - { 0xCB98C302, 32, NDPI_PROTOCOL_TOR }, - { 0xCB99CEA6, 32, NDPI_PROTOCOL_TOR }, - { 0xCBA16711, 32, NDPI_PROTOCOL_TOR }, - { 0xCBB2850B, 32, NDPI_PROTOCOL_TOR }, - { 0xCBCEEDC5, 32, NDPI_PROTOCOL_TOR }, - { 0xCBD9AD92, 32, NDPI_PROTOCOL_TOR }, - { 0xCC089C8E, 32, NDPI_PROTOCOL_TOR }, - { 0xCC093747, 32, NDPI_PROTOCOL_TOR }, - { 0xCC0B3283, 32, NDPI_PROTOCOL_TOR }, - { 0xCC1025F4, 32, NDPI_PROTOCOL_TOR }, - { 0xCC11382A, 32, NDPI_PROTOCOL_TOR }, - { 0xCC11382A, 32, NDPI_PROTOCOL_TOR }, - { 0xCC1B382D, 32, NDPI_PROTOCOL_TOR }, - { 0xCC1B382D, 32, NDPI_PROTOCOL_TOR }, - { 0xCC1B3ACA, 32, NDPI_PROTOCOL_TOR }, - { 0xCC2D1E7A, 32, NDPI_PROTOCOL_TOR }, - { 0xCC2D1E7D, 32, NDPI_PROTOCOL_TOR }, - { 0xCC2DB6E2, 32, NDPI_PROTOCOL_TOR }, - { 0xCC534638, 32, NDPI_PROTOCOL_TOR }, - { 0xCC55BF1E, 32, NDPI_PROTOCOL_TOR }, - { 0xCC59C10A, 32, NDPI_PROTOCOL_TOR }, - { 0xCC7C5382, 32, NDPI_PROTOCOL_TOR }, - { 0xCC7C5382, 32, NDPI_PROTOCOL_TOR }, - { 0xCC7C5386, 32, NDPI_PROTOCOL_TOR }, - { 0xCC7C5386, 32, NDPI_PROTOCOL_TOR }, - { 0xCC91512D, 32, NDPI_PROTOCOL_TOR }, - { 0xCCC21D04, 32, NDPI_PROTOCOL_TOR }, - { 0xCCF67A48, 32, NDPI_PROTOCOL_TOR }, - { 0xCDA85485, 32, NDPI_PROTOCOL_TOR }, - { 0xCDB973EA, 32, NDPI_PROTOCOL_TOR }, - { 0xCDB97A98, 32, NDPI_PROTOCOL_TOR }, - { 0xCE2876E5, 32, NDPI_PROTOCOL_TOR }, - { 0xCE374A00, 32, NDPI_PROTOCOL_TOR }, - { 0xCE374A01, 32, NDPI_PROTOCOL_TOR }, - { 0xCE48C698, 32, NDPI_PROTOCOL_TOR }, - { 0xCEAE7054, 32, NDPI_PROTOCOL_TOR }, - { 0xCEBE9906, 32, NDPI_PROTOCOL_TOR }, - { 0xCF268613, 32, NDPI_PROTOCOL_TOR }, - { 0xCF6CDABA, 32, NDPI_PROTOCOL_TOR }, - { 0xCF9E0F72, 32, NDPI_PROTOCOL_TOR }, - { 0xCFACD159, 32, NDPI_PROTOCOL_TOR }, - { 0xCFBD72D7, 32, NDPI_PROTOCOL_TOR }, - { 0xCFC046FA, 32, NDPI_PROTOCOL_TOR }, - { 0xCFC9DFC3, 32, NDPI_PROTOCOL_TOR }, - { 0xCFC9DFC4, 32, NDPI_PROTOCOL_TOR }, - { 0xCFC9DFC5, 32, NDPI_PROTOCOL_TOR }, - { 0xCFE54199, 32, NDPI_PROTOCOL_TOR }, - { 0xCFF44B8E, 32, NDPI_PROTOCOL_TOR }, - { 0xCFF4526D, 32, NDPI_PROTOCOL_TOR }, - { 0xCFF4526D, 32, NDPI_PROTOCOL_TOR }, - { 0xD041B5BD, 32, NDPI_PROTOCOL_TOR }, - { 0xD0421E1B, 32, NDPI_PROTOCOL_TOR }, - { 0xD049CCE4, 32, NDPI_PROTOCOL_TOR }, - { 0xD04FD17C, 32, NDPI_PROTOCOL_TOR }, - { 0xD04FD34D, 32, NDPI_PROTOCOL_TOR }, - { 0xD0509A27, 32, NDPI_PROTOCOL_TOR }, - { 0xD0526625, 32, NDPI_PROTOCOL_TOR }, - { 0xD053DF22, 32, NDPI_PROTOCOL_TOR }, - { 0xD053DFE5, 32, NDPI_PROTOCOL_TOR }, - { 0xD0549BCD, 32, NDPI_PROTOCOL_TOR }, - { 0xD0549BF3, 32, NDPI_PROTOCOL_TOR }, - { 0xD0549BF7, 32, NDPI_PROTOCOL_TOR }, - { 0xD056FB58, 32, NDPI_PROTOCOL_TOR }, - { 0xD05B798E, 32, NDPI_PROTOCOL_TOR }, - { 0xD065161A, 32, NDPI_PROTOCOL_TOR }, - { 0xD06F2350, 32, NDPI_PROTOCOL_TOR }, - { 0xD1063507, 32, NDPI_PROTOCOL_TOR }, - { 0xD106441D, 32, NDPI_PROTOCOL_TOR }, - { 0xD10685EE, 32, NDPI_PROTOCOL_TOR }, - { 0xD111BF75, 32, NDPI_PROTOCOL_TOR }, - { 0xD12C72B2, 32, NDPI_PROTOCOL_TOR }, - { 0xD133A319, 32, NDPI_PROTOCOL_TOR }, - { 0xD133BFBE, 32, NDPI_PROTOCOL_TOR }, - { 0xD1709F3C, 32, NDPI_PROTOCOL_TOR }, - { 0xD177BC25, 32, NDPI_PROTOCOL_TOR }, - { 0xD177BC25, 32, NDPI_PROTOCOL_TOR }, - { 0xD177BC26, 32, NDPI_PROTOCOL_TOR }, - { 0xD177BC26, 32, NDPI_PROTOCOL_TOR }, - { 0xD177BC27, 32, NDPI_PROTOCOL_TOR }, - { 0xD177BC27, 32, NDPI_PROTOCOL_TOR }, - { 0xD177BC28, 32, NDPI_PROTOCOL_TOR }, - { 0xD177BC28, 32, NDPI_PROTOCOL_TOR }, - { 0xD177BC29, 32, NDPI_PROTOCOL_TOR }, - { 0xD177BC29, 32, NDPI_PROTOCOL_TOR }, - { 0xD177BC2A, 32, NDPI_PROTOCOL_TOR }, - { 0xD177BC2A, 32, NDPI_PROTOCOL_TOR }, - { 0xD17BA242, 32, NDPI_PROTOCOL_TOR }, - { 0xD17E47E9, 32, NDPI_PROTOCOL_TOR }, - { 0xD17E4854, 32, NDPI_PROTOCOL_TOR }, - { 0xD17E6907, 32, NDPI_PROTOCOL_TOR }, - { 0xD18D23E8, 32, NDPI_PROTOCOL_TOR }, - { 0xD18D242A, 32, NDPI_PROTOCOL_TOR }, - { 0xD18D2ECC, 32, NDPI_PROTOCOL_TOR }, - { 0xD18D328A, 32, NDPI_PROTOCOL_TOR }, - { 0xD18D34EF, 32, NDPI_PROTOCOL_TOR }, - { 0xD1942E81, 32, NDPI_PROTOCOL_TOR }, - { 0xD1942E82, 32, NDPI_PROTOCOL_TOR }, - { 0xD1942E82, 32, NDPI_PROTOCOL_TOR }, - { 0xD1945576, 32, NDPI_PROTOCOL_TOR }, - { 0xD19F8A13, 32, NDPI_PROTOCOL_TOR }, - { 0xD1A221CF, 32, NDPI_PROTOCOL_TOR }, - { 0xD1B5E383, 32, NDPI_PROTOCOL_TOR }, - { 0xD1D01A29, 32, NDPI_PROTOCOL_TOR }, - { 0xD1D04F05, 32, NDPI_PROTOCOL_TOR }, - { 0xD1D2D215, 32, NDPI_PROTOCOL_TOR }, - { 0xD1DE08C4, 32, NDPI_PROTOCOL_TOR }, - { 0xD1DE1EF1, 32, NDPI_PROTOCOL_TOR }, - { 0xD1FA02FE, 32, NDPI_PROTOCOL_TOR }, - { 0xD217021E, 32, NDPI_PROTOCOL_TOR }, - { 0xD23625E2, 32, NDPI_PROTOCOL_TOR }, - { 0xD2A6194E, 32, NDPI_PROTOCOL_TOR }, - { 0xD2C33DFC, 32, NDPI_PROTOCOL_TOR }, - { 0xD2D37ACC, 32, NDPI_PROTOCOL_TOR }, - { 0xD2FBD989, 32, NDPI_PROTOCOL_TOR }, - { 0xD31AF36D, 32, NDPI_PROTOCOL_TOR }, - { 0xD31C8EEF, 32, NDPI_PROTOCOL_TOR }, - { 0xD31FC4F8, 32, NDPI_PROTOCOL_TOR }, - { 0xD3CA291F, 32, NDPI_PROTOCOL_TOR }, - { 0xD407C247, 32, NDPI_PROTOCOL_TOR }, - { 0xD407DC06, 32, NDPI_PROTOCOL_TOR }, - { 0xD40A5604, 32, NDPI_PROTOCOL_TOR }, - { 0xD40CCB27, 32, NDPI_PROTOCOL_TOR }, - { 0xD41010B8, 32, NDPI_PROTOCOL_TOR }, - { 0xD4106821, 32, NDPI_PROTOCOL_TOR }, - { 0xD411664D, 32, NDPI_PROTOCOL_TOR }, - { 0xD41824CD, 32, NDPI_PROTOCOL_TOR }, - { 0xD41890BC, 32, NDPI_PROTOCOL_TOR }, - { 0xD421F581, 32, NDPI_PROTOCOL_TOR }, - { 0xD42FE209, 32, NDPI_PROTOCOL_TOR }, - { 0xD42FE3AC, 32, NDPI_PROTOCOL_TOR }, - { 0xD42FE3AC, 32, NDPI_PROTOCOL_TOR }, - { 0xD42FE445, 32, NDPI_PROTOCOL_TOR }, - { 0xD42FE459, 32, NDPI_PROTOCOL_TOR }, - { 0xD42FE5D1, 32, NDPI_PROTOCOL_TOR }, - { 0xD42FE5D1, 32, NDPI_PROTOCOL_TOR }, - { 0xD42FE745, 32, NDPI_PROTOCOL_TOR }, - { 0xD42FE784, 32, NDPI_PROTOCOL_TOR }, - { 0xD42FE80D, 32, NDPI_PROTOCOL_TOR }, - { 0xD42FE8F6, 32, NDPI_PROTOCOL_TOR }, - { 0xD42FE97E, 32, NDPI_PROTOCOL_TOR }, - { 0xD42FEA54, 32, NDPI_PROTOCOL_TOR }, - { 0xD42FEB57, 32, NDPI_PROTOCOL_TOR }, - { 0xD42FECDB, 32, NDPI_PROTOCOL_TOR }, - { 0xD4305435, 32, NDPI_PROTOCOL_TOR }, - { 0xD4339C5A, 32, NDPI_PROTOCOL_TOR }, - { 0xD4339C8F, 32, NDPI_PROTOCOL_TOR }, - { 0xD4339C9E, 32, NDPI_PROTOCOL_TOR }, - { 0xD4339C9E, 32, NDPI_PROTOCOL_TOR }, - { 0xD4339F4E, 32, NDPI_PROTOCOL_TOR }, - { 0xD4339F72, 32, NDPI_PROTOCOL_TOR }, - { 0xD438D698, 32, NDPI_PROTOCOL_TOR }, - { 0xD4402044, 32, NDPI_PROTOCOL_TOR }, - { 0xD447EECB, 32, NDPI_PROTOCOL_TOR }, - { 0xD447F805, 32, NDPI_PROTOCOL_TOR }, - { 0xD447F945, 32, NDPI_PROTOCOL_TOR }, - { 0xD447F945, 32, NDPI_PROTOCOL_TOR }, - { 0xD447F981, 32, NDPI_PROTOCOL_TOR }, - { 0xD447FC6D, 32, NDPI_PROTOCOL_TOR }, - { 0xD447FC74, 32, NDPI_PROTOCOL_TOR }, - { 0xD447FDE2, 32, NDPI_PROTOCOL_TOR }, - { 0xD44AFEF3, 32, NDPI_PROTOCOL_TOR }, - { 0xD44DE210, 32, NDPI_PROTOCOL_TOR }, - { 0xD44DE2F5, 32, NDPI_PROTOCOL_TOR }, - { 0xD4532F5B, 32, NDPI_PROTOCOL_TOR }, - { 0xD45394CD, 32, NDPI_PROTOCOL_TOR }, - { 0xD4539A21, 32, NDPI_PROTOCOL_TOR }, - { 0xD4539A21, 32, NDPI_PROTOCOL_TOR }, - { 0xD4539E05, 32, NDPI_PROTOCOL_TOR }, - { 0xD4539E14, 32, NDPI_PROTOCOL_TOR }, - { 0xD453A298, 32, NDPI_PROTOCOL_TOR }, - { 0xD453A7AF, 32, NDPI_PROTOCOL_TOR }, - { 0xD453AAFC, 32, NDPI_PROTOCOL_TOR }, - { 0xD453B07A, 32, NDPI_PROTOCOL_TOR }, - { 0xD453B07D, 32, NDPI_PROTOCOL_TOR }, - { 0xD453BECB, 32, NDPI_PROTOCOL_TOR }, - { 0xD4554F44, 32, NDPI_PROTOCOL_TOR }, - { 0xD4554F47, 32, NDPI_PROTOCOL_TOR }, - { 0xD45CDB0F, 32, NDPI_PROTOCOL_TOR }, - { 0xD467903A, 32, NDPI_PROTOCOL_TOR }, - { 0xD46A09CE, 32, NDPI_PROTOCOL_TOR }, - { 0xD46B9591, 32, NDPI_PROTOCOL_TOR }, - { 0xD4722F34, 32, NDPI_PROTOCOL_TOR }, - { 0xD472303A, 32, NDPI_PROTOCOL_TOR }, - { 0xD4726D21, 32, NDPI_PROTOCOL_TOR }, - { 0xD472FA12, 32, NDPI_PROTOCOL_TOR }, - { 0xD472FE5B, 32, NDPI_PROTOCOL_TOR }, - { 0xD4758F4A, 32, NDPI_PROTOCOL_TOR }, - { 0xD475B46B, 32, NDPI_PROTOCOL_TOR }, - { 0xD4763E03, 32, NDPI_PROTOCOL_TOR }, - { 0xD47CB453, 32, NDPI_PROTOCOL_TOR }, - { 0xD4810454, 32, NDPI_PROTOCOL_TOR }, - { 0xD48110B6, 32, NDPI_PROTOCOL_TOR }, - { 0xD4811AF6, 32, NDPI_PROTOCOL_TOR }, - { 0xD4812A09, 32, NDPI_PROTOCOL_TOR }, - { 0xD48132F6, 32, NDPI_PROTOCOL_TOR }, - { 0xD4813431, 32, NDPI_PROTOCOL_TOR }, - { 0xD495D15B, 32, NDPI_PROTOCOL_TOR }, - { 0xD49F5B16, 32, NDPI_PROTOCOL_TOR }, - { 0xD49F70C4, 32, NDPI_PROTOCOL_TOR }, - { 0xD49F8F53, 32, NDPI_PROTOCOL_TOR }, - { 0xD49FB1C6, 32, NDPI_PROTOCOL_TOR }, - { 0xD4A4EF79, 32, NDPI_PROTOCOL_TOR }, - { 0xD4B733DE, 32, NDPI_PROTOCOL_TOR }, - { 0xD4BA59A2, 32, NDPI_PROTOCOL_TOR }, - { 0xD4BBC8AA, 32, NDPI_PROTOCOL_TOR }, - { 0xD4C04A64, 32, NDPI_PROTOCOL_TOR }, - { 0xD4C04A65, 32, NDPI_PROTOCOL_TOR }, - { 0xD4C63318, 32, NDPI_PROTOCOL_TOR }, - { 0xD4C6C924, 32, NDPI_PROTOCOL_TOR }, - { 0xD4C6E391, 32, NDPI_PROTOCOL_TOR }, - { 0xD4E054E3, 32, NDPI_PROTOCOL_TOR }, - { 0xD4E059FD, 32, NDPI_PROTOCOL_TOR }, - { 0xD4E326F7, 32, NDPI_PROTOCOL_TOR }, - { 0xD4E38BC3, 32, NDPI_PROTOCOL_TOR }, - { 0xD4E3F876, 32, NDPI_PROTOCOL_TOR }, - { 0xD4E81D65, 32, NDPI_PROTOCOL_TOR }, - { 0xD4FAA0B2, 32, NDPI_PROTOCOL_TOR }, - { 0xD4FAA0BB, 32, NDPI_PROTOCOL_TOR }, - { 0xD5095DAE, 32, NDPI_PROTOCOL_TOR }, - { 0xD52C58EA, 32, NDPI_PROTOCOL_TOR }, - { 0xD52F2397, 32, NDPI_PROTOCOL_TOR }, - { 0xD52F4B43, 32, NDPI_PROTOCOL_TOR }, - { 0xD5317328, 32, NDPI_PROTOCOL_TOR }, - { 0xD53D957D, 32, NDPI_PROTOCOL_TOR }, - { 0xD53D957E, 32, NDPI_PROTOCOL_TOR }, - { 0xD540E2E6, 32, NDPI_PROTOCOL_TOR }, - { 0xD5430E91, 32, NDPI_PROTOCOL_TOR }, - { 0xD54951D2, 32, NDPI_PROTOCOL_TOR }, - { 0xD5497087, 32, NDPI_PROTOCOL_TOR }, - { 0xD5582A31, 32, NDPI_PROTOCOL_TOR }, - { 0xD55F1536, 32, NDPI_PROTOCOL_TOR }, - { 0xD55F153B, 32, NDPI_PROTOCOL_TOR }, - { 0xD56B4D04, 32, NDPI_PROTOCOL_TOR }, - { 0xD56C6947, 32, NDPI_PROTOCOL_TOR }, - { 0xD56C69FD, 32, NDPI_PROTOCOL_TOR }, - { 0xD56CD7EE, 32, NDPI_PROTOCOL_TOR }, - { 0xD56FF097, 32, NDPI_PROTOCOL_TOR }, - { 0xD57086D3, 32, NDPI_PROTOCOL_TOR }, - { 0xD570C73F, 32, NDPI_PROTOCOL_TOR }, - { 0xD5713D6A, 32, NDPI_PROTOCOL_TOR }, - { 0xD5717790, 32, NDPI_PROTOCOL_TOR }, - { 0xD571D5BE, 32, NDPI_PROTOCOL_TOR }, - { 0xD5724869, 32, NDPI_PROTOCOL_TOR }, - { 0xD57293E0, 32, NDPI_PROTOCOL_TOR }, - { 0xD572966F, 32, NDPI_PROTOCOL_TOR }, - { 0xD572E864, 32, NDPI_PROTOCOL_TOR }, - { 0xD57F85A7, 32, NDPI_PROTOCOL_TOR }, - { 0xD57F921B, 32, NDPI_PROTOCOL_TOR }, - { 0xD585639C, 32, NDPI_PROTOCOL_TOR }, - { 0xD5856D29, 32, NDPI_PROTOCOL_TOR }, - { 0xD5856DA5, 32, NDPI_PROTOCOL_TOR }, - { 0xD5857B97, 32, NDPI_PROTOCOL_TOR }, - { 0xD58845ED, 32, NDPI_PROTOCOL_TOR }, - { 0xD5884715, 32, NDPI_PROTOCOL_TOR }, - { 0xD5884B2A, 32, NDPI_PROTOCOL_TOR }, - { 0xD5885261, 32, NDPI_PROTOCOL_TOR }, - { 0xD5885674, 32, NDPI_PROTOCOL_TOR }, - { 0xD58857F5, 32, NDPI_PROTOCOL_TOR }, - { 0xD5885A9B, 32, NDPI_PROTOCOL_TOR }, - { 0xD5885CA9, 32, NDPI_PROTOCOL_TOR }, - { 0xD58A653C, 32, NDPI_PROTOCOL_TOR }, - { 0xD58A66D1, 32, NDPI_PROTOCOL_TOR }, - { 0xD58A6E58, 32, NDPI_PROTOCOL_TOR }, - { 0xD58A71E8, 32, NDPI_PROTOCOL_TOR }, - { 0xD58D8818, 32, NDPI_PROTOCOL_TOR }, - { 0xD58D8D93, 32, NDPI_PROTOCOL_TOR }, - { 0xD58D95E3, 32, NDPI_PROTOCOL_TOR }, - { 0xD58D9EED, 32, NDPI_PROTOCOL_TOR }, - { 0xD58E2E79, 32, NDPI_PROTOCOL_TOR }, - { 0xD58F7A02, 32, NDPI_PROTOCOL_TOR }, - { 0xD59B0490, 32, NDPI_PROTOCOL_TOR }, - { 0xD5A3482F, 32, NDPI_PROTOCOL_TOR }, - { 0xD5A348A2, 32, NDPI_PROTOCOL_TOR }, - { 0xD5A54610, 32, NDPI_PROTOCOL_TOR }, - { 0xD5A54F22, 32, NDPI_PROTOCOL_TOR }, - { 0xD5A54FF3, 32, NDPI_PROTOCOL_TOR }, - { 0xD5A55106, 32, NDPI_PROTOCOL_TOR }, - { 0xD5A5551E, 32, NDPI_PROTOCOL_TOR }, - { 0xD5A55546, 32, NDPI_PROTOCOL_TOR }, - { 0xD5A555F9, 32, NDPI_PROTOCOL_TOR }, - { 0xD5AFD83B, 32, NDPI_PROTOCOL_TOR }, - { 0xD5B39EF1, 32, NDPI_PROTOCOL_TOR }, - { 0xD5B73821, 32, NDPI_PROTOCOL_TOR }, - { 0xD5B7388C, 32, NDPI_PROTOCOL_TOR }, - { 0xD5B9E355, 32, NDPI_PROTOCOL_TOR }, - { 0xD5BA07E8, 32, NDPI_PROTOCOL_TOR }, - { 0xD5BB54BE, 32, NDPI_PROTOCOL_TOR }, - { 0xD5BB6FFE, 32, NDPI_PROTOCOL_TOR }, - { 0xD5BC77C9, 32, NDPI_PROTOCOL_TOR }, - { 0xD5C489E3, 32, NDPI_PROTOCOL_TOR }, - { 0xD5C5167C, 32, NDPI_PROTOCOL_TOR }, - { 0xD5C52469, 32, NDPI_PROTOCOL_TOR }, - { 0xD5D0BCCB, 32, NDPI_PROTOCOL_TOR }, - { 0xD5D3FC58, 32, NDPI_PROTOCOL_TOR }, - { 0xD5DE7461, 32, NDPI_PROTOCOL_TOR }, - { 0xD5E3FAF5, 32, NDPI_PROTOCOL_TOR }, - { 0xD5EFC519, 32, NDPI_PROTOCOL_TOR }, - { 0xD5EFD329, 32, NDPI_PROTOCOL_TOR }, - { 0xD5EFD414, 32, NDPI_PROTOCOL_TOR }, - { 0xD5EFD6AF, 32, NDPI_PROTOCOL_TOR }, - { 0xD5EFD8DE, 32, NDPI_PROTOCOL_TOR }, - { 0xD5EFD912, 32, NDPI_PROTOCOL_TOR }, - { 0xD5EFDA14, 32, NDPI_PROTOCOL_TOR }, - { 0xD5EFDA93, 32, NDPI_PROTOCOL_TOR }, - { 0xD5EFF9DB, 32, NDPI_PROTOCOL_TOR }, - { 0xD5F05E3A, 32, NDPI_PROTOCOL_TOR }, - { 0xD5F06C19, 32, NDPI_PROTOCOL_TOR }, - { 0xD5F53D3D, 32, NDPI_PROTOCOL_TOR }, - { 0xD5FBBB37, 32, NDPI_PROTOCOL_TOR }, - { 0xD5FBC7AE, 32, NDPI_PROTOCOL_TOR }, - { 0xD80CC652, 32, NDPI_PROTOCOL_TOR }, - { 0xD80CC653, 32, NDPI_PROTOCOL_TOR }, - { 0xD80F0122, 32, NDPI_PROTOCOL_TOR }, - { 0xD8116382, 32, NDPI_PROTOCOL_TOR }, - { 0xD8116390, 32, NDPI_PROTOCOL_TOR }, - { 0xD811654F, 32, NDPI_PROTOCOL_TOR }, - { 0xD81169CB, 32, NDPI_PROTOCOL_TOR }, - { 0xD8116EE7, 32, NDPI_PROTOCOL_TOR }, - { 0xD818AEF5, 32, NDPI_PROTOCOL_TOR }, - { 0xD8425592, 32, NDPI_PROTOCOL_TOR }, - { 0xD873031A, 32, NDPI_PROTOCOL_TOR }, - { 0xD873063A, 32, NDPI_PROTOCOL_TOR }, - { 0xD892E107, 32, NDPI_PROTOCOL_TOR }, - { 0xD89A71F4, 32, NDPI_PROTOCOL_TOR }, - { 0xD8A13759, 32, NDPI_PROTOCOL_TOR }, - { 0xD8BAC1C9, 32, NDPI_PROTOCOL_TOR }, - { 0xD8BD9264, 32, NDPI_PROTOCOL_TOR }, - { 0xD8BD9575, 32, NDPI_PROTOCOL_TOR }, - { 0xD8BD9666, 32, NDPI_PROTOCOL_TOR }, - { 0xD8BD9718, 32, NDPI_PROTOCOL_TOR }, - { 0xD8C3851B, 32, NDPI_PROTOCOL_TOR }, - { 0xD8DA860C, 32, NDPI_PROTOCOL_TOR }, - { 0xD8DAD8C2, 32, NDPI_PROTOCOL_TOR }, - { 0xD8DD24F4, 32, NDPI_PROTOCOL_TOR }, - { 0xD8E6E69C, 32, NDPI_PROTOCOL_TOR }, - { 0xD8E6E6F7, 32, NDPI_PROTOCOL_TOR }, - { 0xD8F455D3, 32, NDPI_PROTOCOL_TOR }, - { 0xD90833AD, 32, NDPI_PROTOCOL_TOR }, - { 0xD90B39E2, 32, NDPI_PROTOCOL_TOR }, - { 0xD90B7727, 32, NDPI_PROTOCOL_TOR }, - { 0xD90CC7BE, 32, NDPI_PROTOCOL_TOR }, - { 0xD90CC7D1, 32, NDPI_PROTOCOL_TOR }, - { 0xD90CCB2E, 32, NDPI_PROTOCOL_TOR }, - { 0xD90CCC59, 32, NDPI_PROTOCOL_TOR }, - { 0xD90CCC68, 32, NDPI_PROTOCOL_TOR }, - { 0xD90CCC93, 32, NDPI_PROTOCOL_TOR }, - { 0xD90CD075, 32, NDPI_PROTOCOL_TOR }, - { 0xD90D4A29, 32, NDPI_PROTOCOL_TOR }, - { 0xD90DC505, 32, NDPI_PROTOCOL_TOR }, - { 0xD910B514, 32, NDPI_PROTOCOL_TOR }, - { 0xD910B614, 32, NDPI_PROTOCOL_TOR }, - { 0xD91318D8, 32, NDPI_PROTOCOL_TOR }, - { 0xD91318E9, 32, NDPI_PROTOCOL_TOR }, - { 0xD917011B, 32, NDPI_PROTOCOL_TOR }, - { 0xD91A1259, 32, NDPI_PROTOCOL_TOR }, - { 0xD91BB67D, 32, NDPI_PROTOCOL_TOR }, - { 0xD92287E1, 32, NDPI_PROTOCOL_TOR }, - { 0xD92287E7, 32, NDPI_PROTOCOL_TOR }, - { 0xD9251373, 32, NDPI_PROTOCOL_TOR }, - { 0xD92855C2, 32, NDPI_PROTOCOL_TOR }, - { 0xD928FEB1, 32, NDPI_PROTOCOL_TOR }, - { 0xD943154D, 32, NDPI_PROTOCOL_TOR }, - { 0xD945FE58, 32, NDPI_PROTOCOL_TOR }, - { 0xD946BD91, 32, NDPI_PROTOCOL_TOR }, - { 0xD946BF0D, 32, NDPI_PROTOCOL_TOR }, - { 0xD948141E, 32, NDPI_PROTOCOL_TOR }, - { 0xD94FB23C, 32, NDPI_PROTOCOL_TOR }, - { 0xD94FB532, 32, NDPI_PROTOCOL_TOR }, - { 0xD94FB538, 32, NDPI_PROTOCOL_TOR }, - { 0xD94FB65F, 32, NDPI_PROTOCOL_TOR }, - { 0xD94FBE19, 32, NDPI_PROTOCOL_TOR }, - { 0xD954FBD5, 32, NDPI_PROTOCOL_TOR }, - { 0xD95597B5, 32, NDPI_PROTOCOL_TOR }, - { 0xD95EEEF5, 32, NDPI_PROTOCOL_TOR }, - { 0xD970833A, 32, NDPI_PROTOCOL_TOR }, - { 0xD97293F5, 32, NDPI_PROTOCOL_TOR }, - { 0xD972DA12, 32, NDPI_PROTOCOL_TOR }, - { 0xD9730A85, 32, NDPI_PROTOCOL_TOR }, - { 0xD9730A86, 32, NDPI_PROTOCOL_TOR }, - { 0xD97729D5, 32, NDPI_PROTOCOL_TOR }, - { 0xD97BFEEE, 32, NDPI_PROTOCOL_TOR }, - { 0xD98090A0, 32, NDPI_PROTOCOL_TOR }, - { 0xD991C735, 32, NDPI_PROTOCOL_TOR }, - { 0xD9924B24, 32, NDPI_PROTOCOL_TOR }, - { 0xD99454B4, 32, NDPI_PROTOCOL_TOR }, - { 0xD9A0122D, 32, NDPI_PROTOCOL_TOR }, - { 0xD9A013EC, 32, NDPI_PROTOCOL_TOR }, - { 0xD9A05C43, 32, NDPI_PROTOCOL_TOR }, - { 0xD9A07E32, 32, NDPI_PROTOCOL_TOR }, - { 0xD9A083B0, 32, NDPI_PROTOCOL_TOR }, - { 0xD9A276FE, 32, NDPI_PROTOCOL_TOR }, - { 0xD9AACD71, 32, NDPI_PROTOCOL_TOR }, - { 0xD9ACB392, 32, NDPI_PROTOCOL_TOR }, - { 0xD9ACBE13, 32, NDPI_PROTOCOL_TOR }, - { 0xD9ACBE13, 32, NDPI_PROTOCOL_TOR }, - { 0xD9ACFFE5, 32, NDPI_PROTOCOL_TOR }, - { 0xD9AD4A5B, 32, NDPI_PROTOCOL_TOR }, - { 0xD9BCEA09, 32, NDPI_PROTOCOL_TOR }, - { 0xD9BDC5F4, 32, NDPI_PROTOCOL_TOR }, - { 0xD9BF49C3, 32, NDPI_PROTOCOL_TOR }, - { 0xD9BF6813, 32, NDPI_PROTOCOL_TOR }, - { 0xD9BFF274, 32, NDPI_PROTOCOL_TOR }, - { 0xD9C3AA91, 32, NDPI_PROTOCOL_TOR }, - { 0xD9C504DC, 32, NDPI_PROTOCOL_TOR }, - { 0xD9C553A2, 32, NDPI_PROTOCOL_TOR }, - { 0xD9C556AD, 32, NDPI_PROTOCOL_TOR }, - { 0xD9C55B91, 32, NDPI_PROTOCOL_TOR }, - { 0xD9C55B91, 32, NDPI_PROTOCOL_TOR }, - { 0xD9C55BA4, 32, NDPI_PROTOCOL_TOR }, - { 0xD9C5B52D, 32, NDPI_PROTOCOL_TOR }, - { 0xD9D075D3, 32, NDPI_PROTOCOL_TOR }, - { 0xD9D11257, 32, NDPI_PROTOCOL_TOR }, - { 0xD9D27158, 32, NDPI_PROTOCOL_TOR }, - { 0xD9D28C5F, 32, NDPI_PROTOCOL_TOR }, - { 0xD9D2A52B, 32, NDPI_PROTOCOL_TOR }, - { 0xD9D39FA1, 32, NDPI_PROTOCOL_TOR }, - { 0xD9E40B41, 32, NDPI_PROTOCOL_TOR }, - { 0xD9E46874, 32, NDPI_PROTOCOL_TOR }, - { 0xD9E76B72, 32, NDPI_PROTOCOL_TOR }, - { 0xD9E94FC8, 32, NDPI_PROTOCOL_TOR }, - { 0xD9E94FC8, 32, NDPI_PROTOCOL_TOR }, - { 0xD9EA6B0B, 32, NDPI_PROTOCOL_TOR }, - { 0xD9F595B7, 32, NDPI_PROTOCOL_TOR }, - { 0xD9F63320, 32, NDPI_PROTOCOL_TOR }, - { 0xD9F76904, 32, NDPI_PROTOCOL_TOR }, - { 0xD9F7DE9C, 32, NDPI_PROTOCOL_TOR }, - { 0xD9F7E61F, 32, NDPI_PROTOCOL_TOR }, - { 0xD9F9203E, 32, NDPI_PROTOCOL_TOR }, - { 0xD9FBD765, 32, NDPI_PROTOCOL_TOR }, - { 0xD9FD96F6, 32, NDPI_PROTOCOL_TOR }, - { 0xD9FD9F48, 32, NDPI_PROTOCOL_TOR }, - { 0xD9FE3DAC, 32, NDPI_PROTOCOL_TOR }, - { 0xD9FE47CC, 32, NDPI_PROTOCOL_TOR }, - { 0xD9FEB60F, 32, NDPI_PROTOCOL_TOR }, - { 0xDAA1200E, 32, NDPI_PROTOCOL_TOR }, - { 0xDAE7EBDB, 32, NDPI_PROTOCOL_TOR }, - { 0xDAE868DC, 32, NDPI_PROTOCOL_TOR }, - { 0xDAE868DD, 32, NDPI_PROTOCOL_TOR }, - { 0xDAFAF536, 32, NDPI_PROTOCOL_TOR }, - { 0xDB4F067A, 32, NDPI_PROTOCOL_TOR }, - { 0xDB59C4CA, 32, NDPI_PROTOCOL_TOR }, - { 0xDB6DCB40, 32, NDPI_PROTOCOL_TOR }, - { 0xDB75CE2E, 32, NDPI_PROTOCOL_TOR }, - { 0xDB791014, 32, NDPI_PROTOCOL_TOR }, - { 0xDBA189F3, 32, NDPI_PROTOCOL_TOR }, - { 0xDBA4C22E, 32, NDPI_PROTOCOL_TOR }, - { 0xDBAD0E54, 32, NDPI_PROTOCOL_TOR }, - { 0xDC39428E, 32, NDPI_PROTOCOL_TOR }, - { 0xDC87FE3F, 32, NDPI_PROTOCOL_TOR }, - { 0xDC898752, 32, NDPI_PROTOCOL_TOR }, - { 0xDC9387F3, 32, NDPI_PROTOCOL_TOR }, - { 0xDC9DC3F3, 32, NDPI_PROTOCOL_TOR }, - { 0xDCE97BAC, 32, NDPI_PROTOCOL_TOR }, - { 0xDCE9AF0E, 32, NDPI_PROTOCOL_TOR }, - { 0xDCFD1CE1, 32, NDPI_PROTOCOL_TOR }, - { 0xDCFF85C3, 32, NDPI_PROTOCOL_TOR }, - { 0xDD7132CB, 32, NDPI_PROTOCOL_TOR }, - { 0xDD9E95C5, 32, NDPI_PROTOCOL_TOR }, - { 0xDE047C92, 32, NDPI_PROTOCOL_TOR }, - { 0xDE0C7C9A, 32, NDPI_PROTOCOL_TOR }, - { 0xDE7294F8, 32, NDPI_PROTOCOL_TOR }, - { 0xDEEB761A, 32, NDPI_PROTOCOL_TOR }, - { 0xDF1273E5, 32, NDPI_PROTOCOL_TOR }, - { 0xDF85F4CA, 32, NDPI_PROTOCOL_TOR }, - { 0xDFE57B41, 32, NDPI_PROTOCOL_TOR }, + + { 0x0122A339 /* 1.34.163.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x01EA0B8E /* 1.234.11.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x01F4E33D /* 1.244.227.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x02054D8A /* 2.5.77.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x020A43F9 /* 2.10.67.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0246CA2B /* 2.70.202.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x02565C41 /* 2.86.92.65/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x025C99E8 /* 2.92.153.232/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x025D0968 /* 2.93.9.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x025D1792 /* 2.93.23.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x025DCAEB /* 2.93.202.235/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x026C835B /* 2.108.131.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x026E3C44 /* 2.110.60.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x026EDB2F /* 2.110.219.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x026F5E2C /* 2.111.94.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x029B4710 /* 2.155.71.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x02E18D86 /* 2.225.141.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x02E1E75C /* 2.225.231.92/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x02E58252 /* 2.229.130.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x02E6A4FE /* 2.230.164.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x02EC0943 /* 2.236.9.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x02EC351D /* 2.236.53.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x02EE4464 /* 2.238.68.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x02F0439C /* 2.240.67.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x02F0561B /* 2.240.86.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x02F22990 /* 2.242.41.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x02F2529C /* 2.242.82.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x02F2AE32 /* 2.242.174.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x02F593C1 /* 2.245.147.193/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x041F4046 /* 4.31.64.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05015D72 /* 5.1.93.114/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05023698 /* 5.2.54.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x050240D1 /* 5.2.64.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0502481A /* 5.2.72.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x050249D9 /* 5.2.73.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05024A53 /* 5.2.74.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05080802 /* 5.8.8.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05090782 /* 5.9.7.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x050907FC /* 5.9.7.252/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05090C1D /* 5.9.12.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0509208F /* 5.9.32.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05092771 /* 5.9.39.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05092B03 /* 5.9.43.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05093254 /* 5.9.50.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05093A89 /* 5.9.58.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05093DCF /* 5.9.61.207/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05093E11 /* 5.9.62.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05093E49 /* 5.9.62.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x050948E9 /* 5.9.72.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05094906 /* 5.9.73.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05094A3B /* 5.9.74.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05094F06 /* 5.9.79.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05094F9A /* 5.9.79.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05095129 /* 5.9.81.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x050953CC /* 5.9.83.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0509584A /* 5.9.88.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0509622B /* 5.9.98.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x050966C6 /* 5.9.102.198/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05096C58 /* 5.9.108.88/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05096EEC /* 5.9.110.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0509794F /* 5.9.121.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x050979CF /* 5.9.121.207/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x050981DA /* 5.9.129.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05098C02 /* 5.9.140.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x050992CB /* 5.9.146.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x050993E2 /* 5.9.147.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05099564 /* 5.9.149.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05099628 /* 5.9.150.40/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x050997F1 /* 5.9.151.241/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05099972 /* 5.9.153.114/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05099C11 /* 5.9.156.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05099E4B /* 5.9.158.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05099F0E /* 5.9.159.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0509AB26 /* 5.9.171.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0509BCBA /* 5.9.188.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0509BF34 /* 5.9.191.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0509C56A /* 5.9.197.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0509D4CC /* 5.9.212.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0509FDEA /* 5.9.253.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x050C14C2 /* 5.12.20.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x050F53EA /* 5.15.83.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0513A267 /* 5.19.162.103/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0513B3FD /* 5.19.179.253/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0513B825 /* 5.19.184.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x051C3E55 /* 5.28.62.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0522B45E /* 5.34.180.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0522B71A /* 5.34.183.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0522B781 /* 5.34.183.129/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0522B7CD /* 5.34.183.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0522B7D2 /* 5.34.183.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0523FBF7 /* 5.35.251.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x052721B0 /* 5.39.33.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x052721B2 /* 5.39.33.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05274007 /* 5.39.64.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05274DD0 /* 5.39.77.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05274E65 /* 5.39.78.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0527501C /* 5.39.80.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05275087 /* 5.39.80.135/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05275166 /* 5.39.81.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05275199 /* 5.39.81.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x052752C0 /* 5.39.82.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0527531B /* 5.39.83.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x052753D9 /* 5.39.83.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x052754D9 /* 5.39.84.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x052756CE /* 5.39.86.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05275835 /* 5.39.88.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05275836 /* 5.39.88.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0527597C /* 5.39.89.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05275CC7 /* 5.39.92.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05275E3C /* 5.39.94.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05275EA9 /* 5.39.94.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05275F8E /* 5.39.95.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05277C60 /* 5.39.124.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0527D90E /* 5.39.217.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x052C65BE /* 5.44.101.190/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x052D617F /* 5.45.97.127/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x052D626F /* 5.45.98.111/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x052D6416 /* 5.45.100.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x052D6B38 /* 5.45.107.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x052D6C30 /* 5.45.108.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x052D6D3E /* 5.45.109.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05313BF0 /* 5.49.59.240/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0531DE9D /* 5.49.222.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05336A6C /* 5.51.106.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0533CCF1 /* 5.51.204.241/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0533DC1E /* 5.51.220.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0533E534 /* 5.51.229.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0538203C /* 5.56.32.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05388513 /* 5.56.133.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x053D223F /* 5.61.34.63/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x053DEF22 /* 5.61.239.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x054D2F8E /* 5.77.47.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x054F44A1 /* 5.79.68.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x054F5482 /* 5.79.84.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x054F560F /* 5.79.86.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0550EAA9 /* 5.80.234.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0564FD98 /* 5.100.253.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0564FD99 /* 5.100.253.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05656652 /* 5.101.102.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05656746 /* 5.101.103.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05673A1E /* 5.103.58.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05685A1D /* 5.104.90.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05686A26 /* 5.104.106.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0581FAAD /* 5.129.250.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05871525 /* 5.135.21.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05874191 /* 5.135.65.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05877322 /* 5.135.115.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05879842 /* 5.135.152.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0587988F /* 5.135.152.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05879B79 /* 5.135.155.121/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05879E65 /* 5.135.158.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05879F6E /* 5.135.159.110/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05879F80 /* 5.135.159.128/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0587A231 /* 5.135.162.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0587A2D9 /* 5.135.162.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0587A34E /* 5.135.163.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0587B2B8 /* 5.135.178.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0587B5D0 /* 5.135.181.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0587B5D5 /* 5.135.181.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0587B682 /* 5.135.182.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0587B818 /* 5.135.184.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0587B991 /* 5.135.185.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0587BA49 /* 5.135.186.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0587BACD /* 5.135.186.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0587BBC0 /* 5.135.187.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0587BF33 /* 5.135.191.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0587C70D /* 5.135.199.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x058D09A4 /* 5.141.9.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05912EA6 /* 5.145.46.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05926255 /* 5.146.98.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05928E81 /* 5.146.142.129/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x059290E8 /* 5.146.144.232/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05930775 /* 5.147.7.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0593C4FC /* 5.147.196.252/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0593F89E /* 5.147.248.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0594A50D /* 5.148.165.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0594AF23 /* 5.148.175.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0594B430 /* 5.148.180.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0595FA33 /* 5.149.250.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0596CCB0 /* 5.150.204.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0596CCEF /* 5.150.204.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0596DD89 /* 5.150.221.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x059ABFAD /* 5.154.191.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05A4CC92 /* 5.164.204.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05A79A71 /* 5.167.154.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05BD357B /* 5.189.53.123/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05BD59E9 /* 5.189.89.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05BD844F /* 5.189.132.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05BD85F5 /* 5.189.133.245/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05BD8A09 /* 5.189.138.9/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05BD8C15 /* 5.189.140.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05BD8E76 /* 5.189.142.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05BD8F1C /* 5.189.143.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05BD8FA9 /* 5.189.143.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05BD9285 /* 5.189.146.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05BD995B /* 5.189.153.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05BD99B9 /* 5.189.153.185/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05BD9DE6 /* 5.189.157.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05BD9F15 /* 5.189.159.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05BDA4E6 /* 5.189.164.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05BDAF34 /* 5.189.175.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05BDB3A4 /* 5.189.179.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05BDB53D /* 5.189.181.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05BDB62D /* 5.189.182.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05BDB83D /* 5.189.184.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05BDBC6F /* 5.189.188.111/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C40181 /* 5.196.1.129/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C40C4F /* 5.196.12.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C40E33 /* 5.196.14.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C41740 /* 5.196.23.64/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C42416 /* 5.196.36.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C43A60 /* 5.196.58.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C441AD /* 5.196.65.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C442A2 /* 5.196.66.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C442F1 /* 5.196.66.241/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C44562 /* 5.196.69.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C44718 /* 5.196.71.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C448E9 /* 5.196.72.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C45862 /* 5.196.88.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C45874 /* 5.196.88.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C45FEC /* 5.196.95.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C479A1 /* 5.196.121.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C4DE38 /* 5.196.222.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C4E3A1 /* 5.196.227.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C4EF72 /* 5.196.239.114/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C782BC /* 5.199.130.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C785C1 /* 5.199.133.193/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C78E70 /* 5.199.142.112/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C78E7C /* 5.199.142.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C78EC3 /* 5.199.142.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C78EEC /* 5.199.142.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C7957D /* 5.199.149.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C7A7CF /* 5.199.167.207/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05C81590 /* 5.200.21.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05E40CDD /* 5.228.12.221/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05E68950 /* 5.230.137.80/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05E69141 /* 5.230.145.65/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05E693CA /* 5.230.147.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05F991A4 /* 5.249.145.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05F99599 /* 5.249.149.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05F995CC /* 5.249.149.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05F99F6C /* 5.249.159.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05F99FC6 /* 5.249.159.198/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05F99FD1 /* 5.249.159.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05FF3D82 /* 5.255.61.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x05FF524B /* 5.255.82.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0818462C /* 8.24.70.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x081A5E12 /* 8.26.94.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x08250EDC /* 8.37.14.220/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0D447048 /* 13.68.112.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0D49A282 /* 13.73.162.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0D49A30F /* 13.73.163.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0D5076D2 /* 13.80.118.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0D5D7299 /* 13.93.114.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0E035769 /* 14.3.87.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0E035B2C /* 14.3.91.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0EC771B3 /* 14.199.113.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0ECA9DD9 /* 14.202.157.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x0ECAE631 /* 14.202.230.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x12520056 /* 18.82.0.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1252005E /* 18.82.0.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1252011D /* 18.82.1.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x12520388 /* 18.82.3.136/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x125203C4 /* 18.82.3.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x125203CD /* 18.82.3.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x12B50525 /* 18.181.5.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x12F80098 /* 18.248.0.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x12F80155 /* 18.248.1.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1751425A /* 23.81.66.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x175B420B /* 23.91.66.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x175B7C7C /* 23.91.124.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x175BFEC8 /* 23.91.254.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x175C1371 /* 23.92.19.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x175C154A /* 23.92.21.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x175C161D /* 23.92.22.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x175C1B17 /* 23.92.27.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x175C1C17 /* 23.92.28.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x175E6595 /* 23.94.101.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x175EEA32 /* 23.94.234.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x175F092F /* 23.95.9.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x175F7105 /* 23.95.113.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1761ACE5 /* 23.97.172.229/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x176946AE /* 23.105.70.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x17A30099 /* 23.163.0.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x17EE11E5 /* 23.238.17.229/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x17EF077E /* 23.239.7.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x17EF0A90 /* 23.239.10.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x17EF1613 /* 23.239.22.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x17EF1B1C /* 23.239.27.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x17EF1DE2 /* 23.239.29.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x17EF7165 /* 23.239.113.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x17EF917D /* 23.239.145.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x17F24468 /* 23.242.68.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x17FE8026 /* 23.254.128.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x17FEA584 /* 23.254.165.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x17FEA5FA /* 23.254.165.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x17FEA6DE /* 23.254.166.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x17FEA7B4 /* 23.254.167.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x17FEA7B9 /* 23.254.167.185/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x17FEA7E7 /* 23.254.167.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x17FFD782 /* 23.255.215.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x18002A8B /* 24.0.42.139/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1803886A /* 24.3.136.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x18066A49 /* 24.6.106.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1806AE5E /* 24.6.174.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1807B899 /* 24.7.184.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x18084CAE /* 24.8.76.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1809B22E /* 24.9.178.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x18129BCE /* 24.18.155.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x181430FC /* 24.20.48.252/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1815D5B4 /* 24.21.213.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1816F50B /* 24.22.245.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x18228E69 /* 24.34.142.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x18288F0E /* 24.40.143.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1835303E /* 24.53.48.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1838F948 /* 24.56.249.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x183FD72F /* 24.63.215.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x184D7389 /* 24.77.115.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x18560435 /* 24.86.4.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x185D6D85 /* 24.93.109.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x185EB54F /* 24.94.181.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1860AD68 /* 24.96.173.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1860CED0 /* 24.96.206.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x18631C64 /* 24.99.28.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x18769E26 /* 24.118.158.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x18794054 /* 24.121.64.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x18821B00 /* 24.130.27.0/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1882DD76 /* 24.130.221.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x18943BB9 /* 24.148.59.185/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x18AB5048 /* 24.171.80.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x18B2F2B4 /* 24.178.242.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x18B7217A /* 24.183.33.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x18BA6CF9 /* 24.186.108.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x18BA6D04 /* 24.186.109.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x18C1EF3E /* 24.193.239.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x18CFD49A /* 24.207.212.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x18D97413 /* 24.217.116.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x18F635EB /* 24.246.53.235/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x18F8CB31 /* 24.248.203.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x18FF2173 /* 24.255.33.115/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1B00EB39 /* 27.0.235.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1B04D4C5 /* 27.4.212.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F039A0D /* 31.3.154.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F0646E1 /* 31.6.70.225/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F068F3E /* 31.6.143.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F07B826 /* 31.7.184.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F0E8788 /* 31.14.135.136/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F0F42DA /* 31.15.66.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F103016 /* 31.16.48.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F1059AA /* 31.16.89.170/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F105C19 /* 31.16.92.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F107B66 /* 31.16.123.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F10F410 /* 31.16.244.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F11002D /* 31.17.0.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F112C2D /* 31.17.44.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F113723 /* 31.17.55.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F1139ED /* 31.17.57.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F11E73D /* 31.17.231.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F124F4B /* 31.18.79.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F132A0B /* 31.19.42.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F137AC6 /* 31.19.122.198/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F17C113 /* 31.23.193.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F189425 /* 31.24.148.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F18E3F0 /* 31.24.227.240/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F192C37 /* 31.25.44.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F1CA8AE /* 31.28.168.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F1F49DE /* 31.31.73.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F1F4A2F /* 31.31.74.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F1F4A45 /* 31.31.74.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F1F4BB5 /* 31.31.75.181/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F1F4CA9 /* 31.31.76.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F1F4DB0 /* 31.31.77.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F1F4E31 /* 31.31.78.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F21B915 /* 31.33.185.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F22F15A /* 31.34.241.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F29DBE4 /* 31.41.219.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F2CE0ED /* 31.44.224.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F2CE638 /* 31.44.230.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F2D1035 /* 31.45.16.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F2FEE98 /* 31.47.238.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F360D08 /* 31.54.13.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F81A64E /* 31.129.166.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F82306D /* 31.130.48.109/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F8304A7 /* 31.131.4.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F83FB24 /* 31.131.251.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F849C88 /* 31.132.156.136/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F87F316 /* 31.135.243.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F87F38A /* 31.135.243.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1F978323 /* 31.151.131.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FA3F17E /* 31.163.241.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FA81163 /* 31.168.17.99/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FAA5229 /* 31.170.82.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FAA694D /* 31.170.105.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FAB9B1D /* 31.171.155.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FAB9B66 /* 31.171.155.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FAB9B6C /* 31.171.155.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FABF433 /* 31.171.244.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FAC56AD /* 31.172.86.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FB28B8A /* 31.178.139.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FB3842A /* 31.179.132.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FB91BCB /* 31.185.27.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FB96813 /* 31.185.104.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FB96814 /* 31.185.104.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FB96815 /* 31.185.104.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FC06297 /* 31.192.98.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FD008CB /* 31.208.8.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FD02929 /* 31.208.41.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FD047AD /* 31.208.71.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FD0687E /* 31.208.104.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FD0C9EC /* 31.208.201.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FD22183 /* 31.210.33.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FD69D53 /* 31.214.157.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FDC0599 /* 31.220.5.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FDC05C8 /* 31.220.5.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FDC07CD /* 31.220.7.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x1FDC1D7A /* 31.220.29.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x22C020B1 /* 34.192.32.177/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x22C16471 /* 34.193.100.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x22C55882 /* 34.197.88.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x22FA5400 /* 34.250.84.0/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x239C225F /* 35.156.34.95/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x239CF80C /* 35.156.248.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x23A1467D /* 35.161.70.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x23A32FF3 /* 35.163.47.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x23A436C1 /* 35.164.54.193/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x23A5B2E7 /* 35.165.178.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x23A75E0C /* 35.167.94.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x23B90E13 /* 35.185.14.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2437F33C /* 36.55.243.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x24E0398E /* 36.224.57.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2504ECD4 /* 37.4.236.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x250EC588 /* 37.14.197.136/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x250F704B /* 37.15.112.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x250F7AD8 /* 37.15.122.216/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2518C2C9 /* 37.24.194.201/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25223476 /* 37.34.52.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25236BEE /* 37.35.107.238/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25304971 /* 37.48.73.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x253050B4 /* 37.48.80.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25307809 /* 37.48.120.9/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x253078C4 /* 37.48.120.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25307A3C /* 37.48.122.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x253A39E7 /* 37.58.57.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x253B0227 /* 37.59.2.39/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x253B0A65 /* 37.59.10.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x253B0E5E /* 37.59.14.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x253B253B /* 37.59.37.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x253B28C1 /* 37.59.40.193/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x253B2E9F /* 37.59.46.159/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x253B32DA /* 37.59.50.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x253B4884 /* 37.59.72.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x253B59D6 /* 37.59.89.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x253B6BB9 /* 37.59.107.185/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x253B7007 /* 37.59.112.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x253B76F6 /* 37.59.118.246/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x253B7776 /* 37.59.119.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x253BFE09 /* 37.59.254.9/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x254E119E /* 37.78.17.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2561B974 /* 37.97.185.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x256E943B /* 37.110.148.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25719B64 /* 37.113.155.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25719FD5 /* 37.113.159.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25785989 /* 37.120.89.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2578A527 /* 37.120.165.39/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2578A9F3 /* 37.120.169.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2578ACF2 /* 37.120.172.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2578AD92 /* 37.120.173.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2578AEF9 /* 37.120.174.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2578B962 /* 37.120.185.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x257AD0DC /* 37.122.208.220/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x257B711D /* 37.123.113.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x257B8594 /* 37.123.133.148/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2582E385 /* 37.130.227.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2585166B /* 37.133.22.107/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x258B01D4 /* 37.139.1.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x258B0868 /* 37.139.8.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2599010A /* 37.153.1.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2599022C /* 37.153.2.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25992933 /* 37.153.41.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25993585 /* 37.153.53.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x259DC1A1 /* 37.157.193.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x259DC357 /* 37.157.195.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x259DC461 /* 37.157.196.97/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x259DC48E /* 37.157.196.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB0053 /* 37.187.0.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB011D /* 37.187.1.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB02AD /* 37.187.2.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB02E6 /* 37.187.2.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB036A /* 37.187.3.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB0408 /* 37.187.4.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB074A /* 37.187.7.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB1143 /* 37.187.17.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB115F /* 37.187.17.95/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB122B /* 37.187.18.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB126D /* 37.187.18.109/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB143B /* 37.187.20.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB144F /* 37.187.20.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB151C /* 37.187.21.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB159D /* 37.187.21.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB1657 /* 37.187.22.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB1683 /* 37.187.22.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB17A9 /* 37.187.23.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB17E8 /* 37.187.23.232/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB1E4E /* 37.187.30.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB1F27 /* 37.187.31.39/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB3F11 /* 37.187.63.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB4D34 /* 37.187.77.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB4ED2 /* 37.187.78.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB5A7A /* 37.187.90.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB5A95 /* 37.187.90.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB604E /* 37.187.96.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB6054 /* 37.187.96.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB6152 /* 37.187.97.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB615F /* 37.187.97.95/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB62B9 /* 37.187.98.185/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB658F /* 37.187.101.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB666C /* 37.187.102.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB66BA /* 37.187.102.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB66CA /* 37.187.102.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB679C /* 37.187.103.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB686F /* 37.187.104.111/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB68B2 /* 37.187.104.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB692B /* 37.187.105.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB6941 /* 37.187.105.65/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB6944 /* 37.187.105.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB6968 /* 37.187.105.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB6B5B /* 37.187.107.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB6C50 /* 37.187.108.80/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB6CD9 /* 37.187.108.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB6E81 /* 37.187.110.129/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB6ED8 /* 37.187.110.216/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB6FCD /* 37.187.111.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB732F /* 37.187.115.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB739D /* 37.187.115.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB7825 /* 37.187.120.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB7B79 /* 37.187.123.121/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BB82E2 /* 37.187.130.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BBB040 /* 37.187.176.64/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BBB102 /* 37.187.177.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BBB404 /* 37.187.180.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BBB412 /* 37.187.180.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BBB470 /* 37.187.180.112/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BBEF08 /* 37.187.239.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BC5335 /* 37.188.83.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BFC7AD /* 37.191.199.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BFE748 /* 37.191.231.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BFE8E4 /* 37.191.232.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25BFEC54 /* 37.191.236.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25C07417 /* 37.192.116.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25C86205 /* 37.200.98.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25C86275 /* 37.200.98.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25C863FB /* 37.200.99.251/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25CC3375 /* 37.204.51.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25CC834F /* 37.204.131.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25CD0983 /* 37.205.9.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25CD0A8C /* 37.205.10.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25CD0B95 /* 37.205.11.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25D11308 /* 37.209.19.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25D1771F /* 37.209.119.31/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25DAF015 /* 37.218.240.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25DAF032 /* 37.218.240.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25DAF044 /* 37.218.240.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25DAF050 /* 37.218.240.80/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25DAF065 /* 37.218.240.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25DAF7D9 /* 37.218.247.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25DC1229 /* 37.220.18.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25DC23CA /* 37.220.35.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25DC24F0 /* 37.220.36.240/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25DDA2E2 /* 37.221.162.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25DDABEA /* 37.221.171.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25DDABEC /* 37.221.171.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25DDC108 /* 37.221.193.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25DDC1C3 /* 37.221.193.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25DDC41F /* 37.221.196.31/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25DDC489 /* 37.221.196.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25DDD301 /* 37.221.211.1/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25E48667 /* 37.228.134.103/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25E5D380 /* 37.229.211.128/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25E67725 /* 37.230.119.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25E9639D /* 37.233.99.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25EB30F7 /* 37.235.48.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25EB3122 /* 37.235.49.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25EB317C /* 37.235.49.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25EB318A /* 37.235.49.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25EB3443 /* 37.235.52.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25EB3753 /* 37.235.55.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25EB38B4 /* 37.235.56.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25EB3C4D /* 37.235.60.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25F72A79 /* 37.247.42.121/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25F733C5 /* 37.247.51.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x25FCBEB0 /* 37.252.190.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x26E5001C /* 38.229.0.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x26E5001D /* 38.229.0.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x26E54622 /* 38.229.70.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x26E5462B /* 38.229.70.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x26E54633 /* 38.229.70.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x26E54634 /* 38.229.70.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x26E54635 /* 38.229.70.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x26E54636 /* 38.229.70.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x26E5463D /* 38.229.70.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x26E54F02 /* 38.229.79.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x276E67D5 /* 39.110.103.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x294D88B2 /* 41.77.136.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x29B61914 /* 41.182.25.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x29B91CD6 /* 41.185.28.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x29CEBCCE /* 41.206.188.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x29D0D52E /* 41.208.213.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x29D7F232 /* 41.215.242.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x29DF358D /* 41.223.53.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x29E73565 /* 41.231.53.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2A024E0B /* 42.2.78.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2A70102A /* 42.112.16.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2A7010C2 /* 42.112.16.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2A7010C6 /* 42.112.16.198/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2A7010C8 /* 42.112.16.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2A7C24FC /* 42.124.36.252/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2BF00C3A /* 43.240.12.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2BF0633E /* 43.240.99.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2BFC250E /* 43.252.37.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D144301 /* 45.20.67.1/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D200159 /* 45.32.1.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D200322 /* 45.32.3.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D200C25 /* 45.32.12.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D201918 /* 45.32.25.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D201EB2 /* 45.32.30.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D203F93 /* 45.32.63.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D207501 /* 45.32.117.1/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D209255 /* 45.32.146.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D209749 /* 45.32.151.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D209CB3 /* 45.32.156.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D209FFD /* 45.32.159.253/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D20B16B /* 45.32.177.107/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D20BDB1 /* 45.32.189.177/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D20D9B8 /* 45.32.217.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D20E314 /* 45.32.227.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D20E9BF /* 45.32.233.191/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D20EDDB /* 45.32.237.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D20EE3D /* 45.32.238.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D20EE65 /* 45.32.238.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D20EFA6 /* 45.32.239.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D20F549 /* 45.32.245.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D20F620 /* 45.32.246.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D20F720 /* 45.32.247.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D20F7E6 /* 45.32.247.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D20FA2E /* 45.32.250.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D211717 /* 45.33.23.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D212752 /* 45.33.39.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D2130CC /* 45.33.48.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D21395B /* 45.33.57.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D213D28 /* 45.33.61.40/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D21402D /* 45.33.64.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D214144 /* 45.33.65.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D214B1C /* 45.33.75.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D214D34 /* 45.33.77.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D2178C9 /* 45.33.120.201/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D228F04 /* 45.34.143.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D234855 /* 45.35.72.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D245B78 /* 45.36.91.120/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D25AAF2 /* 45.37.170.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D324D34 /* 45.50.77.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D370C17 /* 45.55.12.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D371384 /* 45.55.19.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D371B46 /* 45.55.27.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D373297 /* 45.55.50.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D37374C /* 45.55.55.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D373EA1 /* 45.55.62.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D376C6E /* 45.55.108.110/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D378127 /* 45.55.129.39/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3785F9 /* 45.55.133.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D37A05E /* 45.55.160.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D37A721 /* 45.55.167.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D37C2AF /* 45.55.194.175/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D37D4D9 /* 45.55.212.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D37EC13 /* 45.55.236.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D37F8E4 /* 45.55.248.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3A263B /* 45.58.38.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3A31FB /* 45.58.49.251/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3A34DD /* 45.58.52.221/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3A3C7F /* 45.58.60.127/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3E7420 /* 45.62.116.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3ECC76 /* 45.62.204.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3ED297 /* 45.62.210.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3ED2B0 /* 45.62.210.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3ED5FA /* 45.62.213.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3EE196 /* 45.62.225.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3EE1B7 /* 45.62.225.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3EE23B /* 45.62.226.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3EE30A /* 45.62.227.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3EE459 /* 45.62.228.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3EE814 /* 45.62.232.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3EE8D4 /* 45.62.232.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3EEBCA /* 45.62.235.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3EEDEA /* 45.62.237.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3EF2C2 /* 45.62.242.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3EF3CC /* 45.62.243.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3EF4F0 /* 45.62.244.240/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3EF65B /* 45.62.246.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3EF684 /* 45.62.246.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3EF712 /* 45.62.247.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3EF71B /* 45.62.247.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3EF912 /* 45.62.249.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3EF9C3 /* 45.62.249.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3EFA42 /* 45.62.250.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3EFC42 /* 45.62.252.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3EFC48 /* 45.62.252.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3EFC4C /* 45.62.252.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3EFD71 /* 45.62.253.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3F0EE1 /* 45.63.14.225/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3F185E /* 45.63.24.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3F18E3 /* 45.63.24.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3F19B3 /* 45.63.25.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3F19EB /* 45.63.25.235/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3F1A30 /* 45.63.26.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3F1BC3 /* 45.63.27.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3F1EA7 /* 45.63.30.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3F2A5B /* 45.63.42.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3F368F /* 45.63.54.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3F4371 /* 45.63.67.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3F4EB1 /* 45.63.78.177/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3F54D9 /* 45.63.84.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3F57EE /* 45.63.87.238/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3F5935 /* 45.63.89.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3F7760 /* 45.63.119.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3F79B0 /* 45.63.121.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D3F7ED2 /* 45.63.126.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4C154D /* 45.76.21.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4C25E7 /* 45.76.37.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4C26DB /* 45.76.38.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4C5418 /* 45.76.84.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4C5C75 /* 45.76.92.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4C6B8C /* 45.76.107.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4C6E2E /* 45.76.110.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4C8322 /* 45.76.131.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4C869F /* 45.76.134.159/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4C9570 /* 45.76.149.112/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4C9CA5 /* 45.76.156.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4F0AC3 /* 45.79.10.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4F43ED /* 45.79.67.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4F4CAE /* 45.79.76.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4F582B /* 45.79.88.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4F5B7E /* 45.79.91.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4F5C5E /* 45.79.92.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4F5FF4 /* 45.79.95.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4F6365 /* 45.79.99.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4F6C60 /* 45.79.108.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4F6D37 /* 45.79.109.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4F6F7C /* 45.79.111.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4F8A08 /* 45.79.138.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4F92E3 /* 45.79.146.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4FB872 /* 45.79.184.114/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4FBA2B /* 45.79.186.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4FC4D3 /* 45.79.196.211/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4FCFB0 /* 45.79.207.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D4FD7B0 /* 45.79.215.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D7AFD06 /* 45.122.253.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D7B7665 /* 45.123.118.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2D7BBE74 /* 45.123.190.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E040059 /* 46.4.0.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E041343 /* 46.4.19.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E0422F2 /* 46.4.34.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E04268B /* 46.4.38.139/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E042843 /* 46.4.40.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E042DBC /* 46.4.45.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E0431C9 /* 46.4.49.201/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E0437B1 /* 46.4.55.177/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E043997 /* 46.4.57.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E043A5A /* 46.4.58.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E044E03 /* 46.4.78.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E045131 /* 46.4.81.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E046723 /* 46.4.103.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E046F7C /* 46.4.111.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E047AAD /* 46.4.122.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E047D02 /* 46.4.125.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E04803E /* 46.4.128.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E049051 /* 46.4.144.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E04AE34 /* 46.4.174.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E04FDC2 /* 46.4.253.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E0528D2 /* 46.5.40.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E05DE6A /* 46.5.222.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E05E9A1 /* 46.5.233.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E05EF26 /* 46.5.239.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E075A45 /* 46.7.90.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E07F1E0 /* 46.7.241.224/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E09C314 /* 46.9.195.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E0EF5CE /* 46.14.245.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E10EA83 /* 46.16.234.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E113FD6 /* 46.17.63.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E135DD4 /* 46.19.93.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E135DD6 /* 46.19.93.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E135DD8 /* 46.19.93.216/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E142372 /* 46.20.35.114/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E14F677 /* 46.20.246.119/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E16D163 /* 46.22.209.99/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E16D4E6 /* 46.22.212.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E1746C3 /* 46.23.70.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E174851 /* 46.23.72.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E17551F /* 46.23.85.31/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E1C40EA /* 46.28.64.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E1C449D /* 46.28.68.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E1C449E /* 46.28.68.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E1C5621 /* 46.28.86.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E1C6B52 /* 46.28.107.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E1C6DE7 /* 46.28.109.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E1C6E88 /* 46.28.110.136/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E1C6EF4 /* 46.28.110.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E1CCAFE /* 46.28.202.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E1CCDAA /* 46.28.205.170/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E1CCDBB /* 46.28.205.187/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E1CCE7E /* 46.28.206.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E1CCF13 /* 46.28.207.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E1CCF3A /* 46.28.207.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E1CCF6B /* 46.28.207.107/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E1CCF8D /* 46.28.207.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E1DF8EE /* 46.29.248.238/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E242549 /* 46.36.37.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E242786 /* 46.36.39.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E259D1F /* 46.37.157.31/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E26300C /* 46.38.48.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E2630E1 /* 46.38.48.225/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E263312 /* 46.38.51.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E2638D5 /* 46.38.56.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E26E7D1 /* 46.38.231.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E26E9F2 /* 46.38.233.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E26EA9E /* 46.38.234.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E26EC11 /* 46.38.236.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E26EDDD /* 46.38.237.221/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E26EE84 /* 46.38.238.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E26F110 /* 46.38.241.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E26FA27 /* 46.38.250.39/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E27E388 /* 46.39.227.136/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E27FB57 /* 46.39.251.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E2901A7 /* 46.41.1.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E293BDF /* 46.41.59.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E298244 /* 46.41.130.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E298454 /* 46.41.132.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E29964A /* 46.41.150.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E2D0F7B /* 46.45.15.123/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E3B489D /* 46.59.72.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E3B6325 /* 46.59.99.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E3B8535 /* 46.59.133.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E3BB9CE /* 46.59.185.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E3BC7B0 /* 46.59.199.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E3BD83E /* 46.59.216.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E491002 /* 46.73.16.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E49B49E /* 46.73.180.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E53768C /* 46.83.118.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E541269 /* 46.84.18.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E5443ED /* 46.84.67.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E566304 /* 46.86.99.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E59D7A4 /* 46.89.215.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E59D8D6 /* 46.89.216.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E5B6737 /* 46.91.103.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E650933 /* 46.101.9.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E65158F /* 46.101.21.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E6515C9 /* 46.101.21.201/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E6547B6 /* 46.101.71.182/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E655FEF /* 46.101.95.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E656647 /* 46.101.102.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E6568F5 /* 46.101.104.245/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E657F91 /* 46.101.127.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E658A2E /* 46.101.138.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E658B87 /* 46.101.139.135/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E658BF8 /* 46.101.139.248/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E658D0F /* 46.101.141.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E658EAE /* 46.101.142.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E659569 /* 46.101.149.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E659631 /* 46.101.150.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E6597DE /* 46.101.151.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E659893 /* 46.101.152.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E65A613 /* 46.101.166.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E65A997 /* 46.101.169.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E65B2BE /* 46.101.178.190/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E65B7A0 /* 46.101.183.160/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E65C0E6 /* 46.101.192.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E65CAE7 /* 46.101.202.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E65CE81 /* 46.101.206.129/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E65D847 /* 46.101.216.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E65DFE7 /* 46.101.223.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E65E72C /* 46.101.231.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E691DC8 /* 46.105.29.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E693F2C /* 46.105.63.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E6954B2 /* 46.105.84.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E696495 /* 46.105.100.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E69E36D /* 46.105.227.109/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E6C27DB /* 46.108.39.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E77FDF4 /* 46.119.253.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E7E0EBC /* 46.126.14.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E7F0C21 /* 46.127.12.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E7FA71E /* 46.127.167.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E803C3C /* 46.128.60.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E80720C /* 46.128.114.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E80C733 /* 46.128.199.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E8E51C0 /* 46.142.81.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E92F7A7 /* 46.146.247.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E941222 /* 46.148.18.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E941342 /* 46.148.19.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E941A6C /* 46.148.26.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E971AC2 /* 46.151.26.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2E971B65 /* 46.151.27.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA102E0 /* 46.161.2.224/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA1924B /* 46.161.146.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA2C0A6 /* 46.162.192.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA34CAA /* 46.163.76.170/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA34E0E /* 46.163.78.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA4DA09 /* 46.164.218.9/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA4F360 /* 46.164.243.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA5C560 /* 46.165.197.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA5D64D /* 46.165.214.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA5DDA6 /* 46.165.221.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA5DFD9 /* 46.165.223.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA5E605 /* 46.165.230.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA5F2A6 /* 46.165.242.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA5F9D1 /* 46.165.249.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA5FAE0 /* 46.165.250.224/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA5FDA4 /* 46.165.253.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA5FDB4 /* 46.165.253.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA5FE28 /* 46.165.254.40/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA6948E /* 46.166.148.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA6948F /* 46.166.148.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA69490 /* 46.166.148.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA69491 /* 46.166.148.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA69492 /* 46.166.148.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA69498 /* 46.166.148.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA69499 /* 46.166.148.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA6949A /* 46.166.148.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA6949B /* 46.166.148.155/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA694B0 /* 46.166.148.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA694B1 /* 46.166.148.177/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA6A049 /* 46.166.160.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA6A222 /* 46.166.162.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA6A235 /* 46.166.162.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA6A372 /* 46.166.163.114/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA6A378 /* 46.166.163.120/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA6A512 /* 46.166.165.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA6A576 /* 46.166.165.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA6A581 /* 46.166.165.129/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA6A72E /* 46.166.167.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA6AD65 /* 46.166.173.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EA7F533 /* 46.167.245.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EAD2695 /* 46.173.38.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EB6121D /* 46.182.18.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EB6126F /* 46.182.18.111/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EB612D6 /* 46.182.18.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EB612DF /* 46.182.18.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EB612F5 /* 46.182.18.245/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EB61397 /* 46.182.19.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EB613DB /* 46.182.19.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EB613E7 /* 46.182.19.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EB66ABE /* 46.182.106.190/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EB6D01C /* 46.182.208.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EB7D8CD /* 46.183.216.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EB7D8E0 /* 46.183.216.224/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EB7DAC6 /* 46.183.218.198/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EB7DAC7 /* 46.183.218.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EB7DD89 /* 46.183.221.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EB7DDE7 /* 46.183.221.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EBB039C /* 46.187.3.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EBC02E4 /* 46.188.2.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EBC0425 /* 46.188.4.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EBC2C19 /* 46.188.44.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EBC389E /* 46.188.56.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EC20F5D /* 46.194.15.93/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2ECE6DDD /* 46.206.109.221/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EDB020C /* 46.219.2.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EDF5011 /* 46.223.80.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EDF6387 /* 46.223.99.135/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EE343B5 /* 46.227.67.181/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EE360DA /* 46.227.96.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EE412ED /* 46.228.18.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EE5ADEB /* 46.229.173.235/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EE5EEAC /* 46.229.238.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EE90046 /* 46.233.0.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EEBE346 /* 46.235.227.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EEF6CC2 /* 46.239.108.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EF48887 /* 46.244.136.135/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EF4E6CC /* 46.244.230.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EF62AEC /* 46.246.42.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EF62B6B /* 46.246.43.107/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EF631CF /* 46.246.49.207/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EF659A9 /* 46.246.89.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EF65D46 /* 46.246.93.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EF91507 /* 46.249.21.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EF9256D /* 46.249.37.109/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EF9258F /* 46.249.37.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EF93147 /* 46.249.49.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EF93167 /* 46.249.49.103/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EF931E7 /* 46.249.49.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EFC1838 /* 46.252.24.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EFC19F9 /* 46.252.25.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2EFC1A02 /* 46.252.26.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2F10B998 /* 47.16.185.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2F340306 /* 47.52.3.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2F3770E4 /* 47.55.112.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2F580304 /* 47.88.3.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2F580560 /* 47.88.5.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2F580626 /* 47.88.6.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2F580B9E /* 47.88.11.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2F580C0E /* 47.88.12.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2F5812DA /* 47.88.18.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2F581674 /* 47.88.22.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2F581BA1 /* 47.88.27.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2F581C38 /* 47.88.28.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2F58BCD1 /* 47.88.188.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2F58C22F /* 47.88.194.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2F58F20C /* 47.88.242.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2F5921A9 /* 47.89.33.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2F93BE47 /* 47.147.190.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2F946A1D /* 47.148.106.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2F96A641 /* 47.150.166.65/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2F98E3B8 /* 47.152.227.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2FB85DF1 /* 47.184.93.241/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2FBE0902 /* 47.190.9.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2FC7F0D4 /* 47.199.240.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2FCA878C /* 47.202.135.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x2FDD0406 /* 47.221.4.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x31030B7A /* 49.3.11.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x31D4A626 /* 49.212.166.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32013381 /* 50.1.51.129/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3207730C /* 50.7.115.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32077343 /* 50.7.115.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32079720 /* 50.7.151.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3207972F /* 50.7.151.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3207977F /* 50.7.151.127/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3207A1DA /* 50.7.161.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3207B002 /* 50.7.176.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3207B222 /* 50.7.178.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3207B262 /* 50.7.178.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3207B292 /* 50.7.178.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3207B3CA /* 50.7.179.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3207B3FB /* 50.7.179.251/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3207B83A /* 50.7.184.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3207BA26 /* 50.7.186.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x321A02E8 /* 50.26.2.232/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x321E240F /* 50.30.36.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x321E2412 /* 50.30.36.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x321F70E7 /* 50.31.112.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x321FFC0B /* 50.31.252.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x321FFC2B /* 50.31.252.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32277A27 /* 50.39.122.39/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3227A54D /* 50.39.165.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x322E6D89 /* 50.46.109.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x322E7DA7 /* 50.46.125.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3235472D /* 50.53.71.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3235B52D /* 50.53.181.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3241A4B3 /* 50.65.164.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3242552D /* 50.66.85.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32428A4C /* 50.66.138.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x324C3161 /* 50.76.49.97/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x324C9FDA /* 50.76.159.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3258B15A /* 50.88.177.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3265F0E0 /* 50.101.240.224/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3273A471 /* 50.115.164.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32740095 /* 50.116.0.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x327403DF /* 50.116.3.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3274046B /* 50.116.4.107/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3274048D /* 50.116.4.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32740599 /* 50.116.5.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32740740 /* 50.116.7.64/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32740F49 /* 50.116.15.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x327415AC /* 50.116.21.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32741DB3 /* 50.116.29.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32742806 /* 50.116.40.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x327428E2 /* 50.116.40.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32742AF5 /* 50.116.42.245/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32743085 /* 50.116.48.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3274312E /* 50.116.49.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32743830 /* 50.116.56.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32808C86 /* 50.128.140.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3286A971 /* 50.134.169.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3287AAFC /* 50.135.170.252/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3288C5FD /* 50.136.197.253/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32894E81 /* 50.137.78.129/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x328AA937 /* 50.138.169.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32967772 /* 50.150.119.114/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32972D07 /* 50.151.45.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x329F7E15 /* 50.159.126.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32A11710 /* 50.161.23.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32A2D76C /* 50.162.215.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32A56D5B /* 50.165.109.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32AA0CB8 /* 50.170.12.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32AF9CE1 /* 50.175.156.225/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32B12972 /* 50.177.41.114/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32BBD74E /* 50.187.215.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32C113B2 /* 50.193.19.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32C18F2A /* 50.193.143.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32C1CA26 /* 50.193.202.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32F38312 /* 50.243.131.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32F4C8DD /* 50.244.200.221/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32F7C37C /* 50.247.195.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32F7F8AC /* 50.247.248.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x32FAC9FE /* 50.250.201.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3306168B /* 51.6.22.139/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F017D /* 51.15.1.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F040A /* 51.15.4.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F040D /* 51.15.4.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F0437 /* 51.15.4.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F2495 /* 51.15.36.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F24A4 /* 51.15.36.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F24AC /* 51.15.36.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F24B7 /* 51.15.36.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F24CE /* 51.15.36.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F253B /* 51.15.37.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F2561 /* 51.15.37.97/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F260D /* 51.15.38.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F2637 /* 51.15.38.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F263A /* 51.15.38.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F2702 /* 51.15.39.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F28E9 /* 51.15.40.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F2A13 /* 51.15.42.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F2BCA /* 51.15.43.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F2BCD /* 51.15.43.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F2C36 /* 51.15.44.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F2C8E /* 51.15.44.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F2CFB /* 51.15.44.251/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F2E0F /* 51.15.46.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F2E2D /* 51.15.46.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F2E8E /* 51.15.46.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F2F3E /* 51.15.47.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F3095 /* 51.15.48.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F30FC /* 51.15.48.252/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F30FE /* 51.15.48.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F3108 /* 51.15.49.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F3224 /* 51.15.50.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F326D /* 51.15.50.109/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F32C0 /* 51.15.50.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F339C /* 51.15.51.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F339F /* 51.15.51.159/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F3410 /* 51.15.52.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F3478 /* 51.15.52.120/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F34F4 /* 51.15.52.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F354B /* 51.15.53.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F3553 /* 51.15.53.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F3576 /* 51.15.53.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F37F5 /* 51.15.55.245/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F3865 /* 51.15.56.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F3957 /* 51.15.57.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F3A69 /* 51.15.58.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F3A98 /* 51.15.58.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F3BDF /* 51.15.59.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F3C66 /* 51.15.60.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F3D03 /* 51.15.61.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F3D49 /* 51.15.61.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F3E82 /* 51.15.62.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F3EFC /* 51.15.62.252/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F8767 /* 51.15.135.103/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F8BC8 /* 51.15.139.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F8F11 /* 51.15.143.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x330F8FEF /* 51.15.143.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x338D06FA /* 51.141.6.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33AEC575 /* 51.174.197.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33AF32A2 /* 51.175.50.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33AF77B7 /* 51.175.119.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FE17CB /* 51.254.23.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FE2397 /* 51.254.35.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FE26F9 /* 51.254.38.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FE305D /* 51.254.48.93/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FE3D41 /* 51.254.61.65/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FE5640 /* 51.254.86.64/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FE6376 /* 51.254.99.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FE65F2 /* 51.254.101.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FE6670 /* 51.254.102.112/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FE7034 /* 51.254.112.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FE73E1 /* 51.254.115.225/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FE7404 /* 51.254.116.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FE7852 /* 51.254.120.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FE793F /* 51.254.121.63/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FE80C9 /* 51.254.128.201/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FE83E2 /* 51.254.131.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FE87D5 /* 51.254.135.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FE88C3 /* 51.254.136.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FEA432 /* 51.254.164.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FEAF54 /* 51.254.175.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FED1C5 /* 51.254.209.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FED906 /* 51.254.217.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FEDAF7 /* 51.254.218.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FEDD90 /* 51.254.221.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FEE104 /* 51.254.225.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FEF6CB /* 51.254.246.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FF28E3 /* 51.255.40.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FF2941 /* 51.255.41.65/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FF295B /* 51.255.41.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FF2CB7 /* 51.255.44.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FF304E /* 51.255.48.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FF4B03 /* 51.255.75.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FF63C7 /* 51.255.99.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FFA888 /* 51.255.168.136/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FFA90A /* 51.255.169.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FFC64D /* 51.255.198.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FFCA42 /* 51.255.202.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FFCE4A /* 51.255.206.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FFD302 /* 51.255.211.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x33FFD3EB /* 51.255.211.235/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x34060992 /* 52.6.9.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x340A7D8C /* 52.10.125.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x34108E2D /* 52.16.142.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3412C7EF /* 52.18.199.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x341363E8 /* 52.19.99.232/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x34230B02 /* 52.35.11.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3424553A /* 52.36.85.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3427F366 /* 52.39.243.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x342A5EC8 /* 52.42.94.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x343229E9 /* 52.50.41.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x34382A18 /* 52.56.42.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x34387CCC /* 52.56.124.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x343B3716 /* 52.59.55.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x343F8694 /* 52.63.134.148/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3441CBF7 /* 52.65.203.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x34424F66 /* 52.66.79.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3442757E /* 52.66.117.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3442987F /* 52.66.152.127/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3443BC29 /* 52.67.188.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x345A5415 /* 52.90.84.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x345ACE83 /* 52.90.206.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x345BE3FB /* 52.91.227.251/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x34A6C0B4 /* 52.166.192.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x34A90A5A /* 52.169.10.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x34B72F9B /* 52.183.47.155/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x34B89DEA /* 52.184.157.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x34D1200B /* 52.209.32.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x34D18505 /* 52.209.133.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x34D2A92C /* 52.210.169.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x34D355CD /* 52.211.85.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x34D38C46 /* 52.211.140.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x34D5740C /* 52.213.116.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x34D62D93 /* 52.214.45.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x34D67041 /* 52.214.112.65/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x36546A29 /* 54.84.106.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x36559EBB /* 54.85.158.187/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3656E88C /* 54.86.232.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x365DB1D9 /* 54.93.177.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x365E55C9 /* 54.94.85.201/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x365E660F /* 54.94.102.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x369F547E /* 54.159.84.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x36A148CC /* 54.161.72.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x36A6BADA /* 54.166.186.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x36B362CC /* 54.179.98.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x36BA1A45 /* 54.186.26.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x36BA3003 /* 54.186.48.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x36BA6869 /* 54.186.104.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x36BBEF10 /* 54.187.239.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x36C422BD /* 54.196.34.189/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x36C51CD3 /* 54.197.28.211/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x36C9C95D /* 54.201.201.93/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x36D3D06C /* 54.211.208.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x36D95C38 /* 54.217.92.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x36DAAC00 /* 54.218.172.0/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x36E44160 /* 54.228.65.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x36F10991 /* 54.241.9.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x36F23700 /* 54.242.55.0/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3A0650FA /* 58.6.80.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3A59560E /* 58.89.86.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3A99DD0A /* 58.153.221.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3AB7AE38 /* 58.183.174.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3B6629E1 /* 59.102.41.225/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3B73764C /* 59.115.118.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3B7FA39B /* 59.127.163.155/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3BB14343 /* 59.177.67.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3BB146D2 /* 59.177.70.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3BB311C3 /* 59.179.17.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3C362616 /* 60.54.38.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3CEA6524 /* 60.234.101.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3CF8A2B3 /* 60.248.162.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3D44D8AB /* 61.68.216.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3DE67487 /* 61.230.116.135/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3DE70128 /* 61.231.1.40/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E040F54 /* 62.4.15.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E0C736B /* 62.12.115.107/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E259614 /* 62.37.150.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E2D9C59 /* 62.45.156.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E2DB2A9 /* 62.45.178.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E3061B1 /* 62.48.97.177/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E3D8F8D /* 62.61.143.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E4852DE /* 62.72.82.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E4BFF25 /* 62.75.255.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E4C1146 /* 62.76.17.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E50C8BE /* 62.80.200.190/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E5ABCBC /* 62.90.188.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E669443 /* 62.102.148.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E6694A9 /* 62.102.148.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E6694AB /* 62.102.148.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E6694AC /* 62.102.148.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E6BB9CB /* 62.107.185.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E6D0473 /* 62.109.4.115/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E6D16C5 /* 62.109.22.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E71D3A3 /* 62.113.211.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E71D8AD /* 62.113.216.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E71D8B1 /* 62.113.216.177/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E71E37C /* 62.113.227.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E75AAC4 /* 62.117.170.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E858269 /* 62.133.130.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E8A02B8 /* 62.138.2.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E8A07AB /* 62.138.7.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E8A07E7 /* 62.138.7.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E8A0A3C /* 62.138.10.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E8A0A3D /* 62.138.10.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E8A0A3E /* 62.138.10.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E8D235B /* 62.141.35.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E8D2496 /* 62.141.36.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E8D258E /* 62.141.37.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E8D30AF /* 62.141.48.175/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E8D34B9 /* 62.141.52.185/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E8D3656 /* 62.141.54.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E8D3775 /* 62.141.55.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E8E9F55 /* 62.142.159.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E8F9ADF /* 62.143.154.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E9502BC /* 62.149.2.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E950D39 /* 62.149.13.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E982BCB /* 62.152.43.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E99066D /* 62.153.6.109/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3E9B9E6D /* 62.155.158.109/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EA62CF9 /* 62.166.44.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EA74820 /* 62.167.72.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EA803D4 /* 62.168.3.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EAD9A99 /* 62.173.154.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EB0EFE5 /* 62.176.239.229/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EB23FA5 /* 62.178.63.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EB278C5 /* 62.178.120.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EB28703 /* 62.178.135.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EB2F63A /* 62.178.246.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EB46D0B /* 62.180.109.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EC2ACA7 /* 62.194.172.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EC32E81 /* 62.195.46.129/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EC5CFB6 /* 62.197.207.182/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EC7AEED /* 62.199.174.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED22410 /* 62.210.36.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED2242E /* 62.210.36.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED22552 /* 62.210.37.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED2454F /* 62.210.69.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED245EC /* 62.210.69.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED24A6E /* 62.210.74.110/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED24B54 /* 62.210.75.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED24C58 /* 62.210.76.88/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED25134 /* 62.210.81.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED2522C /* 62.210.82.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED25422 /* 62.210.84.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED25AA4 /* 62.210.90.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED25C0B /* 62.210.92.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED25D8E /* 62.210.93.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED2692F /* 62.210.105.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED26974 /* 62.210.105.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED26B56 /* 62.210.107.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED26D30 /* 62.210.109.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED26D85 /* 62.210.109.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED27393 /* 62.210.115.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED27B18 /* 62.210.123.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED27B85 /* 62.210.123.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED27C7C /* 62.210.124.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED27D82 /* 62.210.125.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED281F6 /* 62.210.129.246/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED28438 /* 62.210.132.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED289E6 /* 62.210.137.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED28A03 /* 62.210.138.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED28C77 /* 62.210.140.119/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED28E27 /* 62.210.142.39/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED2AA8F /* 62.210.170.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED2BE05 /* 62.210.190.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED2CE19 /* 62.210.206.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED2CE35 /* 62.210.206.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED2D3CE /* 62.210.211.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED2D511 /* 62.210.213.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED2F492 /* 62.210.244.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED2F58A /* 62.210.245.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED2F59E /* 62.210.245.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED2F6A3 /* 62.210.246.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED2F7B2 /* 62.210.247.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED2FAC0 /* 62.210.250.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED2FB35 /* 62.210.251.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED2FE7F /* 62.210.254.127/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED2FE84 /* 62.210.254.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED2FEC9 /* 62.210.254.201/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED4498D /* 62.212.73.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED6063D /* 62.214.6.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED80578 /* 62.216.5.120/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3ED97CFD /* 62.217.124.253/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EDB2E85 /* 62.219.46.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EDBB62A /* 62.219.182.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EDC9457 /* 62.220.148.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EDC9461 /* 62.220.148.97/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EE04740 /* 62.224.71.64/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EE04911 /* 62.224.73.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EE0B81D /* 62.224.184.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EEB2055 /* 62.235.32.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EF9AABA /* 62.249.170.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EFB32E8 /* 62.251.50.232/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3EFD8952 /* 62.253.137.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3F8DF6BA /* 63.141.246.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3F8E9DA2 /* 63.142.157.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3FDF4567 /* 63.223.69.103/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x3FE4435E /* 63.228.67.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x401B118C /* 64.27.17.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x404E969F /* 64.78.150.159/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x405B06F4 /* 64.91.6.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x405D47FD /* 64.93.71.253/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4071201D /* 64.113.32.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x407C2054 /* 64.124.32.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x40898B49 /* 64.137.139.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089A6E8 /* 64.137.166.232/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089A944 /* 64.137.169.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089AACA /* 64.137.170.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089AC79 /* 64.137.172.121/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089AD2B /* 64.137.173.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089AD76 /* 64.137.173.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089ADEB /* 64.137.173.235/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089B04D /* 64.137.176.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089B203 /* 64.137.178.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089B22F /* 64.137.178.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089B4C5 /* 64.137.180.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089B698 /* 64.137.182.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089B69E /* 64.137.182.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089B824 /* 64.137.184.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089B896 /* 64.137.184.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089B952 /* 64.137.185.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089BCF1 /* 64.137.188.241/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089BD4D /* 64.137.189.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089BD6D /* 64.137.189.109/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089BFF3 /* 64.137.191.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089C3BA /* 64.137.195.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089C3D6 /* 64.137.195.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089C3E6 /* 64.137.195.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089C5E9 /* 64.137.197.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089C711 /* 64.137.199.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089C860 /* 64.137.200.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089C95A /* 64.137.201.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089C9B2 /* 64.137.201.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089CC42 /* 64.137.204.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089CC83 /* 64.137.204.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089CEF8 /* 64.137.206.248/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089D003 /* 64.137.208.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089D09F /* 64.137.208.159/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089D2FA /* 64.137.210.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089D454 /* 64.137.212.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089D6D8 /* 64.137.214.216/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089D932 /* 64.137.217.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089D9C1 /* 64.137.217.193/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089DAA7 /* 64.137.218.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089E09A /* 64.137.224.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089E47A /* 64.137.228.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089E5A0 /* 64.137.229.160/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089E64D /* 64.137.230.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089E663 /* 64.137.230.99/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089E738 /* 64.137.231.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089F30D /* 64.137.243.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089F343 /* 64.137.243.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089F413 /* 64.137.244.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089F460 /* 64.137.244.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089F538 /* 64.137.245.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089F768 /* 64.137.247.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089F7BF /* 64.137.247.191/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089FD92 /* 64.137.253.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4089FF82 /* 64.137.255.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x40BBA7E3 /* 64.187.167.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x40E5998F /* 64.229.153.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x40ED332E /* 64.237.51.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4113A782 /* 65.19.167.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4113A783 /* 65.19.167.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4113A784 /* 65.19.167.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4113A785 /* 65.19.167.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4113B2F1 /* 65.19.178.241/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x411BD32D /* 65.27.211.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4132CB05 /* 65.50.203.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x413C3C4E /* 65.60.60.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x416E64D6 /* 65.110.100.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x416FBA42 /* 65.111.186.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4170DD23 /* 65.112.221.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4181C419 /* 65.129.196.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x41B57BFE /* 65.181.123.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x41B792DD /* 65.183.146.221/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x42185436 /* 66.24.84.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4237431C /* 66.55.67.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4241310F /* 66.65.49.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x42554A7E /* 66.85.74.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x425A6575 /* 66.90.101.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x426EA84D /* 66.110.168.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x426F0210 /* 66.111.2.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x426F0214 /* 66.111.2.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x426F3E55 /* 66.111.62.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x42746CB3 /* 66.116.108.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4294745A /* 66.148.116.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x429B04D5 /* 66.155.4.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x42AA0BCB /* 66.170.11.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x42AC0CFE /* 66.172.12.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x42AFD94E /* 66.175.217.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x42AFDD18 /* 66.175.221.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x42AFDF91 /* 66.175.223.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x42B4C1DB /* 66.180.193.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x42BAE69A /* 66.186.230.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x42BE62FE /* 66.190.98.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x42D78E45 /* 66.215.142.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x42D7D4B0 /* 66.215.212.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x42DC03B3 /* 66.220.3.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x42DFA543 /* 66.223.165.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x42E42752 /* 66.228.39.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x42E42753 /* 66.228.39.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x42E433BA /* 66.228.51.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x42E43A14 /* 66.228.58.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x42EADAF7 /* 66.234.218.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x42EB073E /* 66.235.7.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x42F25CCB /* 66.242.92.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x42F64BA7 /* 66.246.75.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x430018B8 /* 67.0.24.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4316A2BA /* 67.22.162.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x435CADE3 /* 67.92.173.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x435CADE4 /* 67.92.173.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x435CADE5 /* 67.92.173.229/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x43A24B3C /* 67.162.75.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x43A46D15 /* 67.164.109.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x43AD7728 /* 67.173.119.40/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x43B49B15 /* 67.180.155.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x43B7FAD0 /* 67.183.250.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x43BA06AF /* 67.186.6.175/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x43BC2811 /* 67.188.40.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x43CD821B /* 67.205.130.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x43CD92A4 /* 67.205.146.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x43CDA785 /* 67.205.167.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x43D7FF8C /* 67.215.255.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x43E3C6B7 /* 67.227.198.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x43F1491A /* 67.241.73.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x43F56A30 /* 67.245.106.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x43F7FF21 /* 67.247.255.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x43F98A71 /* 67.249.138.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4405E096 /* 68.5.224.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x442AC1FC /* 68.42.193.252/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x44305597 /* 68.48.85.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x44441F0E /* 68.68.31.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4445A644 /* 68.69.166.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x44472E8A /* 68.71.46.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4466849E /* 68.102.132.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4468DE3A /* 68.104.222.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x446B4A1F /* 68.107.74.31/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x446BE751 /* 68.107.231.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x446D128D /* 68.109.18.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4481254C /* 68.129.37.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x44852C65 /* 68.133.44.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4494F65B /* 68.148.246.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4497A42B /* 68.151.164.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x44CE1486 /* 68.206.20.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x44E0F6A9 /* 68.224.246.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x44E0FCD2 /* 68.224.252.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x44E7DBD9 /* 68.231.219.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x450B0974 /* 69.11.9.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45108914 /* 69.16.137.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x451C5A69 /* 69.28.90.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x451EC99E /* 69.30.201.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x451ECBFA /* 69.30.203.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x451ED66A /* 69.30.214.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x451ED6D2 /* 69.30.214.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x451ED72A /* 69.30.215.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x451ED7A2 /* 69.30.215.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x451EDABA /* 69.30.218.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x451EFCEE /* 69.30.252.238/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x452731C9 /* 69.39.49.201/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x452F3A0C /* 69.47.58.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x452FE688 /* 69.47.230.136/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x453D23B8 /* 69.61.35.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x453EA2B2 /* 69.62.162.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45402E1B /* 69.64.46.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x454030A8 /* 69.64.48.168/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x454667CE /* 69.70.103.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45544626 /* 69.84.70.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45555CE0 /* 69.85.92.224/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x455A840A /* 69.90.132.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x455A840B /* 69.90.132.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x455A84B4 /* 69.90.132.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x455A84F8 /* 69.90.132.248/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x455A97E5 /* 69.90.151.229/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x455D630E /* 69.93.99.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x455D7F39 /* 69.93.127.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45739110 /* 69.115.145.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4580A9E9 /* 69.128.169.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x458AA2C2 /* 69.138.162.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x458C8C8E /* 69.140.140.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x458FBA82 /* 69.143.186.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45A26B05 /* 69.162.107.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45A28B09 /* 69.162.139.9/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45A323DE /* 69.163.35.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45A3640C /* 69.163.100.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45A4C35C /* 69.164.195.92/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45A4C524 /* 69.164.197.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45A4C567 /* 69.164.197.103/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45A4C620 /* 69.164.198.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45A4C6B5 /* 69.164.198.181/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45A4CD93 /* 69.164.205.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45A4CFEA /* 69.164.207.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45A4D28C /* 69.164.210.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45A4D28E /* 69.164.210.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45A4D312 /* 69.164.211.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45A4D4B4 /* 69.164.212.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45A4D6C4 /* 69.164.214.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45A4D6FA /* 69.164.214.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45A4D852 /* 69.164.216.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45A4D8E6 /* 69.164.216.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45A4D961 /* 69.164.217.97/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45A4DD41 /* 69.164.221.65/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45A4DD4E /* 69.164.221.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45A4DD99 /* 69.164.221.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45ACAEB5 /* 69.172.174.181/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45ACBA4F /* 69.172.186.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45B58A79 /* 69.181.138.121/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45C3929E /* 69.195.146.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45C4A529 /* 69.196.165.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45C4B929 /* 69.196.185.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45F53BF4 /* 69.245.59.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x45F5D050 /* 69.245.208.80/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x46261F79 /* 70.38.31.121/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x463FAA56 /* 70.63.170.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x464FC330 /* 70.79.195.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x46551FF2 /* 70.85.31.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x465C56C0 /* 70.92.86.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x465F827F /* 70.95.130.127/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x465FBC58 /* 70.95.188.88/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x46705321 /* 70.112.83.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x46739B5C /* 70.115.155.92/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x46794F37 /* 70.121.79.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x467AD63B /* 70.122.214.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x467C9D6D /* 70.124.157.109/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x46A4C5CC /* 70.164.197.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x46A4FFAE /* 70.164.255.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x46A92268 /* 70.169.34.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x46BBAC10 /* 70.187.172.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x470EBC03 /* 71.14.188.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x470F2597 /* 71.15.37.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x471181CA /* 71.17.129.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x471390B8 /* 71.19.144.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x47139515 /* 71.19.149.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x47139A8A /* 71.19.154.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x47139BBB /* 71.19.155.187/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x47139D7F /* 71.19.157.127/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x47139DD5 /* 71.19.157.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x472EDC44 /* 71.46.220.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4738DCD9 /* 71.56.220.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x474F32B5 /* 71.79.50.181/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x475935A8 /* 71.89.53.168/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x475A52F3 /* 71.90.82.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x475B3B91 /* 71.91.59.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x475D67BC /* 71.93.103.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4787226D /* 71.135.34.109/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x47A59723 /* 71.165.151.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x47B3F68E /* 71.179.246.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x47BF5FD9 /* 71.191.95.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x47C7D0FA /* 71.199.208.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x47CCBC94 /* 71.204.188.148/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x47D4025A /* 71.212.2.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x47E4AABA /* 71.228.170.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x47E7860F /* 71.231.134.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x47EED615 /* 71.238.214.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x47F1FA34 /* 71.241.250.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x47F8B262 /* 71.248.178.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x47FC89F6 /* 71.252.137.246/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x480548E3 /* 72.5.72.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x480CCF0E /* 72.12.207.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x480EB30A /* 72.14.179.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x480EB70E /* 72.14.183.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x480EB915 /* 72.14.185.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x482E9BBA /* 72.46.155.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x48344B1B /* 72.52.75.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x48453A52 /* 72.69.58.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x48AE81B5 /* 72.174.129.181/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x48B39262 /* 72.179.146.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x48BCC700 /* 72.188.199.0/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x48C14756 /* 72.193.71.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x48C5066E /* 72.197.6.110/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x48CC5A10 /* 72.204.90.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x48DCA9A8 /* 72.220.169.168/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x48E6EBF9 /* 72.230.235.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x48EA9AA2 /* 72.234.154.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x48EE83EC /* 72.238.131.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x490403B2 /* 73.4.3.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x49141AF9 /* 73.20.26.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4918243A /* 73.24.36.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x492824AA /* 73.40.36.170/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x492D254B /* 73.45.37.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x493C39B8 /* 73.60.57.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x49425ED8 /* 73.66.94.216/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x494AD496 /* 73.74.212.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x494DD3B0 /* 73.77.211.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4959448A /* 73.89.68.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x495994B1 /* 73.89.148.177/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x495F534C /* 73.95.83.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4964011D /* 73.100.1.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x49999A11 /* 73.153.154.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x499D02CC /* 73.157.2.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x49A39AE2 /* 73.163.154.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x49A63404 /* 73.166.52.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x49AADDB8 /* 73.170.221.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x49B18E1A /* 73.177.142.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x49B28FEF /* 73.178.143.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x49BE15CA /* 73.190.21.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x49C0D90E /* 73.192.217.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x49C1F239 /* 73.193.242.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x49CA042A /* 73.202.4.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x49CB1E92 /* 73.203.30.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x49DAFBE3 /* 73.218.251.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x49EA0A84 /* 73.234.10.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x49EF52C1 /* 73.239.82.193/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x49F16918 /* 73.241.105.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4A03A527 /* 74.3.165.39/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4A323645 /* 74.50.54.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4A400746 /* 74.64.7.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4A41D5C0 /* 74.65.213.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4A4201CA /* 74.66.1.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4A43A511 /* 74.67.165.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4A47EA51 /* 74.71.234.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4A48CE45 /* 74.72.206.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4A498F92 /* 74.73.143.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4A5203E0 /* 74.82.3.224/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4A561813 /* 74.86.24.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4A5AF2A8 /* 74.90.242.168/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4A5B1502 /* 74.91.21.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4A62E668 /* 74.98.230.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4A6E911C /* 74.110.145.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4A74BA78 /* 74.116.186.120/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4A79B6CE /* 74.121.182.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4A8E4A9C /* 74.142.74.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4ACFE7BA /* 74.207.231.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4ACFECC5 /* 74.207.236.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4ACFED2C /* 74.207.237.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4ACFF01A /* 74.207.240.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4ACFF207 /* 74.207.242.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4ACFF2F7 /* 74.207.242.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4ACFF86E /* 74.207.248.110/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4AD04E82 /* 74.208.78.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4AD0DCDE /* 74.208.220.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4B484A7B /* 75.72.74.123/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4B57BF46 /* 75.87.191.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4B77FB0E /* 75.119.251.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4B7F6065 /* 75.127.96.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4B869AB1 /* 75.134.154.177/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4B877B4D /* 75.135.123.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4B897058 /* 75.137.112.88/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4B8F8310 /* 75.143.131.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4B8FBC3E /* 75.143.188.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4BA6543C /* 75.166.84.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4BA9D3F4 /* 75.169.211.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4BAF72B1 /* 75.175.114.177/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4BB02D57 /* 75.176.45.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4BC89768 /* 75.200.151.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4C09C0CC /* 76.9.192.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4C0A9D3A /* 76.10.157.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4C0AA1A6 /* 76.10.161.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4C0CDB68 /* 76.12.219.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4C1384A3 /* 76.19.132.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4C1ACBF3 /* 76.26.203.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4C49EAAD /* 76.73.234.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4C4DBABB /* 76.77.186.187/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4C5462F6 /* 76.84.98.246/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4C55C840 /* 76.85.200.64/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4C5E7309 /* 76.94.115.9/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4C7AFC1B /* 76.122.252.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4CA7D7E3 /* 76.167.215.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4CFBA499 /* 76.251.164.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4CFFCE24 /* 76.255.206.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D02B2B3 /* 77.2.178.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D0C660C /* 77.12.102.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D0C81F7 /* 77.12.129.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D0C9B56 /* 77.12.155.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D0CE6EA /* 77.12.230.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D1481EC /* 77.20.129.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D14B78D /* 77.20.183.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D152983 /* 77.21.41.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D157351 /* 77.21.115.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D16C1DF /* 77.22.193.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D172632 /* 77.23.38.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D172E1C /* 77.23.46.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D17C649 /* 77.23.198.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D17F590 /* 77.23.245.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D1B8CE4 /* 77.27.140.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D2588A5 /* 77.37.136.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D258EB3 /* 77.37.142.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D259207 /* 77.37.146.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D25A012 /* 77.37.160.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D25DA91 /* 77.37.218.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D25E45A /* 77.37.228.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D25F6E3 /* 77.37.246.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D3049BD /* 77.48.73.189/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D3049F6 /* 77.48.73.246/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D38B941 /* 77.56.185.65/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D397E24 /* 77.57.126.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D3A4995 /* 77.58.73.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D3A94FE /* 77.58.148.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D40E649 /* 77.64.230.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D420CB9 /* 77.66.12.185/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D440B2A /* 77.68.11.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D44245D /* 77.68.36.93/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D442A84 /* 77.68.42.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D463FDC /* 77.70.63.220/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D494033 /* 77.73.64.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D49426F /* 77.73.66.111/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D4A602B /* 77.74.96.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D4BA62B /* 77.75.166.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D4FBAED /* 77.79.186.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D51687C /* 77.81.104.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D516B8A /* 77.81.107.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D51F029 /* 77.81.240.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D52EF6E /* 77.82.239.110/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D59DC0A /* 77.89.220.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D5F0AF2 /* 77.95.10.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D67306F /* 77.103.48.111/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D6CCF29 /* 77.108.207.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D6D8B57 /* 77.109.139.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D77E033 /* 77.119.224.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D77E9B6 /* 77.119.233.182/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D77ECD5 /* 77.119.236.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D785EE9 /* 77.120.94.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D7A4F7E /* 77.122.79.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D800EF3 /* 77.128.14.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D806BEB /* 77.128.107.235/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D8C5D7F /* 77.140.93.127/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4D8C7F44 /* 77.140.127.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DA1229D /* 77.161.34.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DAAE6A3 /* 77.170.230.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DB0E4BC /* 77.176.228.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DB31696 /* 77.179.22.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DB34110 /* 77.179.65.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DB37039 /* 77.179.112.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DB41959 /* 77.180.25.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DB55D29 /* 77.181.93.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DB6972A /* 77.182.151.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DBB53DC /* 77.187.83.220/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DBBB8FE /* 77.187.184.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DBC452F /* 77.188.69.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DC0D245 /* 77.192.210.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DC6638B /* 77.198.99.139/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DCB0D39 /* 77.203.13.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DE9EE82 /* 77.233.238.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DEC2EA4 /* 77.236.46.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DEC2EDA /* 77.236.46.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DF69DA9 /* 77.246.157.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DF6C13B /* 77.246.193.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DF7B5A3 /* 77.247.181.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DF7B5A5 /* 77.247.181.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DF96756 /* 77.249.103.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DFBEF7B /* 77.251.239.123/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4DFE0320 /* 77.254.3.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E08B0FE /* 78.8.176.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E15343A /* 78.21.52.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E184B35 /* 78.24.75.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E1FA429 /* 78.31.164.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2258DC /* 78.34.88.220/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E22BCE2 /* 78.34.188.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E242C36 /* 78.36.44.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E297391 /* 78.41.115.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2A36D3 /* 78.42.54.211/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2E1617 /* 78.46.22.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2E1E2B /* 78.46.30.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2E2519 /* 78.46.37.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2E251A /* 78.46.37.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2E2DF2 /* 78.46.45.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2E337C /* 78.46.51.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2E350B /* 78.46.53.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2E37E3 /* 78.46.55.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2E3C1E /* 78.46.60.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2E40F5 /* 78.46.64.245/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2E434B /* 78.46.67.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2E527B /* 78.46.82.123/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2E5A17 /* 78.46.90.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2E5F14 /* 78.46.95.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2E70DB /* 78.46.112.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2E8B99 /* 78.46.139.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2E8BB6 /* 78.46.139.182/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2E8D4A /* 78.46.141.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2E913A /* 78.46.145.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2E970B /* 78.46.151.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2EA233 /* 78.46.162.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2EA27B /* 78.46.162.123/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2EA2F6 /* 78.46.162.246/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2EB97C /* 78.46.185.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2EBD98 /* 78.46.189.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2EBDC3 /* 78.46.189.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2EC129 /* 78.46.193.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2EC21F /* 78.46.194.31/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2EC7B7 /* 78.46.199.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2ECB12 /* 78.46.203.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2ED170 /* 78.46.209.112/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2ED426 /* 78.46.212.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2EDC82 /* 78.46.220.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2EDD30 /* 78.46.221.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2EDF86 /* 78.46.223.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2EE12E /* 78.46.225.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2EEFB7 /* 78.46.239.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2EF61C /* 78.46.246.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2EF724 /* 78.46.247.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2EF947 /* 78.46.249.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2F0915 /* 78.47.9.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2F126E /* 78.47.18.110/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2F1D44 /* 78.47.29.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2F2323 /* 78.47.35.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2F273C /* 78.47.39.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2F3D5E /* 78.47.61.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2F3D81 /* 78.47.61.129/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2F3DDE /* 78.47.61.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2F405B /* 78.47.64.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2F4093 /* 78.47.64.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2F467B /* 78.47.70.123/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2F5462 /* 78.47.84.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2F56D2 /* 78.47.86.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2F5D16 /* 78.47.93.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2F659D /* 78.47.101.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2F86C3 /* 78.47.134.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2F86C4 /* 78.47.134.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2F883E /* 78.47.136.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2F8ED3 /* 78.47.142.211/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2FA743 /* 78.47.167.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2FAE9B /* 78.47.174.155/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2FB04A /* 78.47.176.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2FDABE /* 78.47.218.190/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2FDD47 /* 78.47.221.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2FE0DB /* 78.47.224.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2FE0DE /* 78.47.224.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2FE101 /* 78.47.225.1/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2FE56B /* 78.47.229.107/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2FEF50 /* 78.47.239.80/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E2FF9E2 /* 78.47.249.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E303064 /* 78.48.48.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E33FF42 /* 78.51.255.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E354732 /* 78.53.71.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E361CA0 /* 78.54.28.160/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E371126 /* 78.55.17.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E37D9C6 /* 78.55.217.198/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E382816 /* 78.56.40.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E387C10 /* 78.56.124.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E3A9597 /* 78.58.149.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E44EA63 /* 78.68.234.99/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E460AE6 /* 78.70.10.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E4993FD /* 78.73.147.253/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E5347A6 /* 78.83.71.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E54FD7A /* 78.84.253.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E5859F2 /* 78.88.89.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E5A0FE5 /* 78.90.15.229/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E5AE3E4 /* 78.90.227.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E5E456A /* 78.94.69.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E5E4AEC /* 78.94.74.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E5E5CAA /* 78.94.92.170/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E660C17 /* 78.102.12.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E6AF999 /* 78.106.249.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E6BED10 /* 78.107.237.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E6BEFD5 /* 78.107.239.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E6C2E72 /* 78.108.46.114/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E6C2E82 /* 78.108.46.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E6C2E83 /* 78.108.46.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E6C426E /* 78.108.66.110/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E6C4D56 /* 78.108.77.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E7502F4 /* 78.117.2.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E783339 /* 78.120.51.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E7C9F3B /* 78.124.159.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E7DFAE3 /* 78.125.250.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E81891C /* 78.129.137.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E81ED55 /* 78.129.237.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E82806A /* 78.130.128.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E82C387 /* 78.130.195.135/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E833886 /* 78.131.56.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E8E130B /* 78.142.19.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E8E13D7 /* 78.142.19.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E8E13E2 /* 78.142.19.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E8E8EF6 /* 78.142.142.246/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E8E918D /* 78.142.145.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E8EAF46 /* 78.142.175.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E9515EA /* 78.149.21.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E9C6E87 /* 78.156.110.135/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4E9C75EC /* 78.156.117.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4EC07C94 /* 78.192.124.148/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4EC128CD /* 78.193.40.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4EC18C04 /* 78.193.140.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4EC1DA61 /* 78.193.218.97/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4EC2251D /* 78.194.37.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4EC2984B /* 78.194.152.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4EC2DC36 /* 78.194.220.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4EC6B4CD /* 78.198.180.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4EC827AF /* 78.200.39.175/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4EC89C77 /* 78.200.156.119/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4ED59256 /* 78.213.146.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4EDDDF3A /* 78.221.223.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4EDF9B68 /* 78.223.155.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4EE722BC /* 78.231.34.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4EE8E1A3 /* 78.232.225.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4EE96597 /* 78.233.101.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4EF8D759 /* 78.248.215.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F286537 /* 79.40.101.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F358078 /* 79.53.128.120/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F386648 /* 79.56.102.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F442316 /* 79.68.35.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F626912 /* 79.98.105.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F626C39 /* 79.98.108.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F626D30 /* 79.98.109.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F6FAB73 /* 79.111.171.115/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F703775 /* 79.112.55.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F73D242 /* 79.115.210.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F780A62 /* 79.120.10.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F782993 /* 79.120.41.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F7851B7 /* 79.120.81.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F785566 /* 79.120.85.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F7C070B /* 79.124.7.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F7C152D /* 79.124.21.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F7C3BC2 /* 79.124.59.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F7C3C84 /* 79.124.60.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F84E8B3 /* 79.132.232.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F85D20B /* 79.133.210.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F86EAF7 /* 79.134.234.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F86FFC8 /* 79.134.255.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F88014A /* 79.136.1.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F881D2B /* 79.136.29.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F88465D /* 79.136.70.93/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F88467D /* 79.136.70.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F889972 /* 79.136.153.114/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F892169 /* 79.137.33.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F892183 /* 79.137.33.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F892395 /* 79.137.35.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F892727 /* 79.137.39.39/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F894E65 /* 79.137.78.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F894F1F /* 79.137.79.31/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F895042 /* 79.137.80.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F8951A8 /* 79.137.81.168/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F895547 /* 79.137.85.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F8957D4 /* 79.137.87.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F8957D5 /* 79.137.87.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F896A9A /* 79.137.106.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F897004 /* 79.137.112.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F897005 /* 79.137.112.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F89742B /* 79.137.116.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F8C290D /* 79.140.41.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F8C2975 /* 79.140.41.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F8C2976 /* 79.140.41.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F8FB287 /* 79.143.178.135/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F8FB72C /* 79.143.183.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F8FBA11 /* 79.143.186.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4F9ADC72 /* 79.154.220.114/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FA1F802 /* 79.161.248.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FA53834 /* 79.165.56.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FA5B4F3 /* 79.165.180.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FA9225F /* 79.169.34.95/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FAC1212 /* 79.172.18.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FAC1CCD /* 79.172.28.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FACC120 /* 79.172.193.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FACCC24 /* 79.172.204.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FB07031 /* 79.176.112.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FB1769C /* 79.177.118.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FC1CF94 /* 79.193.207.148/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FC4F70C /* 79.196.247.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FC56DEA /* 79.197.109.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FC5CD8D /* 79.197.205.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FC6AE73 /* 79.198.174.115/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FCB5108 /* 79.203.81.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FCC8FCE /* 79.204.143.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FCC931C /* 79.204.147.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FCD1428 /* 79.205.20.40/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FCDE527 /* 79.205.229.39/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FCFE3CA /* 79.207.227.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FD04520 /* 79.208.69.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FD26917 /* 79.210.105.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FD3FCD9 /* 79.211.252.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FD44F49 /* 79.212.79.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FD6F2FD /* 79.214.242.253/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FD99C2A /* 79.217.156.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FDA50AA /* 79.218.80.170/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FDEC135 /* 79.222.193.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FDEF68C /* 79.222.246.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FE0586C /* 79.224.88.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FE1D1EA /* 79.225.209.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FE3834A /* 79.227.131.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FE3DEAF /* 79.227.222.175/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FE5C065 /* 79.229.192.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FE75712 /* 79.231.87.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FE77B42 /* 79.231.123.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FE7E4AA /* 79.231.228.170/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FE96869 /* 79.233.104.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FE9BD96 /* 79.233.189.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FE9D01A /* 79.233.208.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FEAB928 /* 79.234.185.40/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FEE3FEE /* 79.238.63.238/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FEFCB56 /* 79.239.203.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FEFF6BC /* 79.239.246.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FF0E1D2 /* 79.240.225.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FF1C20A /* 79.241.194.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FF1CEA5 /* 79.241.206.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FF1F58B /* 79.241.245.139/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FF34FCE /* 79.243.79.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FF7728E /* 79.247.114.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FF78368 /* 79.247.131.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x4FF89FC8 /* 79.248.159.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x500736BB /* 80.7.54.187/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x500C5EB8 /* 80.12.94.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x500F627F /* 80.15.98.127/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x501ACE0B /* 80.26.206.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x501F4713 /* 80.31.71.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x501FF2DA /* 80.31.242.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x503CF5EA /* 80.60.245.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50404119 /* 80.64.65.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5042877B /* 80.66.135.123/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5043ACA2 /* 80.67.172.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50445CF9 /* 80.68.92.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50478339 /* 80.71.131.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50478577 /* 80.71.133.119/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50478C09 /* 80.71.140.9/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5049F28E /* 80.73.242.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x504F1707 /* 80.79.23.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50510C1D /* 80.81.12.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5051111F /* 80.81.17.31/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5051F378 /* 80.81.243.120/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5051F3EB /* 80.81.243.235/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x505242E9 /* 80.82.66.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50555417 /* 80.85.84.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50555448 /* 80.85.84.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x505554DE /* 80.85.84.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x505AFA45 /* 80.90.250.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5062B2B4 /* 80.98.178.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x506300DF /* 80.99.0.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50634673 /* 80.99.70.115/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5063A98E /* 80.99.169.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50640799 /* 80.100.7.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50649D29 /* 80.100.157.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5064FAF4 /* 80.100.250.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x506589DF /* 80.101.137.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x506C120B /* 80.108.18.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x506C1DAF /* 80.108.29.175/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x506C8F13 /* 80.108.143.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x506CC3FA /* 80.108.195.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x506DD102 /* 80.109.209.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x506DF964 /* 80.109.249.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5072219A /* 80.114.33.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5074C31C /* 80.116.195.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50778941 /* 80.119.137.65/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x507A5A2E /* 80.122.90.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x507F6B9A /* 80.127.107.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x507F6BB3 /* 80.127.107.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x507F6D32 /* 80.127.109.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x507F75B4 /* 80.127.117.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x507F765D /* 80.127.118.93/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x507F80BE /* 80.127.128.190/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x507F8913 /* 80.127.137.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x507F8F5A /* 80.127.143.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x507F97A2 /* 80.127.151.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5083F110 /* 80.131.241.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x508649F1 /* 80.134.73.241/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50887E89 /* 80.136.126.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5088A7B2 /* 80.136.167.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50895F35 /* 80.137.95.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x508C60BE /* 80.140.96.190/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x508DE120 /* 80.141.225.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5090E36A /* 80.144.227.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5091EE43 /* 80.145.238.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5093219D /* 80.147.33.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5093BE2F /* 80.147.190.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50990704 /* 80.153.7.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5099125B /* 80.153.18.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5099F1A9 /* 80.153.241.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50A22B48 /* 80.162.43.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50A9F14C /* 80.169.241.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50C2115C /* 80.194.17.92/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50CB8917 /* 80.203.137.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50DA541C /* 80.218.84.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50DABABF /* 80.218.186.191/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50DB0012 /* 80.219.0.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50DC141F /* 80.220.20.31/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50DC5AA8 /* 80.220.90.168/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50DCEA3F /* 80.220.234.63/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50E58CEF /* 80.229.140.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50E598E4 /* 80.229.152.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50E8CDD6 /* 80.232.205.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50E8F21F /* 80.232.242.31/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50E98632 /* 80.233.134.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50E98695 /* 80.233.134.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50EC3338 /* 80.236.51.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50EDE786 /* 80.237.231.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50EE7A6A /* 80.238.122.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50F086F6 /* 80.240.134.246/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50F08B6F /* 80.240.139.111/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50F0D8FD /* 80.240.216.253/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50F13CCF /* 80.241.60.207/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50F1DCDD /* 80.241.220.221/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50F368B6 /* 80.243.104.182/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50F451BF /* 80.244.81.191/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50F4F1FE /* 80.244.241.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50F4F39E /* 80.244.243.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50F8D083 /* 80.248.208.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50F8F02B /* 80.248.240.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50FEDB30 /* 80.254.219.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50FF060B /* 80.255.6.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x50FF0BC4 /* 80.255.11.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51003B92 /* 81.0.59.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5100E203 /* 81.0.226.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5102C521 /* 81.2.197.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5102D10A /* 81.2.209.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5102EDDA /* 81.2.237.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5102F777 /* 81.2.247.119/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5102F7A5 /* 81.2.247.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5104655D /* 81.4.101.93/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x510467AA /* 81.4.103.170/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51046CC7 /* 81.4.108.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51046D2F /* 81.4.109.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51046DD0 /* 81.4.109.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51046E95 /* 81.4.110.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51047930 /* 81.4.121.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51047D0D /* 81.4.125.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5107038D /* 81.7.3.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x510703F7 /* 81.7.3.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51070A14 /* 81.7.10.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51070A1D /* 81.7.10.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51070A44 /* 81.7.10.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51070A5D /* 81.7.10.93/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51070AFB /* 81.7.10.251/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51070B16 /* 81.7.11.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51070B46 /* 81.7.11.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51070B8E /* 81.7.11.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51070B9A /* 81.7.11.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51070BFD /* 81.7.11.253/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51070D54 /* 81.7.13.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51070DF8 /* 81.7.13.248/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51070E19 /* 81.7.14.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51070EE3 /* 81.7.14.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5107101F /* 81.7.16.31/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5107103B /* 81.7.16.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5107108B /* 81.7.16.139/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x510710B1 /* 81.7.16.177/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x510710B6 /* 81.7.16.182/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51071254 /* 81.7.18.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x510A8C06 /* 81.10.140.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x510A9F12 /* 81.10.159.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5111102B /* 81.17.16.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51111182 /* 81.17.17.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51111183 /* 81.17.17.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51111E21 /* 81.17.30.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51111E2C /* 81.17.30.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51111E30 /* 81.17.30.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51130347 /* 81.19.3.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5116FF92 /* 81.22.255.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x511738FF /* 81.23.56.255/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51193683 /* 81.25.54.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x511E9E51 /* 81.30.158.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x511E9E90 /* 81.30.158.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x511E9ED5 /* 81.30.158.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x511E9EDF /* 81.30.158.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51218578 /* 81.33.133.120/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5125E02A /* 81.37.224.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5138C0E7 /* 81.56.192.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5139D087 /* 81.57.208.135/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5142884E /* 81.66.136.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5142CC1C /* 81.66.204.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x515900C3 /* 81.89.0.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x515900C4 /* 81.89.0.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x515900C5 /* 81.89.0.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x515900C6 /* 81.89.0.198/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x515900C7 /* 81.89.0.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x515900C8 /* 81.89.0.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x515900C9 /* 81.89.0.201/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x515900CA /* 81.89.0.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x515900CB /* 81.89.0.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x515900CC /* 81.89.0.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51593F96 /* 81.89.63.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x515F0D37 /* 81.95.13.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x515F3444 /* 81.95.52.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51618FF7 /* 81.97.143.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51672409 /* 81.103.36.9/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5184FFEF /* 81.132.255.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x518DE01A /* 81.141.224.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5195968F /* 81.149.150.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5199E91D /* 81.153.233.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x519B2F59 /* 81.155.47.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x519F452C /* 81.159.69.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51A46265 /* 81.164.98.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51A982D6 /* 81.169.130.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51A988CE /* 81.169.136.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51A98A33 /* 81.169.138.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51A98DDE /* 81.169.141.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51A99864 /* 81.169.152.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51A9A64A /* 81.169.166.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51A9AFA4 /* 81.169.175.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51A9B55F /* 81.169.181.95/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51A9B9E9 /* 81.169.185.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51A9DE9E /* 81.169.222.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51A9F6CC /* 81.169.246.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51AA841C /* 81.170.132.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51AA94C2 /* 81.170.148.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51AD9793 /* 81.173.151.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51AE962B /* 81.174.150.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51AE97D7 /* 81.174.151.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51AE9B2F /* 81.174.155.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51AEE712 /* 81.174.231.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51AFDB02 /* 81.175.219.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51AFDDCF /* 81.175.221.207/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51B77151 /* 81.183.113.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51BE6077 /* 81.190.96.119/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51C14B5B /* 81.193.75.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51D9121D /* 81.217.18.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51D920C1 /* 81.217.32.193/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51D9BB06 /* 81.217.187.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51DA5B9A /* 81.218.91.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51DA6DC3 /* 81.218.109.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51DA8A03 /* 81.218.138.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51DD947F /* 81.221.148.127/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51E3D84C /* 81.227.216.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51E4C09D /* 81.228.192.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51E4C74B /* 81.228.199.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51E66CC0 /* 81.230.108.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51E6A691 /* 81.230.166.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51E81EC2 /* 81.232.30.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51ECAF80 /* 81.236.175.128/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51F34BD0 /* 81.243.75.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51F52A42 /* 81.245.42.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51F5E6FD /* 81.245.230.253/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x51FEAF31 /* 81.254.175.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52018046 /* 82.1.128.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52052A69 /* 82.5.42.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x520BAC32 /* 82.11.172.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5215D31D /* 82.21.211.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x521B7682 /* 82.27.118.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x521CE407 /* 82.28.228.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52290A87 /* 82.41.10.135/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x522CCB7C /* 82.44.203.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5231CF20 /* 82.49.207.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52433720 /* 82.67.55.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52449FD9 /* 82.68.159.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52454C23 /* 82.69.76.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5247D30D /* 82.71.211.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5247F64F /* 82.71.246.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x524CB63D /* 82.76.182.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52502163 /* 82.80.33.99/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52503640 /* 82.80.54.64/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5252BED7 /* 82.82.190.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x525ECCAA /* 82.94.204.170/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x525EE292 /* 82.94.226.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x525EFBE3 /* 82.94.251.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x525F42CB /* 82.95.66.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x525F6B33 /* 82.95.107.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52668ED2 /* 82.102.142.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52678C57 /* 82.103.140.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5273740B /* 82.115.116.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52747803 /* 82.116.120.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5276F20E /* 82.118.242.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5276F215 /* 82.118.242.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5276F27F /* 82.118.242.127/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5276F280 /* 82.118.242.128/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5276F293 /* 82.118.242.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5277E924 /* 82.119.233.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5282090F /* 82.130.9.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52820B94 /* 82.130.11.148/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52820D9A /* 82.130.13.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52834A12 /* 82.131.74.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x528B60C9 /* 82.139.96.201/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x529225CC /* 82.146.37.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52922F11 /* 82.146.47.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x529237CD /* 82.146.55.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5295F13D /* 82.149.241.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x529B43BE /* 82.155.67.190/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x529EA2AB /* 82.158.162.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52A1321E /* 82.161.50.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52A1B614 /* 82.161.182.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52A1D257 /* 82.161.210.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52A1D4D1 /* 82.161.212.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52A58E4F /* 82.165.142.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52A594A3 /* 82.165.148.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52A5CF66 /* 82.165.207.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52A80E92 /* 82.168.14.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52B301A2 /* 82.179.1.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52B574C7 /* 82.181.116.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52B5D46A /* 82.181.212.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52B5E7C4 /* 82.181.231.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52B5EE90 /* 82.181.238.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52C2AA1E /* 82.194.170.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52C406C7 /* 82.196.6.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52C4080D /* 82.196.8.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52C408E8 /* 82.196.8.232/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52C40E8E /* 82.196.14.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52C46AA0 /* 82.196.106.160/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52C47CC2 /* 82.196.124.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52C79B59 /* 82.199.155.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52CFED13 /* 82.207.237.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52D1B3A3 /* 82.209.179.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52D300B4 /* 82.211.0.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52D300C9 /* 82.211.0.201/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52D3138F /* 82.211.19.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52D31FF7 /* 82.211.31.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52D40E20 /* 82.212.14.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52D5DEEA /* 82.213.222.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52D9D6D7 /* 82.217.214.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52DB0959 /* 82.219.9.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52DC5935 /* 82.220.89.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52DD6543 /* 82.221.101.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52DD69C6 /* 82.221.105.198/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52DD8014 /* 82.221.128.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52DD80D9 /* 82.221.128.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52DD8B19 /* 82.221.139.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52DD8BBE /* 82.221.139.190/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52DF154A /* 82.223.21.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52E092B3 /* 82.224.146.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52E2473B /* 82.226.71.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52E28C77 /* 82.226.140.119/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52E4FC14 /* 82.228.252.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52E51AEB /* 82.229.26.235/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52E58A1F /* 82.229.138.31/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52E58A8F /* 82.229.138.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52E97597 /* 82.233.117.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52EE55F0 /* 82.238.85.240/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52EF01CD /* 82.239.1.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52F25792 /* 82.242.87.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52F298D3 /* 82.242.152.211/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52F385B4 /* 82.243.133.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52F4B127 /* 82.244.177.39/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52F7C6E3 /* 82.247.198.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52FA03EC /* 82.250.3.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52FB1146 /* 82.251.17.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x52FB2188 /* 82.251.33.136/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5321BD8F /* 83.33.189.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53240901 /* 83.36.9.1/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x532CCF03 /* 83.44.207.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x533776BF /* 83.55.118.191/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x533FF441 /* 83.63.244.65/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5345F255 /* 83.69.242.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x534D9DFE /* 83.77.157.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53528CF1 /* 83.82.140.241/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5352EA6A /* 83.82.234.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5353FB49 /* 83.83.251.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x535573E3 /* 83.85.115.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5355FC37 /* 83.85.252.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53567804 /* 83.86.120.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x535969A0 /* 83.89.105.160/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53802930 /* 83.128.41.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x538632D0 /* 83.134.50.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5386E05A /* 83.134.224.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53885104 /* 83.136.81.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x538FF556 /* 83.143.245.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5391F1E7 /* 83.145.241.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5392F130 /* 83.146.241.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53951426 /* 83.149.20.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53960BCB /* 83.150.11.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x539613F3 /* 83.150.19.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5396527A /* 83.150.82.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x539A832B /* 83.154.131.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53A08BB7 /* 83.160.139.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53A1DAE2 /* 83.161.218.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53A22F1A /* 83.162.47.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53A2B243 /* 83.162.178.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53A2BC64 /* 83.162.188.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53A2C73C /* 83.162.199.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53A2CAB6 /* 83.162.202.182/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53A2CD44 /* 83.162.205.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53A34DC3 /* 83.163.77.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53A3C9A8 /* 83.163.201.168/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53A7B923 /* 83.167.185.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53A8C8CC /* 83.168.200.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53A9060C /* 83.169.6.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53ABA70D /* 83.171.167.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53AF6482 /* 83.175.100.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53CDEECD /* 83.205.238.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53D45257 /* 83.212.82.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53D45296 /* 83.212.82.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53D460B7 /* 83.212.96.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53D460CE /* 83.212.96.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53D46344 /* 83.212.99.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53D463D4 /* 83.212.99.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53D46464 /* 83.212.100.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53D46612 /* 83.212.102.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53D46672 /* 83.212.102.114/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53D4687C /* 83.212.104.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53D46891 /* 83.212.104.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53D46990 /* 83.212.105.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53D473E0 /* 83.212.115.224/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53D47661 /* 83.212.118.97/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53D4A8BA /* 83.212.168.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53DCB3AF /* 83.220.179.175/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53E336EA /* 83.227.54.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53E45D4C /* 83.228.93.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53E71225 /* 83.231.18.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53E94C6F /* 83.233.76.111/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53F065D1 /* 83.240.101.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53F74E5A /* 83.247.78.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53F82268 /* 83.248.34.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53F85AD3 /* 83.248.90.211/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53F8A8D8 /* 83.248.168.216/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53FB4937 /* 83.251.73.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53FC534F /* 83.252.83.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53FD0764 /* 83.253.7.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53FD3E77 /* 83.253.62.119/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53FD8858 /* 83.253.136.88/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53FE5D4E /* 83.254.93.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53FECFC5 /* 83.254.207.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x53FF6C65 /* 83.255.108.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54030035 /* 84.3.0.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5413B24F /* 84.19.178.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5413B269 /* 84.19.178.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5413B29B /* 84.19.178.155/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5413B36A /* 84.19.179.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5413B3E5 /* 84.19.179.229/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5413B487 /* 84.19.180.135/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5413B881 /* 84.19.184.129/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5413BDF2 /* 84.19.189.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5413BE9D /* 84.19.190.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x541B5F35 /* 84.27.95.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x542862BB /* 84.40.98.187/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54287046 /* 84.40.112.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x542E1498 /* 84.46.20.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x542E1E4A /* 84.46.30.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x542E1EF5 /* 84.46.30.245/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5430C74E /* 84.48.199.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5435F7A9 /* 84.53.247.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5437525E /* 84.55.82.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54382D7B /* 84.56.45.123/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54398A2E /* 84.57.138.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x543C2DE8 /* 84.60.45.232/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x543D3004 /* 84.61.48.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x543D5E07 /* 84.61.94.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x543F40DB /* 84.63.64.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54482813 /* 84.72.40.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54490F5C /* 84.73.15.92/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54491458 /* 84.73.20.88/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5449149D /* 84.73.20.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5449244A /* 84.73.36.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5449DC41 /* 84.73.220.65/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x544A50D2 /* 84.74.80.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x544B19CA /* 84.75.25.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x544B44EB /* 84.75.68.235/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x544BC8E5 /* 84.75.200.229/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x544BE77C /* 84.75.231.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54505045 /* 84.80.80.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x545C6161 /* 84.92.97.97/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5468BF39 /* 84.104.191.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x546AEA98 /* 84.106.234.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x546B6E0C /* 84.107.110.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54702924 /* 84.112.41.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54720336 /* 84.114.3.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5472B966 /* 84.114.185.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x547323F8 /* 84.115.35.248/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5476AF83 /* 84.118.175.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54774190 /* 84.119.65.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5482A597 /* 84.130.165.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5484E3F1 /* 84.132.227.241/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54865441 /* 84.134.84.65/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x548945CA /* 84.137.69.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x548D7630 /* 84.141.118.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x548FD821 /* 84.143.216.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x548FDE8F /* 84.143.222.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54904522 /* 84.144.69.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x549073D9 /* 84.144.115.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5490E8AC /* 84.144.232.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5492A167 /* 84.146.161.103/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x549665CA /* 84.150.101.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x549675DA /* 84.150.117.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x549A7446 /* 84.154.116.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x549ABD38 /* 84.154.189.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x549C028A /* 84.156.2.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x549CBC46 /* 84.156.188.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x549EC45B /* 84.158.196.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x549F49CE /* 84.159.73.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x549F4C3F /* 84.159.76.63/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54A09ACC /* 84.160.154.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54A21CE2 /* 84.162.28.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54A5409F /* 84.165.64.159/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54A8F9D7 /* 84.168.249.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54AB51E6 /* 84.171.81.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54AB5BC7 /* 84.171.91.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54ADDF9F /* 84.173.223.159/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54AE63C4 /* 84.174.99.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54B0EA0E /* 84.176.234.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54B0FB8A /* 84.176.251.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54B166C5 /* 84.177.102.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54B4603C /* 84.180.96.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54B6A117 /* 84.182.161.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54B6BFDF /* 84.182.191.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54B7EEC3 /* 84.183.238.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54BA3653 /* 84.186.54.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54BB8B4A /* 84.187.139.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54BCA06A /* 84.188.160.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54BF23C8 /* 84.191.35.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54BFF098 /* 84.191.240.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54C10029 /* 84.193.0.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54C3E5B6 /* 84.195.229.182/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54C80821 /* 84.200.8.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54C808CF /* 84.200.8.207/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54C80ECE /* 84.200.14.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54C83212 /* 84.200.50.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54C83822 /* 84.200.56.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54C83824 /* 84.200.56.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54C84DF3 /* 84.200.77.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54C852A3 /* 84.200.82.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54C8CE63 /* 84.200.206.99/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54CA5A7A /* 84.202.90.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54CA74A4 /* 84.202.116.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54D11ABA /* 84.209.26.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54D6DC87 /* 84.214.220.135/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54D7A360 /* 84.215.163.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54D8E951 /* 84.216.233.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54D8FCC8 /* 84.216.252.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54DBF8F9 /* 84.219.248.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54E20D1B /* 84.226.13.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54E27D07 /* 84.226.125.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54E3DA07 /* 84.227.218.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54E61807 /* 84.230.24.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54EC35E6 /* 84.236.53.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54ED96AB /* 84.237.150.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54F03CEA /* 84.240.60.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54F14114 /* 84.241.65.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54F41F34 /* 84.244.31.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54F50FFD /* 84.245.15.253/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54F51940 /* 84.245.25.64/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54F51BD1 /* 84.245.27.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54F51E9A /* 84.245.30.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54F848E7 /* 84.248.72.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54F900C1 /* 84.249.0.193/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54F910D7 /* 84.249.16.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54F9C7E6 /* 84.249.199.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54FA1259 /* 84.250.18.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54FA720A /* 84.250.114.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x54FB54F3 /* 84.251.84.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55002B59 /* 85.0.43.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55004029 /* 85.0.64.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55047E83 /* 85.4.126.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5507B414 /* 85.7.180.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x550A6A2F /* 85.10.106.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x550AC409 /* 85.10.196.9/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x550AC40C /* 85.10.196.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x550AC6EC /* 85.10.198.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x550AC92F /* 85.10.201.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x550ACA57 /* 85.10.202.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x550ACB47 /* 85.10.203.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x550ACBAB /* 85.10.203.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x550AF0FA /* 85.10.240.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x550EF337 /* 85.14.243.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x550EF9F7 /* 85.14.249.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5510AA7D /* 85.16.170.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55111A05 /* 85.17.26.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55117020 /* 85.17.112.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x551170A3 /* 85.17.112.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5511A4A5 /* 85.17.164.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5511A4AC /* 85.17.164.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5511AC4B /* 85.17.172.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5511C2B4 /* 85.17.194.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5511D6B1 /* 85.17.214.177/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x551590E0 /* 85.21.144.224/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55189139 /* 85.24.145.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5518A288 /* 85.24.162.136/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5518B4C8 /* 85.24.180.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55192C8D /* 85.25.44.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55196745 /* 85.25.103.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55198405 /* 85.25.132.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55198522 /* 85.25.133.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x551995A1 /* 85.25.149.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x551996D8 /* 85.25.150.216/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55199F41 /* 85.25.159.65/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55199FFD /* 85.25.159.253/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5519D5D3 /* 85.25.213.211/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5519F86C /* 85.25.248.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5519FF8C /* 85.25.255.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x551FBAA4 /* 85.31.186.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x551FBAFD /* 85.31.186.253/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55305EAE /* 85.48.94.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5556DA1B /* 85.86.218.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x555AF417 /* 85.90.244.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x555AF61E /* 85.90.246.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x555D102F /* 85.93.16.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x555D118F /* 85.93.17.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x555DD12C /* 85.93.209.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x555DD914 /* 85.93.217.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x555DDACC /* 85.93.218.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5571279A /* 85.113.39.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55728560 /* 85.114.133.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55775297 /* 85.119.82.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5577538D /* 85.119.83.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x557F54E9 /* 85.127.84.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x558398DD /* 85.131.152.221/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x558CB60C /* 85.140.182.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x558FD2E9 /* 85.143.210.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x558FDBD3 /* 85.143.219.211/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55902C37 /* 85.144.44.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5591AD1F /* 85.145.173.31/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5598E41D /* 85.152.228.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x559D7EA2 /* 85.157.126.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x559FD337 /* 85.159.211.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x559FEDD2 /* 85.159.237.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55A53635 /* 85.165.54.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55A71195 /* 85.167.17.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55ABADA1 /* 85.171.173.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55B584A4 /* 85.181.132.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55B8A080 /* 85.184.160.128/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55BEFF04 /* 85.190.255.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55BFF855 /* 85.191.248.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55C36BFA /* 85.195.107.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55C3CF6F /* 85.195.207.111/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55C3D709 /* 85.195.215.9/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55C3EB78 /* 85.195.235.120/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55C3F28A /* 85.195.242.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55C3F2E2 /* 85.195.242.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55C3FC68 /* 85.195.252.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55C3FCC6 /* 85.195.252.198/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D4009E /* 85.212.0.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D406BD /* 85.212.6.189/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D42363 /* 85.212.35.99/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D42B74 /* 85.212.43.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D42DB8 /* 85.212.45.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D4395F /* 85.212.57.95/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D617BC /* 85.214.23.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D62CAC /* 85.214.44.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D636FE /* 85.214.54.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D63AEC /* 85.214.58.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D63E30 /* 85.214.62.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D6407E /* 85.214.64.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D642BB /* 85.214.66.187/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D6454B /* 85.214.69.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D665E9 /* 85.214.101.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D66C5F /* 85.214.108.95/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D673D6 /* 85.214.115.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D67CA8 /* 85.214.124.168/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D67D0B /* 85.214.125.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D680A0 /* 85.214.128.160/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D680C7 /* 85.214.128.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D6907F /* 85.214.144.127/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D6909F /* 85.214.144.159/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D69748 /* 85.214.151.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D6CEDB /* 85.214.206.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D6E5B0 /* 85.214.229.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D6ECCF /* 85.214.236.207/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D6F40D /* 85.214.244.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D809FE /* 85.216.9.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55D85A76 /* 85.216.90.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55DC2AC3 /* 85.220.42.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55DCBEF6 /* 85.220.190.246/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55DE00E5 /* 85.222.0.229/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55E2753E /* 85.226.117.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55E279EB /* 85.226.121.235/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55E3814C /* 85.227.129.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55E3BABD /* 85.227.186.189/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55E3BC91 /* 85.227.188.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55E3BCCD /* 85.227.188.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55E44587 /* 85.228.69.135/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55E55450 /* 85.229.84.80/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55E55FF1 /* 85.229.95.241/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55E5E4AE /* 85.229.228.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55E61558 /* 85.230.21.88/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55E6887E /* 85.230.136.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55E6EF64 /* 85.230.239.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55EBFA58 /* 85.235.250.88/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55F09F14 /* 85.240.159.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55F0FFE6 /* 85.240.255.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55F23B3B /* 85.242.59.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55F567DE /* 85.245.103.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55F8E3A3 /* 85.248.227.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55F8E3A4 /* 85.248.227.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55F8E3A5 /* 85.248.227.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55FF019E /* 85.255.1.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x55FF0863 /* 85.255.8.99/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x56037EC1 /* 86.3.126.193/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x56078C1F /* 86.7.140.31/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x561277B3 /* 86.18.119.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x561704E0 /* 86.23.4.224/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5619641D /* 86.25.100.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x561DD073 /* 86.29.208.115/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x563864B9 /* 86.56.100.185/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x563B1526 /* 86.59.21.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x563B15A3 /* 86.59.21.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x563B7753 /* 86.59.119.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x563B7758 /* 86.59.119.88/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x563BA563 /* 86.59.165.99/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5646384E /* 86.70.56.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x564C4BF0 /* 86.76.75.240/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5653791D /* 86.83.121.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x56537ACB /* 86.83.122.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5656AD3E /* 86.86.173.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x565820C7 /* 86.88.32.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x56582191 /* 86.88.33.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x56657F7A /* 86.101.127.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5667BC2F /* 86.103.188.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x56680F0F /* 86.104.15.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5669D482 /* 86.105.212.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5669D4CC /* 86.105.212.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x566A8906 /* 86.106.137.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x566B6E22 /* 86.107.110.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x566B6E52 /* 86.107.110.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x566B6E8F /* 86.107.110.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x566B6EE0 /* 86.107.110.224/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x566E7549 /* 86.110.117.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x566E7595 /* 86.110.117.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x567BDFAE /* 86.123.223.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x567DE7E3 /* 86.125.231.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x56805BEF /* 86.128.91.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5687B16A /* 86.135.177.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x568EFA19 /* 86.142.250.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5699F453 /* 86.153.244.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x569BDBB7 /* 86.155.219.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x56AC5B6A /* 86.172.91.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x56AE499A /* 86.174.73.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x56B3C248 /* 86.179.194.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x56CA8ED2 /* 86.202.142.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x56CAE27C /* 86.202.226.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x56E53486 /* 86.229.52.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x56EE99B7 /* 86.238.153.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x56EEDDD9 /* 86.238.221.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x56F56FEC /* 86.245.111.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x56F6018B /* 86.246.1.139/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x56F6AC32 /* 86.246.172.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x56FD45C5 /* 86.253.69.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5702EC23 /* 87.2.236.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57056E71 /* 87.5.110.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57071528 /* 87.7.21.40/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5714C5DD /* 87.20.197.221/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57340321 /* 87.52.3.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x573CAC5C /* 87.60.172.92/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x574849E7 /* 87.72.73.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5748C571 /* 87.72.197.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5748EFBB /* 87.72.239.187/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5749544D /* 87.73.84.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x574F2E08 /* 87.79.46.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x574F4F5E /* 87.79.79.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x574F5F97 /* 87.79.95.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x574FFDCA /* 87.79.253.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5751943D /* 87.81.148.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x575C111C /* 87.92.17.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x575C61C2 /* 87.92.97.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x575CA318 /* 87.92.163.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57629897 /* 87.98.152.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5762B23D /* 87.98.178.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5762B905 /* 87.98.185.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5762F396 /* 87.98.243.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5762F554 /* 87.98.245.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5762FAF4 /* 87.98.250.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5762FD54 /* 87.98.253.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57660FD8 /* 87.102.15.216/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x576A0E9F /* 87.106.14.159/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x576A3B0C /* 87.106.59.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x576A8C18 /* 87.106.140.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x576AD0EC /* 87.106.208.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x576AF976 /* 87.106.249.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x577654B5 /* 87.118.84.181/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57765C2B /* 87.118.92.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57765EE3 /* 87.118.94.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57766436 /* 87.118.100.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57766A40 /* 87.118.106.64/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57766E71 /* 87.118.110.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57766E9E /* 87.118.110.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5776703F /* 87.118.112.63/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57767286 /* 87.118.114.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57767291 /* 87.118.114.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x577673B0 /* 87.118.115.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5776740C /* 87.118.116.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5776745A /* 87.118.116.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x577674E3 /* 87.118.116.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57767A1E /* 87.118.122.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57767A32 /* 87.118.122.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57767A33 /* 87.118.122.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57767AC9 /* 87.118.122.201/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57767AFE /* 87.118.122.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57767ECE /* 87.118.126.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57767EDA /* 87.118.126.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5778241A /* 87.120.36.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5778FE47 /* 87.120.254.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5778FECC /* 87.120.254.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5778FEF5 /* 87.120.254.245/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57806FBE /* 87.128.111.190/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57847BCB /* 87.132.123.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5784C8BC /* 87.132.200.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5786449E /* 87.134.68.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x578B21D9 /* 87.139.33.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x578B8B03 /* 87.139.139.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x578E63CC /* 87.142.99.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x578E6FB2 /* 87.142.111.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x578E7868 /* 87.142.120.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5793BF8D /* 87.147.191.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57948874 /* 87.148.136.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5796D6BD /* 87.150.214.189/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57987F6D /* 87.152.127.109/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5799207E /* 87.153.32.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x579C9AF5 /* 87.156.154.245/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x579DB391 /* 87.157.179.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x579F3CFD /* 87.159.60.253/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x579F5887 /* 87.159.88.135/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x579FBE89 /* 87.159.190.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x579FEBA5 /* 87.159.235.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57A247EF /* 87.162.71.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57A2C503 /* 87.162.197.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57A618C6 /* 87.166.24.198/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57A631E2 /* 87.166.49.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57AA8B6E /* 87.170.139.110/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57ABDF9F /* 87.171.223.159/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57AC14FA /* 87.172.20.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57ADD49F /* 87.173.212.159/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57AE6C25 /* 87.174.108.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57AECCC6 /* 87.174.204.198/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57AEE042 /* 87.174.224.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57AEFD48 /* 87.174.253.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57B18038 /* 87.177.128.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57B3C9DB /* 87.179.201.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57B4E2EE /* 87.180.226.238/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57B528B4 /* 87.181.40.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57B55BD9 /* 87.181.91.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57B6D189 /* 87.182.209.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57B91C30 /* 87.185.28.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57BA2215 /* 87.186.34.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57C1B3EE /* 87.193.179.238/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57C1D00E /* 87.193.208.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57D63AC8 /* 87.214.58.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57D8ABB3 /* 87.216.171.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57DECE2D /* 87.222.206.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57E61995 /* 87.230.25.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57ECC217 /* 87.236.194.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57ECD71E /* 87.236.215.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57ECD753 /* 87.236.215.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x57FE5C78 /* 87.254.92.120/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5805A5DF /* 88.5.165.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x581B4113 /* 88.27.65.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x584187CD /* 88.65.135.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x584567A9 /* 88.69.103.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58485BDA /* 88.72.91.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5849369E /* 88.73.54.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x584C47D4 /* 88.76.71.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x584E43A5 /* 88.78.67.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58500705 /* 88.80.7.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5850D6BD /* 88.80.214.189/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x585666A3 /* 88.86.102.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5859086D /* 88.89.8.109/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5862FCEA /* 88.98.252.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58630E5C /* 88.99.14.92/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x586315A3 /* 88.99.21.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x586315AB /* 88.99.21.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58631B83 /* 88.99.27.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58631BE7 /* 88.99.27.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58631FBA /* 88.99.31.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5863230C /* 88.99.35.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x586323B2 /* 88.99.35.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58632420 /* 88.99.36.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5863466B /* 88.99.70.107/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58634B5E /* 88.99.75.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5863504E /* 88.99.80.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x586353A3 /* 88.99.83.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x586356AE /* 88.99.86.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58635784 /* 88.99.87.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x586360E0 /* 88.99.96.224/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5863685E /* 88.99.104.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x586D1267 /* 88.109.18.103/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5873E58C /* 88.115.229.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x588B8C5B /* 88.139.140.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x588E30D8 /* 88.142.48.216/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5895B559 /* 88.149.181.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5898AB67 /* 88.152.171.103/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5898ED49 /* 88.152.237.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x589C0AFD /* 88.156.10.253/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x589CB6C4 /* 88.156.182.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x589F2BF1 /* 88.159.43.241/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x589F4DC4 /* 88.159.77.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x589F8B11 /* 88.159.139.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x589F8E93 /* 88.159.142.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x589FA4F9 /* 88.159.164.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x589FF570 /* 88.159.245.112/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58A13860 /* 88.161.56.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58A7FEF1 /* 88.167.254.241/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58AE5A97 /* 88.174.90.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58B00C64 /* 88.176.12.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58B0B407 /* 88.176.180.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58B256CA /* 88.178.86.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58B3309A /* 88.179.48.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58B4AD3F /* 88.180.173.63/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58B99B86 /* 88.185.155.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58BA120C /* 88.186.18.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58BB785A /* 88.187.120.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58BBE91B /* 88.187.233.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58BCDCD1 /* 88.188.220.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58BDCE35 /* 88.189.206.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58BE765F /* 88.190.118.95/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58BED2F0 /* 88.190.210.240/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58BFCD30 /* 88.191.205.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58BFD421 /* 88.191.212.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C0FD11 /* 88.192.253.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C1997C /* 88.193.153.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C38F0D /* 88.195.143.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C60603 /* 88.198.6.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C60BAB /* 88.198.11.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C60D74 /* 88.198.13.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C61304 /* 88.198.19.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C617DD /* 88.198.23.221/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C62424 /* 88.198.36.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C62C91 /* 88.198.44.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C63436 /* 88.198.52.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C6388C /* 88.198.56.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C66D95 /* 88.198.109.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C66EC2 /* 88.198.110.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C677C5 /* 88.198.119.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C67D60 /* 88.198.125.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C694FF /* 88.198.148.255/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C6A4DB /* 88.198.164.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C6C09C /* 88.198.192.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C6C259 /* 88.198.194.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C6CFDE /* 88.198.207.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C6D403 /* 88.198.212.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C6FD0D /* 88.198.253.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C6FD18 /* 88.198.253.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C6FD1B /* 88.198.253.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C84964 /* 88.200.73.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58C99131 /* 88.201.145.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58CACA2A /* 88.202.202.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58CC70F2 /* 88.204.112.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58CC71BD /* 88.204.113.189/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58D0794E /* 88.208.121.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58D0F50A /* 88.208.245.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58D4228D /* 88.212.34.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58D74B9A /* 88.215.75.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58D7BAB9 /* 88.215.186.185/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58D96856 /* 88.217.104.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58D98F35 /* 88.217.143.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x58D9ABE1 /* 88.217.171.225/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59002F22 /* 89.0.47.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59005227 /* 89.0.82.39/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59008F3F /* 89.0.143.63/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59036176 /* 89.3.97.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x590CB328 /* 89.12.179.40/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x590CCA35 /* 89.12.202.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x590DB50A /* 89.13.181.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5910B09E /* 89.16.176.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5912AC64 /* 89.18.172.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5912AC70 /* 89.18.172.112/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5912AD29 /* 89.18.173.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5916613A /* 89.22.97.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x591661C1 /* 89.22.97.193/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x591F393A /* 89.31.57.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x591F60A8 /* 89.31.96.168/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59207FB2 /* 89.32.127.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59210618 /* 89.33.6.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5921CF50 /* 89.33.207.80/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5921F672 /* 89.33.246.114/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5922ED15 /* 89.34.237.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5922ED65 /* 89.34.237.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5922ED79 /* 89.34.237.121/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5922ED88 /* 89.34.237.136/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5922EDC0 /* 89.34.237.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5923869A /* 89.35.134.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5923B268 /* 89.35.178.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5924DA7F /* 89.36.218.127/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5926D039 /* 89.38.208.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59274321 /* 89.39.67.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59284795 /* 89.40.71.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5928B56B /* 89.40.181.107/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x592D2394 /* 89.45.35.148/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x592D4389 /* 89.45.67.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x592DE21C /* 89.45.226.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x592E4662 /* 89.46.70.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x592E6447 /* 89.46.100.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x592E64A2 /* 89.46.100.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x594418D2 /* 89.68.24.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x594704AD /* 89.71.4.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5947A11E /* 89.71.161.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x594939B2 /* 89.73.57.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x595E01B3 /* 89.94.1.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59639B85 /* 89.99.155.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x596408AB /* 89.100.8.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5964217D /* 89.100.33.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59661F13 /* 89.102.31.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59668C7A /* 89.102.140.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59669309 /* 89.102.147.9/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59676FD9 /* 89.103.111.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x596B9BA2 /* 89.107.155.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x596DE24B /* 89.109.226.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x596E300A /* 89.110.48.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x596F1444 /* 89.111.20.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5980CD65 /* 89.128.205.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5984E1FA /* 89.132.225.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59857E05 /* 89.133.126.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59900C0F /* 89.144.12.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5996AE32 /* 89.150.174.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x599F5484 /* 89.159.84.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A1600E /* 89.161.96.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3803B /* 89.163.128.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A38042 /* 89.163.128.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3864C /* 89.163.134.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A38D73 /* 89.163.141.115/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A38D74 /* 89.163.141.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A38DEF /* 89.163.141.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A39130 /* 89.163.145.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3925D /* 89.163.146.93/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3940D /* 89.163.148.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A39D4F /* 89.163.157.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A39F2C /* 89.163.159.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3C4DD /* 89.163.196.221/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3D2A3 /* 89.163.210.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3D2A4 /* 89.163.210.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3D83C /* 89.163.216.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3D926 /* 89.163.217.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3DB1B /* 89.163.219.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3DB76 /* 89.163.219.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3E019 /* 89.163.224.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3E0BB /* 89.163.224.187/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3E0D4 /* 89.163.224.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3E0FA /* 89.163.224.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3E106 /* 89.163.225.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3E107 /* 89.163.225.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3E173 /* 89.163.225.115/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3E191 /* 89.163.225.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3E1B8 /* 89.163.225.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3F574 /* 89.163.245.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3F5B5 /* 89.163.245.181/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3F5B8 /* 89.163.245.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3F5C7 /* 89.163.245.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3F67F /* 89.163.246.127/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3F72B /* 89.163.247.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3F9C8 /* 89.163.249.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A3F9C9 /* 89.163.249.201/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A6609C /* 89.166.96.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59A67C0D /* 89.166.124.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59AC81D1 /* 89.172.129.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59AF1BA3 /* 89.175.27.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59B011EA /* 89.176.17.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59B2AAE4 /* 89.178.170.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59B377A5 /* 89.179.119.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59B37F7C /* 89.179.127.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59B74400 /* 89.183.68.0/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59BB8ED0 /* 89.187.142.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59BB8F51 /* 89.187.143.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59BB907A /* 89.187.144.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59BB9167 /* 89.187.145.103/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59BFC7F5 /* 89.191.199.245/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59BFD901 /* 89.191.217.1/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59CF8196 /* 89.207.129.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59DDD040 /* 89.221.208.64/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59DDD08A /* 89.221.208.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59DDD164 /* 89.221.209.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59DDD27A /* 89.221.210.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59DDD297 /* 89.221.210.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59DF1BF1 /* 89.223.27.241/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59EA9DFE /* 89.234.157.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59EAB76E /* 89.234.183.110/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59EABA24 /* 89.234.186.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59EC2275 /* 89.236.34.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59EE59C5 /* 89.238.89.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59F6CC36 /* 89.246.204.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59F8A69D /* 89.248.166.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59F8AAE3 /* 89.248.170.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x59F94106 /* 89.249.65.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5A0106B5 /* 90.1.6.181/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5A06197C /* 90.6.25.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5A2C5DDA /* 90.44.93.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5A3FDA8B /* 90.63.218.139/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5A416676 /* 90.65.102.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5A4E1922 /* 90.78.25.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5A4F659A /* 90.79.101.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5A573FAD /* 90.87.63.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5A685368 /* 90.104.83.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5A6896BF /* 90.104.150.191/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5A69A893 /* 90.105.168.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5A700D78 /* 90.112.13.120/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5A708FA7 /* 90.112.143.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5A7887A8 /* 90.120.135.168/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5A7EADC0 /* 90.126.173.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5AB8DE76 /* 90.184.222.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5AB8EF9A /* 90.184.239.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5ABC1BB8 /* 90.188.27.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5ABF645B /* 90.191.100.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5AD0B354 /* 90.208.179.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5ADC0A6E /* 90.220.10.110/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5AE150DB /* 90.225.80.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5AE2B287 /* 90.226.178.135/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5AE68576 /* 90.230.133.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B007B9F /* 91.0.123.159/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B015603 /* 91.1.86.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B02AA6E /* 91.2.170.110/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B054CD4 /* 91.5.76.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B0846A3 /* 91.8.70.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B08D86F /* 91.8.216.111/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B09CB9D /* 91.9.203.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B0B28ED /* 91.11.40.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B1155E2 /* 91.17.85.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B12557C /* 91.18.85.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B12EA5A /* 91.18.234.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B13E9CF /* 91.19.233.207/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B147FDA /* 91.20.127.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B156D49 /* 91.21.109.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B208735 /* 91.32.135.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B20C025 /* 91.32.192.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B228FDD /* 91.34.143.221/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B2529A9 /* 91.37.41.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B293947 /* 91.41.57.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B298B37 /* 91.41.139.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B2A4735 /* 91.42.71.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B2AB21C /* 91.42.178.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B2D864A /* 91.45.134.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B31245C /* 91.49.36.92/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B339017 /* 91.51.144.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B352D2B /* 91.53.45.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B36C44C /* 91.54.196.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B3B43E1 /* 91.59.67.225/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B3BBE64 /* 91.59.190.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B3E5239 /* 91.62.82.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B3FA90B /* 91.63.169.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B40007D /* 91.64.0.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B408F14 /* 91.64.143.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B40A481 /* 91.64.164.129/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B40D118 /* 91.64.209.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B40FE7E /* 91.64.254.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B413DD9 /* 91.65.61.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B41A679 /* 91.65.166.121/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B42816A /* 91.66.129.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B436D56 /* 91.67.109.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B43858C /* 91.67.133.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B439B7F /* 91.67.155.127/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B4F1C58 /* 91.79.28.88/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B59FDD8 /* 91.89.253.216/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B600FC2 /* 91.96.15.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B61B4F8 /* 91.97.180.248/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B6467C4 /* 91.100.103.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B69CB5C /* 91.105.203.92/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B6A8BE1 /* 91.106.139.225/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B6AAB1D /* 91.106.171.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B6AAC3A /* 91.106.172.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B6AAD4B /* 91.106.173.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B6B68EE /* 91.107.104.238/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B6B692E /* 91.107.105.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B6D1DF1 /* 91.109.29.241/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B6D9C46 /* 91.109.156.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B720536 /* 91.114.5.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B790114 /* 91.121.1.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B790E99 /* 91.121.14.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B791043 /* 91.121.16.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B791764 /* 91.121.23.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B791C40 /* 91.121.28.64/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B791C42 /* 91.121.28.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B793608 /* 91.121.54.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B794CAF /* 91.121.76.175/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B794D25 /* 91.121.77.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B794FBC /* 91.121.79.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B795198 /* 91.121.81.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B795219 /* 91.121.82.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B79536C /* 91.121.83.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B795489 /* 91.121.84.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B795582 /* 91.121.85.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B795DA0 /* 91.121.93.160/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B79623A /* 91.121.98.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B796C40 /* 91.121.108.64/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B797168 /* 91.121.113.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B797422 /* 91.121.116.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B79777A /* 91.121.119.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B7985E1 /* 91.121.133.225/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B798884 /* 91.121.136.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B799341 /* 91.121.147.65/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B799991 /* 91.121.153.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B799B21 /* 91.121.155.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B799E11 /* 91.121.158.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B799F24 /* 91.121.159.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B79A006 /* 91.121.160.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B79A698 /* 91.121.166.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B79C09A /* 91.121.192.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B79C384 /* 91.121.195.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B79C3A9 /* 91.121.195.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B79D144 /* 91.121.209.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B79E00A /* 91.121.224.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B79E6D0 /* 91.121.230.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B79E6D2 /* 91.121.230.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B79E6D4 /* 91.121.230.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B79E6D6 /* 91.121.230.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B79E6D8 /* 91.121.230.216/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B79E6DA /* 91.121.230.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B7A1FAF /* 91.122.31.175/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B7A2FEA /* 91.122.47.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B7A34ED /* 91.122.52.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B7A640D /* 91.122.100.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B7D1BBB /* 91.125.27.187/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B7E2D22 /* 91.126.45.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B868558 /* 91.134.133.88/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B86870C /* 91.134.135.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B86886B /* 91.134.136.107/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B868963 /* 91.134.137.99/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B868BC8 /* 91.134.139.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B868BCF /* 91.134.139.207/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B868BD7 /* 91.134.139.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B869BF4 /* 91.134.155.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B86B4F0 /* 91.134.180.240/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B86D8A0 /* 91.134.216.160/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B86DAB0 /* 91.134.218.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B86E830 /* 91.134.232.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B86E831 /* 91.134.232.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B86F3AD /* 91.134.243.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B88A4E3 /* 91.136.164.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B8A1429 /* 91.138.20.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B8A47EC /* 91.138.71.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B8F50DC /* 91.143.80.220/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B8F5B7D /* 91.143.91.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B8F5B8E /* 91.143.91.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B9107E2 /* 91.145.7.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B91765D /* 91.145.118.93/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B927903 /* 91.146.121.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B927A2D /* 91.146.122.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B98713E /* 91.152.113.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5B9A47D8 /* 91.154.71.216/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BA07B04 /* 91.160.123.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BB171C0 /* 91.177.113.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BBA0896 /* 91.186.8.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BBA3E92 /* 91.186.62.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BBC7D80 /* 91.188.125.128/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BBE754D /* 91.190.117.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BBEEA42 /* 91.190.234.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BC25A67 /* 91.194.90.103/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BC5EA66 /* 91.197.234.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BC5EA6A /* 91.197.234.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BC6D4FA /* 91.198.212.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BC80D07 /* 91.200.13.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BCA2969 /* 91.202.41.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BCA2EBD /* 91.202.46.189/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BCAA8B8 /* 91.202.168.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BCAA8B9 /* 91.202.168.185/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BCB0592 /* 91.203.5.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BCB05A1 /* 91.203.5.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BCB05A5 /* 91.203.5.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BCB927E /* 91.203.146.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BCDAD52 /* 91.205.173.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BCDAF8A /* 91.205.175.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BD2685B /* 91.210.104.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BD26A86 /* 91.210.106.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BD36BAC /* 91.211.107.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BD3F770 /* 91.211.247.112/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BD50854 /* 91.213.8.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BD50859 /* 91.213.8.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BD50865 /* 91.213.8.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BD508EB /* 91.213.8.235/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BD508EC /* 91.213.8.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BD5E93C /* 91.213.233.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BD5E96B /* 91.213.233.107/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BD5E98A /* 91.213.233.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BD6A945 /* 91.214.169.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDB1C55 /* 91.219.28.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDB1C63 /* 91.219.28.99/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDB1CD3 /* 91.219.28.211/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDB1D8E /* 91.219.29.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDB1D9D /* 91.219.29.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDB1DBC /* 91.219.29.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDB1DEE /* 91.219.29.238/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDBECAE /* 91.219.236.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDBECDA /* 91.219.236.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDBECE8 /* 91.219.236.232/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDBECFA /* 91.219.236.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDBED13 /* 91.219.237.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDBED75 /* 91.219.237.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDBED9A /* 91.219.237.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDBEDE5 /* 91.219.237.229/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDBEDEB /* 91.219.237.235/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDBEDF4 /* 91.219.237.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDBEEDD /* 91.219.238.221/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDBEF5C /* 91.219.239.92/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDBEFFA /* 91.219.239.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDCDC05 /* 91.220.220.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDD42DC /* 91.221.66.220/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDD7721 /* 91.221.119.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDF529C /* 91.223.82.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDF6A59 /* 91.223.106.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BDF6A5A /* 91.223.106.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BE09521 /* 91.224.149.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BE09C75 /* 91.224.156.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BE09D63 /* 91.224.157.99/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BE434BA /* 91.228.52.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BE43556 /* 91.228.53.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BE5141B /* 91.229.20.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BE54C7C /* 91.229.76.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BE6CC50 /* 91.230.204.80/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BE75665 /* 91.231.86.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BE756CC /* 91.231.86.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BE8E12B /* 91.232.225.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BE96A79 /* 91.233.106.121/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BE96A91 /* 91.233.106.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BE96AAC /* 91.233.106.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BE96AED /* 91.233.106.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BE97433 /* 91.233.116.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BE97477 /* 91.233.116.119/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BE985F7 /* 91.233.133.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BEB8832 /* 91.235.136.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BEC7457 /* 91.236.116.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BEC745D /* 91.236.116.93/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BEC745E /* 91.236.116.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BECEF87 /* 91.236.239.135/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BECEF8C /* 91.236.239.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BECFB15 /* 91.236.251.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BECFB18 /* 91.236.251.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BECFB1E /* 91.236.251.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BECFB2A /* 91.236.251.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BECFB48 /* 91.236.251.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BED34AA /* 91.237.52.170/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BED5867 /* 91.237.88.103/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BED58B5 /* 91.237.88.181/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BEDF43E /* 91.237.244.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BEDF73E /* 91.237.247.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BEFE851 /* 91.239.232.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BF04305 /* 91.240.67.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BF0E5C3 /* 91.240.229.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BF2A3BA /* 91.242.163.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BF3CB50 /* 91.243.203.80/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BF3D521 /* 91.243.213.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BF7FB1A /* 91.247.251.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BF817F0 /* 91.248.23.240/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5BFA75FC /* 91.250.117.252/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5C1B07D1 /* 92.27.7.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5C267E8C /* 92.38.126.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5C26AD50 /* 92.38.173.80/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5C27F62D /* 92.39.246.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5C32A1F6 /* 92.50.161.246/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5C33F583 /* 92.51.245.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5C3FACF7 /* 92.63.172.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5C3FAD18 /* 92.63.173.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5C3FAE24 /* 92.63.174.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5C3FAE47 /* 92.63.174.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5C4BBA9C /* 92.75.186.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5C4C66DE /* 92.76.102.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5C59523D /* 92.89.82.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5C5E640B /* 92.94.100.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5C5F4274 /* 92.95.66.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5C648326 /* 92.100.131.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5C6CC255 /* 92.108.194.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5C6D527B /* 92.109.82.123/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5C6F04B1 /* 92.111.4.177/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5C6F59EE /* 92.111.89.238/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5C824D96 /* 92.130.77.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CA75FDB /* 92.167.95.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CA78C44 /* 92.167.140.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CA916D1 /* 92.169.22.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CC344A6 /* 92.195.68.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CC905E2 /* 92.201.5.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CCC0195 /* 92.204.1.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CCE1A1D /* 92.206.26.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CD3274D /* 92.211.39.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDC4808 /* 92.220.72.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDC4ED7 /* 92.220.78.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDD5AA1 /* 92.221.90.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDDC98A /* 92.221.201.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE0466 /* 92.222.4.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE060C /* 92.222.6.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE1482 /* 92.222.20.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE1625 /* 92.222.22.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE1671 /* 92.222.22.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE17C2 /* 92.222.23.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE19BF /* 92.222.25.191/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE1AD8 /* 92.222.26.216/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE1CF3 /* 92.222.28.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE2643 /* 92.222.38.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE27B7 /* 92.222.39.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE27C4 /* 92.222.39.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE4519 /* 92.222.69.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE45AD /* 92.222.69.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE46AC /* 92.222.70.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE4ACB /* 92.222.74.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE4AE2 /* 92.222.74.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE5488 /* 92.222.84.136/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE55AB /* 92.222.85.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE59BF /* 92.222.89.191/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE5A9C /* 92.222.90.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE5CFA /* 92.222.92.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE5E33 /* 92.222.94.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE67E8 /* 92.222.103.232/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE67E9 /* 92.222.103.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE731C /* 92.222.115.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDE9993 /* 92.222.153.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDEA236 /* 92.222.162.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDEB457 /* 92.222.180.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDEB568 /* 92.222.181.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDEB57B /* 92.222.181.123/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CDECC60 /* 92.222.204.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CE0048E /* 92.224.4.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CE0AC08 /* 92.224.172.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CE10812 /* 92.225.8.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CF228C0 /* 92.242.40.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CF24A87 /* 92.242.74.135/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CF3141E /* 92.243.20.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CF31ED0 /* 92.243.30.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CF34569 /* 92.243.69.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CF41F1C /* 92.244.31.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CF733A9 /* 92.247.51.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CF8E784 /* 92.248.231.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CF98F77 /* 92.249.143.119/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CF9955F /* 92.249.149.95/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CFE3951 /* 92.254.57.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CFFB08A /* 92.255.176.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CFFCF59 /* 92.255.207.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5CFFFB42 /* 92.255.251.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D1B3351 /* 93.27.51.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D32BA03 /* 93.50.186.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D3A0B18 /* 93.58.11.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D40CF37 /* 93.64.207.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D41D51F /* 93.65.213.31/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D42D1BC /* 93.66.209.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D492760 /* 93.73.39.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D4A2AE6 /* 93.74.42.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D59651B /* 93.89.101.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D5CCB71 /* 93.92.203.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D5F64A4 /* 93.95.100.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D5F64A6 /* 93.95.100.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D5F64CA /* 93.95.100.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D5F64CB /* 93.95.100.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D5FE3F5 /* 93.95.227.245/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D5FE431 /* 93.95.228.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D5FE450 /* 93.95.228.80/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D648EB6 /* 93.100.142.182/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D64D3D8 /* 93.100.211.216/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D67E349 /* 93.103.227.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D68762D /* 93.104.118.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D68A579 /* 93.104.165.121/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D68D06A /* 93.104.208.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D68D120 /* 93.104.209.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D68D19E /* 93.104.209.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D68D33E /* 93.104.211.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D68D541 /* 93.104.213.65/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D71AF19 /* 93.113.175.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D731B34 /* 93.115.27.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D731C0D /* 93.115.28.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D731D56 /* 93.115.29.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D73548F /* 93.115.84.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D735B42 /* 93.115.91.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D735F26 /* 93.115.95.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D735FC9 /* 93.115.95.201/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D735FCA /* 93.115.95.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D735FCC /* 93.115.95.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D735FCD /* 93.115.95.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D735FCE /* 93.115.95.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D735FCF /* 93.115.95.207/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D735FD8 /* 93.115.95.216/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D7361F2 /* 93.115.97.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D73F102 /* 93.115.241.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D73F132 /* 93.115.241.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D73F1C2 /* 93.115.241.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D760102 /* 93.118.1.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D7B5A0D /* 93.123.90.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D7BE197 /* 93.123.225.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D81296E /* 93.129.41.110/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D989FDF /* 93.152.159.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D9D3316 /* 93.157.51.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D9ED834 /* 93.158.216.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D9ED83F /* 93.158.216.63/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5D9ED88E /* 93.158.216.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DAA4D94 /* 93.170.77.148/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DAA4DAE /* 93.170.77.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DAA4DDF /* 93.170.77.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DAA4DE7 /* 93.170.77.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DAAA93E /* 93.170.169.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DAE5D85 /* 93.174.93.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DB4882B /* 93.180.136.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DB49A5E /* 93.180.154.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DB49C54 /* 93.180.156.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DB49D9A /* 93.180.157.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DB5035B /* 93.181.3.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DB81462 /* 93.184.20.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DB81E14 /* 93.184.30.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DB842E3 /* 93.184.66.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DB96DBF /* 93.185.109.191/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DBA0E46 /* 93.186.14.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DBAC844 /* 93.186.200.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DBAC8D5 /* 93.186.200.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DBACAC3 /* 93.186.202.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DBACAF1 /* 93.186.202.241/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DBD1A16 /* 93.189.26.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DBD5AF4 /* 93.189.90.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DBE5F18 /* 93.190.95.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DBE8D73 /* 93.190.141.115/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DC27838 /* 93.194.120.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DC4E9F0 /* 93.196.233.240/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DC5F186 /* 93.197.241.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DCBFEFE /* 93.203.254.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DCDACFE /* 93.205.172.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DCDE0CA /* 93.205.224.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DCE42BD /* 93.206.66.189/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DCF77FA /* 93.207.119.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DD12CEB /* 93.209.44.235/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DD1A8B8 /* 93.209.168.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DD3D5CF /* 93.211.213.207/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DD4544A /* 93.212.84.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DD77920 /* 93.215.121.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DDA60B7 /* 93.218.96.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DDB4A99 /* 93.219.74.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DDB4F18 /* 93.219.79.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DDEE4A5 /* 93.222.228.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DDF73C6 /* 93.223.115.198/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DE03EA0 /* 93.224.62.160/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DE1B52D /* 93.225.181.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DE32C29 /* 93.227.44.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DE38F2B /* 93.227.143.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DE44117 /* 93.228.65.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DE79F0B /* 93.231.159.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DE7E5FC /* 93.231.229.252/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DE8FF95 /* 93.232.255.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DE98875 /* 93.233.136.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DEAADD4 /* 93.234.173.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DECF646 /* 93.236.246.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DED9761 /* 93.237.151.97/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DED9CAC /* 93.237.156.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DEF2BAB /* 93.239.43.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5DF42B23 /* 93.244.43.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E108907 /* 94.16.137.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E10AD6A /* 94.16.173.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E15EB8D /* 94.21.235.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E16C5B3 /* 94.22.197.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E1701A4 /* 94.23.1.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E1707A1 /* 94.23.7.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E17113A /* 94.23.17.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E1712A9 /* 94.23.18.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E17141C /* 94.23.20.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E171DCC /* 94.23.29.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E179031 /* 94.23.144.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E1799F1 /* 94.23.153.241/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E179A24 /* 94.23.154.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E17A526 /* 94.23.165.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E17AD5D /* 94.23.173.93/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E17ADF9 /* 94.23.173.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E17AE1A /* 94.23.174.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E17CCAF /* 94.23.204.175/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E17DBC0 /* 94.23.219.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E17DC58 /* 94.23.220.88/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E17F72A /* 94.23.247.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E17F89E /* 94.23.248.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E1A5862 /* 94.26.88.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E1A8C96 /* 94.26.140.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E1CF47B /* 94.28.244.123/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E1F35CB /* 94.31.53.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E225DB0 /* 94.34.93.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E2E0D0B /* 94.46.13.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E2E52EC /* 94.46.82.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E32882A /* 94.50.136.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E3CFF2A /* 94.60.255.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E3DCC41 /* 94.61.204.65/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E4A5171 /* 94.74.81.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E4BE8F2 /* 94.75.232.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E4F89B6 /* 94.79.137.182/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E4FADE2 /* 94.79.173.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E640617 /* 94.100.6.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E64061B /* 94.100.6.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E6415A2 /* 94.100.21.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E641712 /* 94.100.23.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E64171A /* 94.100.23.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E66322A /* 94.102.50.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E663C55 /* 94.102.60.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E70D94D /* 94.112.217.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E72ACDC /* 94.114.172.220/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E7EAAA5 /* 94.126.170.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E897888 /* 94.137.120.136/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E8C7868 /* 94.140.120.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E8C7882 /* 94.140.120.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E8C7A16 /* 94.140.122.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E8EF18A /* 94.142.241.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E8EF254 /* 94.142.242.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E8EF5CE /* 94.142.245.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E9B312F /* 94.155.49.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E9C4DC0 /* 94.156.77.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E9C800A /* 94.156.128.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5E9CAF78 /* 94.156.175.120/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EB08BBA /* 94.176.139.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EB1E450 /* 94.177.228.80/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EB1EAF3 /* 94.177.234.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EB52C2D /* 94.181.44.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EB52DED /* 94.181.45.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EB95A56 /* 94.185.90.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EC1F171 /* 94.193.241.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EC6445C /* 94.198.68.92/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EC66218 /* 94.198.98.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EC66247 /* 94.198.98.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EC66411 /* 94.198.100.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EC66412 /* 94.198.100.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5ED1AF86 /* 94.209.175.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5ED1C399 /* 94.209.195.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5ED57791 /* 94.213.119.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5ED6CC43 /* 94.214.204.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5ED8790D /* 94.216.121.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EDABF26 /* 94.218.191.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EDB188C /* 94.219.24.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EDF9D93 /* 94.223.157.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EE02CA2 /* 94.224.44.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EE16454 /* 94.225.100.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EE26BA5 /* 94.226.107.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EE4560B /* 94.228.86.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EE45790 /* 94.228.87.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EE8AE42 /* 94.232.174.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EECF049 /* 94.236.240.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF12A9C /* 94.241.42.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF23902 /* 94.242.57.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF23954 /* 94.242.57.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF23970 /* 94.242.57.112/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF239A1 /* 94.242.57.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF239D4 /* 94.242.57.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF23A02 /* 94.242.58.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF23A97 /* 94.242.58.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF23AE9 /* 94.242.58.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF23B2F /* 94.242.59.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF23B93 /* 94.242.59.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF23BB6 /* 94.242.59.182/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF23BBB /* 94.242.59.187/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF2D178 /* 94.242.209.120/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF2D179 /* 94.242.209.121/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF2D1F4 /* 94.242.209.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF2DE19 /* 94.242.222.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF2DE81 /* 94.242.222.129/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF2DED9 /* 94.242.222.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF2E4AE /* 94.242.228.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF2F617 /* 94.242.246.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF2F618 /* 94.242.246.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF2FA76 /* 94.242.250.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF2FF70 /* 94.242.255.112/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EF53531 /* 94.245.53.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EFD0CCB /* 94.253.12.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EFDB1E7 /* 94.253.177.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EFE121F /* 94.254.18.31/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EFE1905 /* 94.254.25.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EFE56CC /* 94.254.86.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5EFE5E9B /* 94.254.94.155/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F199543 /* 95.25.149.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F1B83EE /* 95.27.131.238/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F1BA3AC /* 95.27.163.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F1BC4E5 /* 95.27.196.229/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F1C06B0 /* 95.28.6.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F1C290B /* 95.28.41.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F1C3802 /* 95.28.56.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F1F0EA0 /* 95.31.14.160/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F1F1892 /* 95.31.24.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F1F26D1 /* 95.31.38.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F1F7F71 /* 95.31.127.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F1FF207 /* 95.31.242.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F26CA17 /* 95.38.202.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F2A7EA7 /* 95.42.126.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F2E6211 /* 95.46.98.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F45E818 /* 95.69.232.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F479350 /* 95.71.147.80/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F47F93B /* 95.71.249.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F4947DE /* 95.73.71.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F4968B5 /* 95.73.104.181/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F4F6007 /* 95.79.96.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F502D4A /* 95.80.45.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F54A422 /* 95.84.164.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F54D17E /* 95.84.209.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F550171 /* 95.85.1.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F5503BF /* 95.85.3.191/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F5508E2 /* 95.85.8.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F550A47 /* 95.85.10.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F55132E /* 95.85.19.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F5513A2 /* 95.85.19.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F551449 /* 95.85.20.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F5516AD /* 95.85.22.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F55200A /* 95.85.32.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F55256F /* 95.85.37.111/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F553236 /* 95.85.50.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F5820BA /* 95.88.32.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F585BC5 /* 95.88.91.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F59EB89 /* 95.89.235.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F5AB216 /* 95.90.178.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F5B057D /* 95.91.5.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F5B1017 /* 95.91.16.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F5B222D /* 95.91.34.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F5B95DA /* 95.91.149.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F69A49D /* 95.105.164.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F6C7B1D /* 95.108.123.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F6D7A90 /* 95.109.122.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F722090 /* 95.114.32.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F77AD1B /* 95.119.173.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F7B33AC /* 95.123.51.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F802BA4 /* 95.128.43.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F8137AD /* 95.129.55.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F820B05 /* 95.130.11.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F820B0F /* 95.130.11.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F820B93 /* 95.130.11.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F820BAA /* 95.130.11.170/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F820BBA /* 95.130.11.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F820C1F /* 95.130.12.31/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F820C77 /* 95.130.12.119/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F841A81 /* 95.132.26.129/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F8C2AB7 /* 95.140.42.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F8D230F /* 95.141.35.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F8D5392 /* 95.141.83.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F8EA0E9 /* 95.142.160.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F8EA13F /* 95.142.161.63/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F8EAD12 /* 95.142.173.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F8FAC8C /* 95.143.172.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F8FAC93 /* 95.143.172.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F8FACBC /* 95.143.172.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F8FACD4 /* 95.143.172.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F8FACD6 /* 95.143.172.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F8FACE3 /* 95.143.172.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F8FC191 /* 95.143.193.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F9281D1 /* 95.146.129.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F9749C7 /* 95.151.73.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F9914D4 /* 95.153.20.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F991F08 /* 95.153.31.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5F9C5F08 /* 95.156.95.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FA37923 /* 95.163.121.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FA37997 /* 95.163.121.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FA58516 /* 95.165.133.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FA58F70 /* 95.165.143.112/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FA5940C /* 95.165.148.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FA88A56 /* 95.168.138.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FA894E9 /* 95.168.148.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FA9BC67 /* 95.169.188.103/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FACEC3F /* 95.172.236.63/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FAEE6C9 /* 95.174.230.201/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FB7300C /* 95.183.48.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FB73081 /* 95.183.48.129/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FB730B4 /* 95.183.48.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FB7328A /* 95.183.50.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FB732D0 /* 95.183.50.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FB7337E /* 95.183.51.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FB734AC /* 95.183.52.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FB73735 /* 95.183.55.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD0AFA1 /* 95.208.175.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD3079E /* 95.211.7.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD31B84 /* 95.211.27.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD376C2 /* 95.211.118.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD38A07 /* 95.211.138.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD38A33 /* 95.211.138.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD39362 /* 95.211.147.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD3A094 /* 95.211.160.148/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD3BA50 /* 95.211.186.80/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD3CD8A /* 95.211.205.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD3D149 /* 95.211.209.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD3D248 /* 95.211.210.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD3D809 /* 95.211.216.9/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD3E00C /* 95.211.224.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD3E1A7 /* 95.211.225.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD3E242 /* 95.211.226.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD3E65E /* 95.211.230.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD5C3AB /* 95.213.195.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD5CAB2 /* 95.213.202.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD5FB52 /* 95.213.251.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD72C66 /* 95.215.44.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD72C69 /* 95.215.44.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD72CA7 /* 95.215.44.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD72CC2 /* 95.215.44.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD72CE8 /* 95.215.44.232/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD72D44 /* 95.215.45.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD72D8E /* 95.215.45.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD72DBC /* 95.215.45.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD72E2E /* 95.215.46.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD72E45 /* 95.215.46.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD72E7B /* 95.215.46.123/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD72EF2 /* 95.215.46.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD72EF4 /* 95.215.46.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD72F4B /* 95.215.47.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD72F96 /* 95.215.47.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD72FFB /* 95.215.47.251/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FD73D04 /* 95.215.61.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FDC073C /* 95.220.7.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FDCDFA9 /* 95.220.223.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FDF4CB8 /* 95.223.76.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x5FEB08A7 /* 95.235.8.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6009F230 /* 96.9.242.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6012AAD4 /* 96.18.170.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x602112CA /* 96.33.18.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x60238285 /* 96.35.130.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x602785DB /* 96.39.133.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x602B82B2 /* 96.43.130.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x602FEF99 /* 96.47.239.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6034D4A3 /* 96.52.212.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x604144C1 /* 96.65.68.193/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x60417BF9 /* 96.65.123.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x60420F93 /* 96.66.15.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x60553F29 /* 96.85.63.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x60559BD9 /* 96.85.155.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x60598D1D /* 96.89.141.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x605B0B51 /* 96.91.11.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x605C7632 /* 96.92.118.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x607E6009 /* 96.126.96.9/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x607E605A /* 96.126.96.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x607E69DB /* 96.126.105.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x607E7AA6 /* 96.126.122.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x607E7DBB /* 96.126.125.187/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x60E94CE8 /* 96.233.76.232/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x60EB82FC /* 96.235.130.252/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x60ED40D5 /* 96.237.64.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x60EF7A14 /* 96.239.122.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x60F20D06 /* 96.242.13.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x60F29FB1 /* 96.242.159.177/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x60F2FC93 /* 96.242.252.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x60F805AC /* 96.248.5.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x60F9FE16 /* 96.249.254.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x60FD4E6C /* 96.253.78.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x60FF478B /* 96.255.71.139/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x614AEDC4 /* 97.74.237.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x61520CB7 /* 97.82.12.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x61553F86 /* 97.85.63.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x615E705B /* 97.94.112.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x615F230D /* 97.95.35.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x615FD82C /* 97.95.216.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x616B8418 /* 97.107.132.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x616B867F /* 97.107.134.127/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x616B8A44 /* 97.107.138.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x616B8B1C /* 97.107.139.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x616B8B6C /* 97.107.139.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x616B8E85 /* 97.107.142.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x616B8EEA /* 97.107.142.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x61785EA3 /* 97.120.94.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x617EC6DC /* 97.126.198.220/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x617F1B73 /* 97.127.27.115/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x621A2219 /* 98.26.34.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x621A3022 /* 98.26.48.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6273D502 /* 98.115.213.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x62A404DF /* 98.164.4.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x62B50CA9 /* 98.181.12.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x62C931E2 /* 98.201.49.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x62D14F33 /* 98.209.79.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x62D88697 /* 98.216.134.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x62D90833 /* 98.217.8.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x62D97962 /* 98.217.121.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x62DB0831 /* 98.219.8.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x62E19AB7 /* 98.225.154.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x62E3E03A /* 98.227.224.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x62EBB9A7 /* 98.235.185.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x62ED8805 /* 98.237.136.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x62F802E4 /* 98.248.2.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x62F82838 /* 98.248.40.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x63060E37 /* 99.6.14.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6334B0A2 /* 99.52.176.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x63474BAC /* 99.71.75.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x63F57360 /* 99.245.115.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x640069DB /* 100.0.105.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x640203AC /* 100.2.3.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6406B61E /* 100.6.182.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6408FAC3 /* 100.8.250.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x640B7706 /* 100.11.119.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x640F27AD /* 100.15.39.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x640F7203 /* 100.15.114.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6410DA28 /* 100.16.218.40/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x65377D0A /* 101.55.125.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x65648D37 /* 101.100.141.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x656490AE /* 101.100.144.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x65649FD6 /* 101.100.159.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x67033D72 /* 103.3.61.114/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x67084FE5 /* 103.8.79.229/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x670AC532 /* 103.10.197.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x670AC764 /* 103.10.199.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x670E2976 /* 103.14.41.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x67193A22 /* 103.25.58.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x671B7C52 /* 103.27.124.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x671D4617 /* 103.29.70.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x67233816 /* 103.35.56.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6729B13E /* 103.41.177.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6729B140 /* 103.41.177.64/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x672AE17E /* 103.42.225.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6738CF54 /* 103.56.207.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x67C7103A /* 103.199.16.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x67E26B10 /* 103.226.107.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x67EADCC5 /* 103.234.220.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x67ECC96E /* 103.236.201.110/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x67FA49C3 /* 103.250.73.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x67FA49E8 /* 103.250.73.232/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68201531 /* 104.32.21.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68253D9F /* 104.37.61.159/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6825C09C /* 104.37.192.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68299523 /* 104.41.149.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6880E070 /* 104.128.224.112/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6880E249 /* 104.128.226.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6882A979 /* 104.130.169.121/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x688304ED /* 104.131.4.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68830BD6 /* 104.131.11.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68830C8B /* 104.131.12.139/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68831377 /* 104.131.19.119/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6883177F /* 104.131.23.127/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68831C36 /* 104.131.28.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6883248A /* 104.131.36.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68832A95 /* 104.131.42.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68832D66 /* 104.131.45.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x688341E1 /* 104.131.65.225/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x688342C2 /* 104.131.66.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6883483D /* 104.131.72.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68835477 /* 104.131.84.119/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68835684 /* 104.131.86.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x688357B4 /* 104.131.87.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x688365FB /* 104.131.101.251/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68836AB5 /* 104.131.106.181/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68836C07 /* 104.131.108.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68836ECC /* 104.131.110.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68837B10 /* 104.131.123.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x688380F7 /* 104.131.128.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6883811E /* 104.131.129.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68838282 /* 104.131.130.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68838C45 /* 104.131.140.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68839456 /* 104.131.148.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68839554 /* 104.131.149.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6883B286 /* 104.131.178.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6883B5AE /* 104.131.181.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6883B815 /* 104.131.184.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6883CC93 /* 104.131.204.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6883CDC0 /* 104.131.205.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6883CE17 /* 104.131.206.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6883F537 /* 104.131.245.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x689C3CA3 /* 104.156.60.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x689C3CA6 /* 104.156.60.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x689C66C8 /* 104.156.102.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x689CE053 /* 104.156.224.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x689CE299 /* 104.156.226.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x689CE688 /* 104.156.230.136/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68A7645F /* 104.167.100.95/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68A76D4D /* 104.167.109.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68A774EA /* 104.167.116.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68A83EAE /* 104.168.62.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68A83ED1 /* 104.168.62.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68A857A7 /* 104.168.87.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68A8A722 /* 104.168.167.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68A92625 /* 104.169.38.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68BEA4AC /* 104.190.164.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68C00747 /* 104.192.7.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68C810E3 /* 104.200.16.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68C812F4 /* 104.200.18.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68C8142E /* 104.200.20.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68C8148E /* 104.200.20.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68CEED15 /* 104.206.237.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68CEED18 /* 104.206.237.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68CF802A /* 104.207.128.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68CF8069 /* 104.207.128.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68CF8514 /* 104.207.133.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68D12CF8 /* 104.209.44.248/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68DC3938 /* 104.220.57.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68DF0138 /* 104.223.1.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68DF0CE9 /* 104.223.12.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68DF1097 /* 104.223.16.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68DF67BB /* 104.223.103.187/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68DF7A45 /* 104.223.122.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68DF7A73 /* 104.223.122.115/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68DF7AD5 /* 104.223.122.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68DF7AEF /* 104.223.122.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68E0AD3A /* 104.224.173.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68E8775D /* 104.232.119.93/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68E9500F /* 104.233.80.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68E953CE /* 104.233.83.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68E95629 /* 104.233.86.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68E95EB5 /* 104.233.94.181/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68E96AD2 /* 104.233.106.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68E97255 /* 104.233.114.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68E9773E /* 104.233.119.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68E9786C /* 104.233.120.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68E97B49 /* 104.233.123.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68EC1696 /* 104.236.22.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68EC21AE /* 104.236.33.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68EC2938 /* 104.236.41.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68EC2C85 /* 104.236.44.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68EC2CE0 /* 104.236.44.224/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68EC2E0A /* 104.236.46.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68EC3410 /* 104.236.52.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68EC46C8 /* 104.236.70.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68EC575A /* 104.236.87.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68EC656C /* 104.236.101.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68EC67A7 /* 104.236.103.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68EC6881 /* 104.236.104.129/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68EC830F /* 104.236.131.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68EC8D9C /* 104.236.141.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68EC97A0 /* 104.236.151.160/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68ECAFCB /* 104.236.175.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68ECB6CD /* 104.236.182.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68ECB739 /* 104.236.183.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68ECC7D9 /* 104.236.199.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68ECE0E1 /* 104.236.224.225/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68ECE7C5 /* 104.236.231.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68ECEAB2 /* 104.236.234.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68ECF7DA /* 104.236.247.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68ECFCA9 /* 104.236.252.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68ECFD26 /* 104.236.253.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68ED9CD6 /* 104.237.156.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68EE86B8 /* 104.238.134.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68EE9FBF /* 104.238.159.191/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68EEA76F /* 104.238.167.111/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68EEBC62 /* 104.238.188.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68EEBE82 /* 104.238.190.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68F323C4 /* 104.243.35.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68F44A0D /* 104.244.74.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68F44D8F /* 104.244.77.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68F4DFCC /* 104.244.223.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68F52450 /* 104.245.36.80/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x68FA976C /* 104.250.151.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x699E356E /* 105.158.53.110/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6AB91C19 /* 106.185.28.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6ABA7981 /* 106.186.121.129/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6ABB2565 /* 106.187.37.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6ABB2F11 /* 106.187.47.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6B02D620 /* 107.2.214.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6B041F6F /* 107.4.31.111/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6B0D7797 /* 107.13.119.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6B9EFF15 /* 107.158.255.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6B9EFF16 /* 107.158.255.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BA111B4 /* 107.161.17.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BA11271 /* 107.161.18.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BA11286 /* 107.161.18.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BA150C3 /* 107.161.80.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BA1AC97 /* 107.161.172.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAA2047 /* 107.170.32.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAA4E2A /* 107.170.78.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAA4E53 /* 107.170.78.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAA5CED /* 107.170.92.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAA5D0D /* 107.170.93.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAA6527 /* 107.170.101.39/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAA6CDE /* 107.170.108.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAA711C /* 107.170.113.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAA71D4 /* 107.170.113.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAA771F /* 107.170.119.31/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAA8F75 /* 107.170.143.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAA9607 /* 107.170.150.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAA9950 /* 107.170.153.80/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAA9ED4 /* 107.170.158.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAABC9B /* 107.170.188.155/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAAC10E /* 107.170.193.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAACD08 /* 107.170.205.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAAD546 /* 107.170.213.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAAE7A9 /* 107.170.231.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAAE84B /* 107.170.232.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAAF442 /* 107.170.244.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAAF67B /* 107.170.246.123/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAAF721 /* 107.170.247.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAAFD74 /* 107.170.253.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAC170B /* 107.172.23.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAD2B23 /* 107.173.43.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BAE3490 /* 107.174.52.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BB39941 /* 107.179.153.65/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BB59B83 /* 107.181.155.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BB5A60B /* 107.181.166.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BB5AE16 /* 107.181.174.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BB5AE54 /* 107.181.174.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BB5BBC7 /* 107.181.187.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BB6B3DC /* 107.182.179.220/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BBCBC39 /* 107.188.188.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BBF2ECC /* 107.191.46.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BBF2F57 /* 107.191.47.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BBF38C0 /* 107.191.56.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BBF672A /* 107.191.103.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BBF76AB /* 107.191.118.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BBF7EB8 /* 107.191.126.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6BD3F863 /* 107.211.248.99/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C0431B5 /* 108.4.49.181/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C0CC48C /* 108.12.196.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C1D0041 /* 108.29.0.65/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C1F2805 /* 108.31.40.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C1FA9E8 /* 108.31.169.232/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C203114 /* 108.32.49.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C2304B7 /* 108.35.4.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C2929C7 /* 108.41.41.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C2E22E8 /* 108.46.34.232/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C331A8D /* 108.51.26.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C339122 /* 108.51.145.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C33EC02 /* 108.51.236.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C35D09D /* 108.53.208.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C3A90EA /* 108.58.144.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C3B02D0 /* 108.59.2.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C3D6027 /* 108.61.96.39/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C3D60E6 /* 108.61.96.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C3D6307 /* 108.61.99.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C3D6395 /* 108.61.99.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C3D774B /* 108.61.119.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C3DA500 /* 108.61.165.0/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C3DA5A9 /* 108.61.165.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C3DA7D3 /* 108.61.167.211/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C3DB64A /* 108.61.182.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C3DBE8B /* 108.61.190.139/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C3DD44E /* 108.61.212.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6C55630A /* 108.85.99.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6CA185BD /* 108.161.133.189/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6CA2AB42 /* 108.162.171.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6CA84202 /* 108.168.66.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6CAA920A /* 108.170.146.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6CAA9FFB /* 108.170.159.251/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6CAF02CD /* 108.175.2.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6CAF0BE6 /* 108.175.11.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6CB80514 /* 108.184.5.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6CF0B68C /* 108.240.182.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6CF857F2 /* 108.248.87.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D00AA2D /* 109.0.170.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D08CFA6 /* 109.8.207.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D18C1D8 /* 109.24.193.216/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D18DC07 /* 109.24.220.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D1EC5DE /* 109.30.197.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D3FEBB6 /* 109.63.235.182/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D44AE3C /* 109.68.174.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D44BF84 /* 109.68.191.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D44BF85 /* 109.68.191.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D454311 /* 109.69.67.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D4676A4 /* 109.70.118.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D4AC3BE /* 109.74.195.190/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D4ACE15 /* 109.74.206.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D4BB84D /* 109.75.184.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D5A0231 /* 109.90.2.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D5A4BC0 /* 109.90.75.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D5A6963 /* 109.90.105.99/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D5AB5BD /* 109.90.181.189/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D5B73C8 /* 109.91.115.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D6832B3 /* 109.104.50.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D696DA2 /* 109.105.109.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D6A3DF9 /* 109.106.61.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D6B239A /* 109.107.35.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D6C0357 /* 109.108.3.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D6C1DF2 /* 109.108.29.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D78B4F5 /* 109.120.180.245/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D78B5B1 /* 109.120.181.177/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D7E09E4 /* 109.126.9.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D806B66 /* 109.128.107.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D8086E1 /* 109.128.134.225/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D827E43 /* 109.130.126.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D914022 /* 109.145.64.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D92A821 /* 109.146.168.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D948254 /* 109.148.130.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D94B389 /* 109.148.179.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D9657AC /* 109.150.87.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D9CC5B9 /* 109.156.197.185/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6D9DDFF9 /* 109.157.223.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DA3EA02 /* 109.163.234.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DA3EA04 /* 109.163.234.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DA3EA05 /* 109.163.234.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DA3EA07 /* 109.163.234.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DA3EA08 /* 109.163.234.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DA3EA09 /* 109.163.234.9/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DA4ECE7 /* 109.164.236.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DA921A3 /* 109.169.33.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DAD29A1 /* 109.173.41.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DAD3936 /* 109.173.57.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DAD39A9 /* 109.173.57.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DAD4CF8 /* 109.173.76.248/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DBBF630 /* 109.187.246.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DBC49D8 /* 109.188.73.216/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DBD4EDF /* 109.189.78.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DBD9D3F /* 109.189.157.63/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DBE1822 /* 109.190.24.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DBE4295 /* 109.190.66.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DBEB62C /* 109.190.182.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DC01159 /* 109.192.17.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DC0DDFB /* 109.192.221.251/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DC13134 /* 109.193.49.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DC146DB /* 109.193.70.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DC26E91 /* 109.194.110.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DC2E7B4 /* 109.194.231.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DC373CA /* 109.195.115.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DC393F8 /* 109.195.147.248/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DC41236 /* 109.196.18.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DC5C1A0 /* 109.197.193.160/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DC98564 /* 109.201.133.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DC99408 /* 109.201.148.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DE26195 /* 109.226.97.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DE48298 /* 109.228.130.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DE6E7A5 /* 109.230.231.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DE6EC59 /* 109.230.236.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DE97FE9 /* 109.233.127.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DEA24C4 /* 109.234.36.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DEC5809 /* 109.236.88.9/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DFE5606 /* 109.254.86.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DFF006B /* 109.255.0.107/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6DFFBD87 /* 109.255.189.135/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6E042F8B /* 110.4.47.139/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6E43583F /* 110.67.88.63/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6E93A5CA /* 110.147.165.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6F59788D /* 111.89.120.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6F59A849 /* 111.89.168.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6F5A8C51 /* 111.90.140.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6F5A92DC /* 111.90.146.220/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x6F5A94B2 /* 111.90.148.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x704E06F1 /* 112.78.6.241/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x71141F2D /* 113.20.31.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x71921957 /* 113.146.25.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7197112D /* 113.151.17.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x71C5335F /* 113.197.51.95/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x72B688D9 /* 114.182.136.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x73463970 /* 115.70.57.112/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x734D68ED /* 115.77.104.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7354E85B /* 115.84.232.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x737C70EB /* 115.124.112.235/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x73927FE0 /* 115.146.127.224/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x73A36FBA /* 115.163.111.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x73BAF33C /* 115.186.243.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x73BBF6B8 /* 115.187.246.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7464807E /* 116.100.128.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x751263F9 /* 117.18.99.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x75C9F002 /* 117.201.240.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x76094F93 /* 118.9.79.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7612FD23 /* 118.18.253.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x767F6C88 /* 118.127.108.136/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x76A34A9D /* 118.163.74.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x76D097C0 /* 118.208.151.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x76D0DAD3 /* 118.208.218.211/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x773B7F68 /* 119.59.127.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x77EBF988 /* 119.235.249.136/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x781DD92E /* 120.29.217.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7838AA63 /* 120.56.170.99/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x792CD234 /* 121.44.210.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x792DBF12 /* 121.45.191.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7936AF32 /* 121.54.175.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x794953C0 /* 121.73.83.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7963E40E /* 121.99.228.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7976CB7A /* 121.118.203.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x797971EA /* 121.121.113.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x797FFA9C /* 121.127.250.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7A3B7991 /* 122.59.121.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7B1E8847 /* 123.30.136.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7C521DB5 /* 124.82.29.181/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7C6D01CF /* 124.109.1.207/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7CA8D5E7 /* 124.168.213.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7CD9F316 /* 124.217.243.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7CD9FA48 /* 124.217.250.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7CD9FE37 /* 124.217.254.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7CD9FE46 /* 124.217.254.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7CD9FE63 /* 124.217.254.99/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7CD9FEB1 /* 124.217.254.177/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7CF8F4AE /* 124.248.244.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7D01E599 /* 125.1.229.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7DD19718 /* 125.209.151.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7DD4D9C5 /* 125.212.217.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7DD4DC3C /* 125.212.220.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7DD4F1B6 /* 125.212.241.182/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7DEEFF4B /* 125.238.255.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x7E460792 /* 126.70.7.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x800CB13B /* 128.12.177.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x801E4FCA /* 128.30.79.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x801F0022 /* 128.31.0.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8027081D /* 128.39.8.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80348069 /* 128.52.128.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8034B2E9 /* 128.52.178.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8034B3C0 /* 128.52.179.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8044C9FA /* 128.68.201.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8048D327 /* 128.72.211.39/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x807F2821 /* 128.127.40.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x807F2F40 /* 128.127.47.64/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x807F6A31 /* 128.127.106.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x807F6F19 /* 128.127.111.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8082CC5B /* 128.130.204.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8099927D /* 128.153.146.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C7227A /* 128.199.34.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C72305 /* 128.199.35.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C723A2 /* 128.199.35.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C7250C /* 128.199.37.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C729EE /* 128.199.41.238/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C72FA0 /* 128.199.47.160/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C72FEB /* 128.199.47.235/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C73725 /* 128.199.55.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C737CF /* 128.199.55.207/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C73B14 /* 128.199.59.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C745EA /* 128.199.69.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C75130 /* 128.199.81.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C755A5 /* 128.199.85.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C77A68 /* 128.199.122.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C783A8 /* 128.199.131.168/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C78407 /* 128.199.132.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C7859A /* 128.199.133.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C78A4A /* 128.199.138.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C78BE0 /* 128.199.139.224/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C79C12 /* 128.199.156.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C7A36C /* 128.199.163.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C7AAF6 /* 128.199.170.246/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C7B364 /* 128.199.179.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C7C0E6 /* 128.199.192.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C7C270 /* 128.199.194.112/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C7C76B /* 128.199.199.107/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C7C778 /* 128.199.199.120/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C7D230 /* 128.199.210.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C7DD23 /* 128.199.221.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C7E058 /* 128.199.224.88/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C7E42A /* 128.199.228.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C7E43D /* 128.199.228.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C7EA03 /* 128.199.234.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C7EAFC /* 128.199.234.252/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C7EC3C /* 128.199.236.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C7F0C1 /* 128.199.240.193/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C7F24B /* 128.199.242.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C7F4CE /* 128.199.244.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C7FB59 /* 128.199.251.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80C7FCC5 /* 128.199.252.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80D002E9 /* 128.208.2.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x80E81239 /* 128.232.18.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x810A73D9 /* 129.10.115.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x810A73DA /* 129.10.115.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x810A73DB /* 129.10.115.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x810A73DC /* 129.10.115.220/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8164226A /* 129.100.34.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x81E8E70A /* 129.232.231.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x81F2DB33 /* 129.242.219.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x823FAD7E /* 130.63.173.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82950E1F /* 130.149.14.31/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8295C80A /* 130.149.200.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82B417E6 /* 130.180.23.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82B41EFE /* 130.180.30.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82B43F96 /* 130.180.63.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82B448B2 /* 130.180.72.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82B46F5E /* 130.180.111.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82B96832 /* 130.185.104.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82B9FA4C /* 130.185.250.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82B9FA4D /* 130.185.250.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82B9FAAB /* 130.185.250.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82C10FBA /* 130.193.15.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82CCA103 /* 130.204.161.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82E1FE67 /* 130.225.254.103/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82E671E4 /* 130.230.113.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82E671E5 /* 130.230.113.229/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82E671E6 /* 130.230.113.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82E671E7 /* 130.230.113.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82E671E8 /* 130.230.113.232/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82E671E9 /* 130.230.113.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82E671EA /* 130.230.113.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82E671EB /* 130.230.113.235/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82E671EC /* 130.230.113.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82E671ED /* 130.230.113.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82FF0ABF /* 130.255.10.191/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x82FF48A4 /* 130.255.72.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x83828E62 /* 131.130.142.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x839B477C /* 131.155.71.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x83BC28BC /* 131.188.40.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x83BC28BD /* 131.188.40.189/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x83D7ACD6 /* 131.215.172.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x83FF05EF /* 131.255.5.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x83FF073A /* 131.255.7.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x84D83602 /* 132.216.54.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x84E69651 /* 132.230.150.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8526CAC6 /* 133.38.202.198/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x85827CB9 /* 133.130.124.185/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x85E8E634 /* 133.232.230.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x85F29226 /* 133.242.146.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x85F2924E /* 133.242.146.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x860304E1 /* 134.3.4.225/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x86035FCB /* 134.3.95.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8613B16D /* 134.19.177.109/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x86229380 /* 134.34.147.128/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8631E95E /* 134.49.233.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x863A2C06 /* 134.58.44.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x863A2C3B /* 134.58.44.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x865B4E8F /* 134.91.78.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x866370A8 /* 134.99.112.168/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8666167A /* 134.102.22.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8666C865 /* 134.102.200.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x86770302 /* 134.119.3.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x867703A4 /* 134.119.3.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x86770923 /* 134.119.9.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x86771AC1 /* 134.119.26.193/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x867720D0 /* 134.119.32.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x867720F7 /* 134.119.32.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x86772487 /* 134.119.36.135/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8682B52B /* 134.130.181.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8682B531 /* 134.130.181.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8682B5D4 /* 134.130.181.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x87177229 /* 135.23.114.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8820EE8D /* 136.32.238.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x883E0ED6 /* 136.62.14.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x883E12DD /* 136.62.18.221/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x883E1876 /* 136.62.24.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x88A8C999 /* 136.168.201.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x88F3019C /* 136.243.1.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x88F346C7 /* 136.243.70.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x88F3620C /* 136.243.98.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x88F36686 /* 136.243.102.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x88F36B04 /* 136.243.107.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x88F3723E /* 136.243.114.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x88F39552 /* 136.243.149.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x88F3AE61 /* 136.243.174.97/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x88F3B094 /* 136.243.176.148/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x88F3B185 /* 136.243.177.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x88F3BBA5 /* 136.243.187.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x88F3D134 /* 136.243.209.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x88F3D689 /* 136.243.214.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x894A15AD /* 137.74.21.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x894A19AF /* 137.74.25.175/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x894A284D /* 137.74.40.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x894A74A8 /* 137.74.116.168/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x894A74D6 /* 137.74.116.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x894A7534 /* 137.74.117.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x894AA191 /* 137.74.161.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x894AA4D5 /* 137.74.164.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x894AA760 /* 137.74.167.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x894AA7A1 /* 137.74.167.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x894AA7E0 /* 137.74.167.224/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x894AA9F1 /* 137.74.169.241/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x894AAD8F /* 137.74.173.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x894AE084 /* 137.74.224.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x89656D65 /* 137.101.109.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x898708E9 /* 137.135.8.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x89CD7C23 /* 137.205.124.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x89E26F7B /* 137.226.111.123/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A440004 /* 138.68.0.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A440077 /* 138.68.0.119/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A44060F /* 138.68.6.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A44082B /* 138.68.8.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A440AF0 /* 138.68.10.240/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A440DAB /* 138.68.13.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A440E2A /* 138.68.14.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A440FBF /* 138.68.15.191/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A4425B2 /* 138.68.37.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A443215 /* 138.68.50.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A444545 /* 138.68.69.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A44505B /* 138.68.80.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A44506C /* 138.68.80.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A446159 /* 138.68.97.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A446BA3 /* 138.68.107.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A446D32 /* 138.68.109.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A44815D /* 138.68.129.93/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A44829E /* 138.68.130.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A4486F9 /* 138.68.134.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A448CD7 /* 138.68.140.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A448E83 /* 138.68.142.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A4496A8 /* 138.68.150.168/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A449F8E /* 138.68.159.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A44E89B /* 138.68.232.155/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A4B48B1 /* 138.75.72.177/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8A75942D /* 138.117.148.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC5044D /* 138.197.4.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC50EE2 /* 138.197.14.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC53B16 /* 138.197.59.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC54C0C /* 138.197.76.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC56030 /* 138.197.96.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC57DFC /* 138.197.125.252/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC58551 /* 138.197.133.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC585FF /* 138.197.133.255/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC58893 /* 138.197.136.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC58B4F /* 138.197.139.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC58F84 /* 138.197.143.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC5C2E6 /* 138.197.194.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC5C432 /* 138.197.196.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC5CA23 /* 138.197.202.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC5CD32 /* 138.197.205.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC5CFB0 /* 138.197.207.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC5CFB1 /* 138.197.207.177/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC5CFF3 /* 138.197.207.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC5D1FE /* 138.197.209.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC5D60B /* 138.197.214.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC5DFFA /* 138.197.223.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC9034B /* 138.201.3.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC9396D /* 138.201.57.109/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC93ACE /* 138.201.58.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC94B06 /* 138.201.75.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC953AB /* 138.201.83.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC95BD2 /* 138.201.91.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC95C74 /* 138.201.92.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC95CB7 /* 138.201.92.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC95EF9 /* 138.201.94.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC95F7D /* 138.201.95.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC96AD1 /* 138.201.106.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC975A7 /* 138.201.117.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC976FE /* 138.201.118.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC98411 /* 138.201.132.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC9876C /* 138.201.135.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC98FBA /* 138.201.143.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC99514 /* 138.201.149.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC99515 /* 138.201.149.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC99AD1 /* 138.201.154.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC99E2C /* 138.201.158.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC9A90C /* 138.201.169.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC9C6A4 /* 138.201.198.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC9D3EA /* 138.201.211.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC9D3EB /* 138.201.211.235/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC9F557 /* 138.201.245.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC9F702 /* 138.201.247.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC9F712 /* 138.201.247.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8AC9FFF5 /* 138.201.255.245/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8ACCAB67 /* 138.204.171.103/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8ADB2B8D /* 138.219.43.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B121923 /* 139.18.25.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B0006 /* 139.59.0.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B0025 /* 139.59.0.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B005E /* 139.59.0.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B0282 /* 139.59.2.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B02BA /* 139.59.2.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B077C /* 139.59.7.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B0886 /* 139.59.8.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B0B21 /* 139.59.11.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B0DD9 /* 139.59.13.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B1005 /* 139.59.16.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B1453 /* 139.59.20.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B16D5 /* 139.59.22.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B1AA7 /* 139.59.26.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B1D2E /* 139.59.29.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B1F4C /* 139.59.31.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B1FE3 /* 139.59.31.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B20BE /* 139.59.32.190/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B21AC /* 139.59.33.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B22D1 /* 139.59.34.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B2439 /* 139.59.36.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B2495 /* 139.59.36.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B2498 /* 139.59.36.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B2565 /* 139.59.37.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B2735 /* 139.59.39.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B29C5 /* 139.59.41.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B2ADF /* 139.59.42.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B2BBA /* 139.59.43.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B2C60 /* 139.59.44.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B2C79 /* 139.59.44.121/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B2E46 /* 139.59.46.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B2EAB /* 139.59.46.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B81A3 /* 139.59.129.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B9BAE /* 139.59.155.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3B9ED2 /* 139.59.158.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3BAC5D /* 139.59.172.93/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B3BEBAC /* 139.59.235.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8B8CB597 /* 139.140.181.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA20728 /* 139.162.7.40/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA20991 /* 139.162.9.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA20A48 /* 139.162.10.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA2100D /* 139.162.16.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA213E9 /* 139.162.19.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA21C17 /* 139.162.28.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA21C1F /* 139.162.28.31/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA22C80 /* 139.162.44.128/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA239A7 /* 139.162.57.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA23D2C /* 139.162.61.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA23DB1 /* 139.162.61.177/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA24E3D /* 139.162.78.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA254B8 /* 139.162.84.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA26052 /* 139.162.96.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA2706F /* 139.162.112.111/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA28E1B /* 139.162.142.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA28E78 /* 139.162.142.120/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA29085 /* 139.162.144.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA29424 /* 139.162.148.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA29610 /* 139.162.150.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA29756 /* 139.162.151.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA2A543 /* 139.162.165.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA2B513 /* 139.162.181.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA2B978 /* 139.162.185.120/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA2BAB3 /* 139.162.186.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA2BFF3 /* 139.162.191.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA2D9DB /* 139.162.217.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA2E2F5 /* 139.162.226.245/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA2E81C /* 139.162.232.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA2F145 /* 139.162.241.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA2F578 /* 139.162.245.120/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8BA2F80D /* 139.162.248.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8C71D049 /* 140.113.208.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8C71D05B /* 140.113.208.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8C71EB97 /* 140.113.235.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8C73BDA4 /* 140.115.189.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8C73BDBD /* 140.115.189.189/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8C8A90AA /* 140.138.144.170/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8CC0DA8B /* 140.192.218.139/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8D00920E /* 141.0.146.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8D142143 /* 141.20.33.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8D142144 /* 141.20.33.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8D146719 /* 141.20.103.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8D160A39 /* 141.22.10.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8D337D10 /* 141.51.125.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8D369FB8 /* 141.54.159.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8D45CD79 /* 141.69.205.121/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8D467DE8 /* 141.70.125.232/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8D69433A /* 141.105.67.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8D8A8DD0 /* 141.138.141.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8DAA0235 /* 141.170.2.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8DFF0B78 /* 141.255.11.120/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8DFFA1A6 /* 141.255.161.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8DFFA1A7 /* 141.255.161.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8DFFA566 /* 141.255.165.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8DFFA68E /* 141.255.166.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8DFFA696 /* 141.255.166.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8DFFA6BD /* 141.255.166.189/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8DFFBDA1 /* 141.255.189.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8E0420C4 /* 142.4.32.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8E04D3BD /* 142.4.211.189/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8E04D480 /* 142.4.212.128/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8E04D6BB /* 142.4.214.187/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8E36BAB2 /* 142.54.186.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8E36BEFA /* 142.54.190.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8F6A3C46 /* 143.106.60.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8F6A3C56 /* 143.106.60.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8FB03433 /* 143.176.52.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8FF8394B /* 143.248.57.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x8FF8DF6F /* 143.248.223.111/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C06C7 /* 144.76.6.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C0B64 /* 144.76.11.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C0E91 /* 144.76.14.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C1AAF /* 144.76.26.175/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C1EA7 /* 144.76.30.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C1FCA /* 144.76.31.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C25F2 /* 144.76.37.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C2879 /* 144.76.40.121/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C2AEF /* 144.76.42.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C2D4A /* 144.76.45.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C3225 /* 144.76.50.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C357D /* 144.76.53.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C3D28 /* 144.76.61.40/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C4042 /* 144.76.64.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C438C /* 144.76.67.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C4629 /* 144.76.70.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C498C /* 144.76.73.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C5044 /* 144.76.80.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C51D7 /* 144.76.81.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C5ACD /* 144.76.90.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C5CB0 /* 144.76.92.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C6007 /* 144.76.96.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C6975 /* 144.76.105.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C6D8A /* 144.76.109.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C7055 /* 144.76.112.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C75A9 /* 144.76.117.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C843C /* 144.76.132.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904C9E88 /* 144.76.158.136/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904CA35D /* 144.76.163.93/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904CACBB /* 144.76.172.187/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904CAFCD /* 144.76.175.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x904CFDE5 /* 144.76.253.229/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x90880513 /* 144.136.5.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x90D90FA4 /* 144.217.15.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x90D90FB3 /* 144.217.15.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x90D9388C /* 144.217.56.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x90D9388D /* 144.217.56.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x90D93CD3 /* 144.217.60.211/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x90D93CEF /* 144.217.60.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x90D9574E /* 144.217.87.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x90D95A8A /* 144.217.90.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x90D9632E /* 144.217.99.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x90D9A177 /* 144.217.161.119/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x90D9A29E /* 144.217.162.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x918102BC /* 145.129.2.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x91842AEA /* 145.132.42.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x91852984 /* 145.133.41.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x91FFF332 /* 145.255.243.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9200207A /* 146.0.32.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92002084 /* 146.0.32.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92002090 /* 146.0.32.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92002A2B /* 146.0.42.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92002B79 /* 146.0.43.121/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92002B7E /* 146.0.43.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92004D32 /* 146.0.77.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92004FF3 /* 146.0.79.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x923449B4 /* 146.52.73.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92345305 /* 146.52.83.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x923496A2 /* 146.52.150.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9234CF31 /* 146.52.207.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92732C7C /* 146.115.44.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9273918F /* 146.115.145.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9273A25B /* 146.115.162.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92B98269 /* 146.185.130.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92B983EF /* 146.185.131.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92B98823 /* 146.185.136.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92B98DA3 /* 146.185.141.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92B99170 /* 146.185.145.112/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92B996DB /* 146.185.150.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92B99BDA /* 146.185.155.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92B99D3D /* 146.185.157.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92B9A01E /* 146.185.160.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92B9A32C /* 146.185.163.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92B9A374 /* 146.185.163.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92B9AA23 /* 146.185.170.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92B9B024 /* 146.185.176.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92B9B167 /* 146.185.177.103/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92B9BDC5 /* 146.185.189.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92B9BDCB /* 146.185.189.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92B9FB28 /* 146.185.251.40/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92B9FD65 /* 146.185.253.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x92FF39E4 /* 146.255.57.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9353AF2F /* 147.83.175.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9393BD78 /* 147.147.189.120/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x93AFBB8F /* 147.175.187.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x93AFBBB4 /* 147.175.187.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x93FB2ADD /* 147.251.42.221/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x94FB2AA4 /* 148.251.42.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x94FB31B4 /* 148.251.49.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x94FB324A /* 148.251.50.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x94FB37F6 /* 148.251.55.246/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x94FB4464 /* 148.251.68.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x94FB5884 /* 148.251.88.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x94FB71E6 /* 148.251.113.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x94FB809C /* 148.251.128.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x94FB8854 /* 148.251.136.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x94FB97F0 /* 148.251.151.240/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x94FBA8E2 /* 148.251.168.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x94FBB019 /* 148.251.176.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x94FBB652 /* 148.251.182.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x94FBBEE5 /* 148.251.190.229/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x94FBCE86 /* 148.251.206.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x94FBD635 /* 148.251.214.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x94FBDDA3 /* 148.251.221.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x94FBE30E /* 148.251.227.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x94FBEEFD /* 148.251.238.253/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x94FBF597 /* 148.251.245.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x94FBFEE5 /* 148.251.254.229/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x94FBFF5C /* 148.251.255.92/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9509001B /* 149.9.0.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x953801CC /* 149.56.1.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95380C4E /* 149.56.12.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95381954 /* 149.56.25.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95382DC8 /* 149.56.45.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x953860A5 /* 149.56.96.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95386319 /* 149.56.99.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95386494 /* 149.56.100.148/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95386776 /* 149.56.103.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95386CC4 /* 149.56.108.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95386EFA /* 149.56.110.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x953884A8 /* 149.56.132.168/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9538B938 /* 149.56.185.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9538C943 /* 149.56.201.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9538C9A8 /* 149.56.201.168/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9538CC7E /* 149.56.204.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9538CCDA /* 149.56.204.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9538DFF0 /* 149.56.223.240/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9538DFF2 /* 149.56.223.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9538DFF4 /* 149.56.223.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9538E510 /* 149.56.229.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9538E511 /* 149.56.229.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9538E98E /* 149.56.233.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x955675C2 /* 149.86.117.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x955B5261 /* 149.91.82.97/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x959A9879 /* 149.154.152.121/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x959A9D50 /* 149.154.157.80/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x959A9E7A /* 149.154.158.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x959A9EE4 /* 149.154.158.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x959A9F57 /* 149.154.159.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x959A9FAC /* 149.154.159.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95AC95AA /* 149.172.149.170/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95CA026A /* 149.202.2.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95CA186A /* 149.202.24.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95CA3157 /* 149.202.49.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95CA39D6 /* 149.202.57.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95CA3A29 /* 149.202.58.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95CA3F64 /* 149.202.63.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95CA3FD6 /* 149.202.63.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95CA62A0 /* 149.202.98.160/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95CA62A1 /* 149.202.98.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95CAA045 /* 149.202.160.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95CAB5D6 /* 149.202.181.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95CABE0E /* 149.202.190.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95CAC0CB /* 149.202.192.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95CADC50 /* 149.202.220.80/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95CAEEC6 /* 149.202.238.198/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95CAEECC /* 149.202.238.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95D2A4E4 /* 149.210.164.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95D2DA29 /* 149.210.218.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95D2DD30 /* 149.210.221.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95D2E29B /* 149.210.226.155/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x95FF255A /* 149.255.37.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x965F8736 /* 150.95.135.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x965F8A2A /* 150.95.138.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9665F363 /* 150.101.243.99/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x966B9624 /* 150.107.150.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x966B9665 /* 150.107.150.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x966B9666 /* 150.107.150.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x969202F5 /* 150.146.2.245/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9701B6D9 /* 151.1.182.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x971B6AE0 /* 151.27.106.224/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x972DDDDB /* 151.45.221.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x97378BF5 /* 151.55.139.245/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x97437350 /* 151.67.115.80/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x97502591 /* 151.80.37.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x97502643 /* 151.80.38.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x97502848 /* 151.80.40.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x97502A67 /* 151.80.42.103/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x97502D31 /* 151.80.45.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9750388D /* 151.80.56.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x97503B90 /* 151.80.59.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x97506DA8 /* 151.80.109.168/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x975073B4 /* 151.80.115.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9750800C /* 151.80.128.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x97509399 /* 151.80.147.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9750EE98 /* 151.80.238.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x97E06098 /* 151.224.96.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x97E46D46 /* 151.228.109.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x97EC066E /* 151.236.6.110/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x97EC06C2 /* 151.236.6.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x97EC0B72 /* 151.236.11.114/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x97EC0C7E /* 151.236.12.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x97ECDA43 /* 151.236.218.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x97ECDD2C /* 151.236.221.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x97ECDED9 /* 151.236.222.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x97EDBE32 /* 151.237.190.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x97EDE583 /* 151.237.229.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x995C7EEA /* 153.92.126.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x995C7F69 /* 153.92.127.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x995C7FCE /* 153.92.127.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x995C7FEF /* 153.92.127.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x99782A89 /* 153.120.42.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9978ABB7 /* 153.120.171.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x997925A6 /* 153.121.37.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x99792C1E /* 153.121.44.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x997E9E41 /* 153.126.158.65/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x997EC45F /* 153.126.196.95/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x997FC77C /* 153.127.199.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x999562FB /* 153.149.98.251/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x99F80697 /* 153.248.6.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9A23AFE1 /* 154.35.175.225/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9A31D448 /* 154.49.212.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9A4699AF /* 154.70.153.175/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9A7F3C5C /* 154.127.60.92/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9A7F3C9A /* 154.127.60.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9A7F3D86 /* 154.127.61.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9A7F3DF9 /* 154.127.61.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9B0409EA /* 155.4.9.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9B0467D6 /* 155.4.103.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9B04B45D /* 155.4.180.93/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9B04D4B5 /* 155.4.212.181/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9B5EB5B3 /* 155.94.181.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9B620506 /* 155.98.5.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9B8526E2 /* 155.133.38.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9BFE31B2 /* 155.254.49.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E3AAA02 /* 158.58.170.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E3AAA1B /* 158.58.170.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E3AAA3F /* 158.58.170.63/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E3AAA42 /* 158.58.170.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E3AAA43 /* 158.58.170.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E3AAA63 /* 158.58.170.99/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E3AAA6F /* 158.58.170.111/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E3AAA8F /* 158.58.170.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E3AAA95 /* 158.58.170.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E3AAA9D /* 158.58.170.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E3AAA9F /* 158.58.170.159/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E3AAAB7 /* 158.58.170.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E3AAAC3 /* 158.58.170.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E3AAADC /* 158.58.170.220/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E3AAB8F /* 158.58.171.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E3AAB90 /* 158.58.171.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E3AAD4E /* 158.58.173.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E452483 /* 158.69.36.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E452498 /* 158.69.36.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E4525D5 /* 158.69.37.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E45304D /* 158.69.48.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E455C7F /* 158.69.92.127/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E4566D0 /* 158.69.102.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E457723 /* 158.69.119.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E45C1F3 /* 158.69.193.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E45CC24 /* 158.69.204.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E45CD5C /* 158.69.205.92/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E45CDCC /* 158.69.205.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E45CDD7 /* 158.69.205.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E45CDF7 /* 158.69.205.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E45CE9A /* 158.69.206.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E45CFD8 /* 158.69.207.216/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E45D59A /* 158.69.213.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E45D812 /* 158.69.216.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E45D922 /* 158.69.217.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E45F750 /* 158.69.247.80/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9E8200F2 /* 158.130.0.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9EC19905 /* 158.193.153.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9EC19906 /* 158.193.153.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9EFF04F1 /* 158.255.4.241/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9EFF0575 /* 158.255.5.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9EFF05B4 /* 158.255.5.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9EFF05B5 /* 158.255.5.181/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9EFF05CE /* 158.255.5.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9EFF05CF /* 158.255.5.207/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9EFF06F2 /* 158.255.6.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9EFF073D /* 158.255.7.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9EFFD4B2 /* 158.255.212.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9EFFD729 /* 158.255.215.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9F7A02D1 /* 159.122.2.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9F94BA90 /* 159.148.186.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9F94BAA2 /* 159.148.186.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9F94BAC0 /* 159.148.186.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9F94BAC4 /* 159.148.186.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9F94BAC7 /* 159.148.186.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9F94BAEC /* 159.148.186.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCB0156 /* 159.203.1.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCB03E0 /* 159.203.3.224/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCB0551 /* 159.203.5.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCB0F64 /* 159.203.15.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCB0F94 /* 159.203.15.148/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCB1017 /* 159.203.16.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCB10E9 /* 159.203.16.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCB1167 /* 159.203.17.103/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCB1263 /* 159.203.18.99/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCB1633 /* 159.203.22.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCB1B05 /* 159.203.27.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCB1B6F /* 159.203.27.111/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCB1DF0 /* 159.203.29.240/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCB2095 /* 159.203.32.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCB2136 /* 159.203.33.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCB26FA /* 159.203.38.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCB2977 /* 159.203.41.119/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCB2985 /* 159.203.41.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCB2A6B /* 159.203.42.107/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCB2EAE /* 159.203.46.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCB2FA6 /* 159.203.47.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCB5558 /* 159.203.85.88/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCB678A /* 159.203.103.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCBABFE /* 159.203.171.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCBAD26 /* 159.203.173.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCBC148 /* 159.203.193.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCBC1AF /* 159.203.193.175/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCBDB65 /* 159.203.219.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCBE019 /* 159.203.224.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCBEAF4 /* 159.203.234.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCBFBEC /* 159.203.251.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0x9FCBFDB7 /* 159.203.253.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA135A068 /* 161.53.160.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA161C332 /* 161.97.195.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA161C71E /* 161.97.199.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2C1E616 /* 162.193.230.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2DAEF7D /* 162.218.239.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2DB0739 /* 162.219.7.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2DCA5B9 /* 162.220.165.185/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2DCDA6D /* 162.220.218.109/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2DCF6E6 /* 162.220.246.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2DDC939 /* 162.221.201.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2DDCAE6 /* 162.221.202.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2DE3486 /* 162.222.52.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F308A1 /* 162.243.8.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F32430 /* 162.243.36.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F337CB /* 162.243.55.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F33C60 /* 162.243.60.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F3411C /* 162.243.65.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F348C6 /* 162.243.72.198/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F364E1 /* 162.243.100.225/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F3733B /* 162.243.115.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F386BC /* 162.243.134.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F3969C /* 162.243.150.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F396E5 /* 162.243.150.229/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F3A689 /* 162.243.166.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F3C376 /* 162.243.195.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F419D6 /* 162.244.25.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F41A09 /* 162.244.26.9/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F41A4C /* 162.244.26.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F517B0 /* 162.245.23.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F74807 /* 162.247.72.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F7481B /* 162.247.72.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F748C7 /* 162.247.72.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F748C8 /* 162.247.72.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F748C9 /* 162.247.72.201/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F748CA /* 162.247.72.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F748D5 /* 162.247.72.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F748D8 /* 162.247.72.216/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F748D9 /* 162.247.72.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F7494A /* 162.247.73.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F749C3 /* 162.247.73.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F749CC /* 162.247.73.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F749CE /* 162.247.73.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F74B76 /* 162.247.75.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F80A84 /* 162.248.10.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F80BB0 /* 162.248.11.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2F8A50E /* 162.248.165.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2FCCC3E /* 162.252.204.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2FCF250 /* 162.252.242.80/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA2FCF314 /* 162.252.243.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA31611D3 /* 163.22.17.211/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA32C709C /* 163.44.112.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA32C70E6 /* 163.44.112.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA32C951F /* 163.44.149.31/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA39EA814 /* 163.158.168.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA39EB313 /* 163.158.179.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC0826 /* 163.172.8.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC0AD0 /* 163.172.10.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC0DA5 /* 163.172.13.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC0EDD /* 163.172.14.221/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC1560 /* 163.172.21.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC1976 /* 163.172.25.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC1B27 /* 163.172.27.39/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC1B3E /* 163.172.27.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC1D14 /* 163.172.29.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC1D15 /* 163.172.29.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC23D3 /* 163.172.35.211/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC23F7 /* 163.172.35.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC23F9 /* 163.172.35.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC2421 /* 163.172.36.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC249C /* 163.172.36.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC2AEF /* 163.172.42.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC2D1E /* 163.172.45.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC38F8 /* 163.172.56.248/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC3D1C /* 163.172.61.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC43B4 /* 163.172.67.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC5203 /* 163.172.82.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC527C /* 163.172.82.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC545F /* 163.172.84.95/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC59E3 /* 163.172.89.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC5A80 /* 163.172.90.128/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC6B92 /* 163.172.107.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC7316 /* 163.172.115.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC8097 /* 163.172.128.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC811D /* 163.172.129.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC8132 /* 163.172.129.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC8143 /* 163.172.129.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC8251 /* 163.172.130.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC8358 /* 163.172.131.88/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC83A4 /* 163.172.131.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC83C0 /* 163.172.131.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC84B2 /* 163.172.132.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC8536 /* 163.172.133.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC8627 /* 163.172.134.39/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC86EE /* 163.172.134.238/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC87AC /* 163.172.135.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC8865 /* 163.172.136.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC8904 /* 163.172.137.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC898D /* 163.172.137.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC8A16 /* 163.172.138.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC8B68 /* 163.172.139.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC8B6F /* 163.172.139.111/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC8B86 /* 163.172.139.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC8B91 /* 163.172.139.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC8D0A /* 163.172.141.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC8D21 /* 163.172.141.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC8E0F /* 163.172.142.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC8E5C /* 163.172.142.92/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC90EC /* 163.172.144.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC915B /* 163.172.145.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC92CC /* 163.172.146.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC92E8 /* 163.172.146.232/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC957A /* 163.172.149.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC959B /* 163.172.149.155/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC972F /* 163.172.151.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC97AE /* 163.172.151.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC98E7 /* 163.172.152.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC98ED /* 163.172.152.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC990C /* 163.172.153.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC9BB5 /* 163.172.155.181/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC9C4C /* 163.172.156.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC9C89 /* 163.172.156.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC9DD5 /* 163.172.157.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC9F1B /* 163.172.159.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3AC9FE7 /* 163.172.159.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACA0B6 /* 163.172.160.182/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACA0EF /* 163.172.160.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACA287 /* 163.172.162.135/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACA2B6 /* 163.172.162.182/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACA506 /* 163.172.165.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACA5CB /* 163.172.165.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACA601 /* 163.172.166.1/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACA603 /* 163.172.166.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACA71C /* 163.172.167.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACAA17 /* 163.172.170.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACAA34 /* 163.172.170.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACAAD4 /* 163.172.170.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACAED1 /* 163.172.174.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACAFAE /* 163.172.175.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACB0A7 /* 163.172.176.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACB2B6 /* 163.172.178.182/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACB5A2 /* 163.172.181.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACB5F0 /* 163.172.181.240/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACB774 /* 163.172.183.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACB7A1 /* 163.172.183.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACB7DC /* 163.172.183.220/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACB984 /* 163.172.185.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACBAC8 /* 163.172.186.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACBB98 /* 163.172.187.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACBD64 /* 163.172.189.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACBE22 /* 163.172.190.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACBE6E /* 163.172.190.110/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACC235 /* 163.172.194.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACC93E /* 163.172.201.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACD1A1 /* 163.172.209.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACD1A2 /* 163.172.209.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACD1D6 /* 163.172.209.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACD1D8 /* 163.172.209.216/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACD5C9 /* 163.172.213.201/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACD666 /* 163.172.214.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACD73C /* 163.172.215.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACD74E /* 163.172.215.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACD8C3 /* 163.172.216.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACD8CA /* 163.172.216.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACD932 /* 163.172.217.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACD999 /* 163.172.217.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACDDD1 /* 163.172.221.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACDF52 /* 163.172.223.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACDF84 /* 163.172.223.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACDFA5 /* 163.172.223.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACDFC8 /* 163.172.223.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACDFD7 /* 163.172.223.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA3ACE4BF /* 163.172.228.191/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA43A5114 /* 164.58.81.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA44601C1 /* 164.70.1.193/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA44D85DC /* 164.77.133.220/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA48414D1 /* 164.132.20.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA4842DF0 /* 164.132.45.240/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA48431CD /* 164.132.49.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA484335B /* 164.132.51.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA4844DAF /* 164.132.77.175/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA48461EA /* 164.132.97.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA4846A62 /* 164.132.106.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA4846B6C /* 164.132.107.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA48498B8 /* 164.132.152.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA484C426 /* 164.132.196.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA484D183 /* 164.132.209.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA484D464 /* 164.132.212.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA484E1F8 /* 164.132.225.248/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA484E622 /* 164.132.230.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA484F9F4 /* 164.132.249.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA4D774C2 /* 164.215.116.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA5E700F2 /* 165.231.0.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA5FF3BC4 /* 165.255.59.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA5FFD8F5 /* 165.255.216.245/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA6460F0E /* 166.70.15.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA6465E6A /* 166.70.94.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA646CF02 /* 166.70.207.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA64E6DCB /* 166.78.109.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA64E770D /* 166.78.119.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA65215C8 /* 166.82.21.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA6540737 /* 166.84.7.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA73F77A5 /* 167.63.119.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA758236C /* 167.88.35.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA75828AB /* 167.88.40.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA75829C2 /* 167.88.41.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA75871BB /* 167.88.113.187/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA77203A6 /* 167.114.3.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA77207A6 /* 167.114.7.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA7722102 /* 167.114.33.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA7722296 /* 167.114.34.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA772231C /* 167.114.35.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA7722366 /* 167.114.35.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA772236B /* 167.114.35.107/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA772423D /* 167.114.66.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA7724304 /* 167.114.67.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA77247BD /* 167.114.71.189/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA7726024 /* 167.114.96.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA7726713 /* 167.114.103.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA7727130 /* 167.114.113.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA7727186 /* 167.114.113.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA7729864 /* 167.114.152.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA7729BF9 /* 167.114.155.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA772AB04 /* 167.114.171.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA772ACDB /* 167.114.172.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA772DB3D /* 167.114.219.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA772E668 /* 167.114.230.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA772ED8C /* 167.114.237.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA772F566 /* 167.114.245.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA7A0B988 /* 167.160.185.136/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA7A0B9CA /* 167.160.185.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA896FB0F /* 168.150.251.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA8EB431E /* 168.235.67.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA8EB454F /* 168.235.69.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA8EB5AA5 /* 168.235.90.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA8EB5CB7 /* 168.235.92.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA8EB9214 /* 168.235.146.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA8EB99CB /* 168.235.153.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA939A547 /* 169.57.165.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xA939A55E /* 169.57.165.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAA48070A /* 170.72.7.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAA4BA257 /* 170.75.162.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAA4BA374 /* 170.75.163.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAA4EE41E /* 170.78.228.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAA8C7745 /* 170.140.119.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAB19C109 /* 171.25.193.9/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAB19C114 /* 171.25.193.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAB19C119 /* 171.25.193.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAB19C14D /* 171.25.193.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAB19C14E /* 171.25.193.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAB19C183 /* 171.25.193.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAB19C184 /* 171.25.193.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAB19C1EB /* 171.25.193.235/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAB4F744F /* 171.79.116.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAC56900F /* 172.86.144.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAC56940A /* 172.86.148.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAC5D333C /* 172.93.51.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAC5D3353 /* 172.93.51.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAC61672F /* 172.97.103.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAC634E22 /* 172.99.78.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAC71F0D7 /* 172.113.240.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xACF18C1A /* 172.241.140.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xACF518E4 /* 172.245.24.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xACF520B9 /* 172.245.32.185/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xACF520BA /* 172.245.32.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xACF5630A /* 172.245.99.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xACF57E46 /* 172.245.126.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xACF57E60 /* 172.245.126.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xACF5DB85 /* 172.245.219.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAD03F223 /* 173.3.242.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAD08D34A /* 173.8.211.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAD0EADE3 /* 173.14.173.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAD122918 /* 173.18.41.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAD1C99C7 /* 173.28.153.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAD309D99 /* 173.48.157.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAD32AF5A /* 173.50.175.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAD351E5B /* 173.53.30.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAD429470 /* 173.66.148.112/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAD431BE1 /* 173.67.27.225/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAD48240E /* 173.72.36.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAD494827 /* 173.73.72.39/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAD4F3E9F /* 173.79.62.159/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAD4FA2DC /* 173.79.162.220/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADA0B4BD /* 173.160.180.189/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADA4CEB5 /* 173.164.206.181/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADA4DBFA /* 173.164.219.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADA5CF1A /* 173.165.207.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADA5F099 /* 173.165.240.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADD0D572 /* 173.208.213.114/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADD4C570 /* 173.212.197.112/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADD56C74 /* 173.213.108.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADD5719B /* 173.213.113.155/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADE45B1D /* 173.228.91.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADE6835A /* 173.230.131.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADE6895B /* 173.230.137.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADE6996D /* 173.230.153.109/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADE69A5A /* 173.230.154.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADEF4FCB /* 173.239.79.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADEF4FD2 /* 173.239.79.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADFED842 /* 173.254.216.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADFED843 /* 173.254.216.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADFED844 /* 173.254.216.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADFED845 /* 173.254.216.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADFF7392 /* 173.255.115.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADFFCD71 /* 173.255.205.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADFFD745 /* 173.255.215.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADFFD9DE /* 173.255.217.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADFFDD60 /* 173.255.221.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADFFE28E /* 173.255.226.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADFFE455 /* 173.255.228.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADFFE486 /* 173.255.228.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADFFE508 /* 173.255.229.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADFFE5C2 /* 173.255.229.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADFFE77D /* 173.255.231.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADFFF1EB /* 173.255.241.235/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADFFF574 /* 173.255.245.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADFFF6A2 /* 173.255.246.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xADFFFAE7 /* 173.255.250.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAE14C8EF /* 174.20.200.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAE22E1D7 /* 174.34.225.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAE33B292 /* 174.51.178.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAE43DA0C /* 174.67.218.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAE444AE7 /* 174.68.74.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAE6113E6 /* 174.97.19.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAE64402E /* 174.100.64.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAE681A7D /* 174.104.26.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAE7FE48A /* 174.127.228.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAE886952 /* 174.136.105.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAE886953 /* 174.136.105.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAE886C52 /* 174.136.108.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xAE8DC829 /* 174.141.200.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB008995C /* 176.8.153.92/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00901D3 /* 176.9.1.211/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00904CE /* 176.9.4.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0090574 /* 176.9.5.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0091FD7 /* 176.9.31.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0092626 /* 176.9.38.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00927DA /* 176.9.39.218/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0092831 /* 176.9.40.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0092B1A /* 176.9.43.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00932F0 /* 176.9.50.240/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0093534 /* 176.9.53.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0093603 /* 176.9.54.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB009368E /* 176.9.54.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0094B6C /* 176.9.75.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0095425 /* 176.9.84.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB009558D /* 176.9.85.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0095AD7 /* 176.9.90.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0096386 /* 176.9.99.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0096623 /* 176.9.102.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0096708 /* 176.9.103.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0096E12 /* 176.9.110.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0096E8A /* 176.9.110.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00972B6 /* 176.9.114.182/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0097516 /* 176.9.117.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0097A33 /* 176.9.122.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB009859A /* 176.9.133.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0098C6C /* 176.9.140.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0098FD0 /* 176.9.143.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00993D5 /* 176.9.147.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00994B0 /* 176.9.148.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0099E76 /* 176.9.158.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB009B42F /* 176.9.180.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB009BEF0 /* 176.9.190.240/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB009C0AB /* 176.9.192.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB009D740 /* 176.9.215.64/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00A63C8 /* 176.10.99.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00A63C9 /* 176.10.99.201/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00A63CA /* 176.10.99.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00A63CB /* 176.10.99.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00A63CC /* 176.10.99.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00A63CD /* 176.10.99.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00A63CE /* 176.10.99.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00A63CF /* 176.10.99.207/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00A63D0 /* 176.10.99.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00A63D1 /* 176.10.99.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00A68F0 /* 176.10.104.240/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00A68F3 /* 176.10.104.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00A6BB4 /* 176.10.107.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00A8346 /* 176.10.131.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00AD7A4 /* 176.10.215.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00AD98E /* 176.10.217.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00AFFFD /* 176.10.255.253/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB00F7438 /* 176.15.116.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB014C4C1 /* 176.20.196.193/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB014EA66 /* 176.20.234.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0172222 /* 176.23.34.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0189B30 /* 176.24.155.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB01F0B7A /* 176.31.11.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB01F1760 /* 176.31.23.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB01F1C3F /* 176.31.28.63/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB01F2395 /* 176.31.35.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB01F2B33 /* 176.31.43.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB01F2D03 /* 176.31.45.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB01F5073 /* 176.31.80.115/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB01F6E30 /* 176.31.110.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB01F748C /* 176.31.116.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB01F7506 /* 176.31.117.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB01F78D7 /* 176.31.120.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB01F7E90 /* 176.31.126.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB01F9CC7 /* 176.31.156.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB01FAB0F /* 176.31.171.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB01FB49D /* 176.31.180.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB01FB8FF /* 176.31.184.255/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB01FBF1A /* 176.31.191.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB01FC87A /* 176.31.200.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB01FD79D /* 176.31.215.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0228589 /* 176.34.133.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0268C0D /* 176.38.140.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0269D26 /* 176.38.157.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB026A34D /* 176.38.163.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB026B1D0 /* 176.38.177.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB035168E /* 176.53.22.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB038EC5F /* 176.56.236.95/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB038EDBF /* 176.56.237.191/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB03A60C7 /* 176.58.96.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB03A6462 /* 176.58.100.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB03A6E42 /* 176.58.110.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB03A7122 /* 176.58.113.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB03A7816 /* 176.58.120.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB043A8D2 /* 176.67.168.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB043A9FE /* 176.67.169.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0653809 /* 176.101.56.9/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0653B22 /* 176.101.59.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0686AD0 /* 176.104.106.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB070E847 /* 176.112.232.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0728075 /* 176.114.128.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB072F82F /* 176.114.248.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB073FFA0 /* 176.115.255.160/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0746831 /* 176.116.104.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB07B01FD /* 176.123.1.253/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB07B0208 /* 176.123.2.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB07B02FA /* 176.123.2.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB07B02FE /* 176.123.2.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB07B03B4 /* 176.123.3.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB07B03D4 /* 176.123.3.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB07B04AB /* 176.123.4.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB07B07C5 /* 176.123.7.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB07B1A08 /* 176.123.26.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB07B1D38 /* 176.123.29.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB07EF231 /* 176.126.242.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB07EFC0B /* 176.126.252.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB07EFC0C /* 176.126.252.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0804B55 /* 176.128.75.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB082E4AD /* 176.130.228.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0881911 /* 176.136.25.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0889529 /* 176.136.149.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB08F08C3 /* 176.143.8.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0952D53 /* 176.149.45.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB09E8A7A /* 176.158.138.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB09E9B78 /* 176.158.155.120/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB09F0253 /* 176.159.2.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB09F0B1E /* 176.159.11.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0BD77B6 /* 176.189.119.182/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0C0B18F /* 176.192.177.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0C0C197 /* 176.192.193.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0C2F247 /* 176.194.242.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0C68452 /* 176.198.132.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0C694D1 /* 176.198.148.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0C6CC54 /* 176.198.204.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0C75545 /* 176.199.85.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0C79952 /* 176.199.153.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0C7DA8E /* 176.199.218.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0D5958D /* 176.213.149.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0D63585 /* 176.214.53.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB0E29A3C /* 176.226.154.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB1CDB43D /* 177.205.180.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB203BAF1 /* 178.3.186.241/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB20441E6 /* 178.4.65.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2078D71 /* 178.7.141.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2083C01 /* 178.8.60.1/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB20A3039 /* 178.10.48.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB20A53E1 /* 178.10.83.225/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB20A6F56 /* 178.10.111.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB210D037 /* 178.16.208.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB210D038 /* 178.16.208.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB210D039 /* 178.16.208.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB210D03A /* 178.16.208.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB210D03B /* 178.16.208.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB210D03C /* 178.16.208.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB210D03D /* 178.16.208.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB210D03E /* 178.16.208.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB211AA1B /* 178.17.170.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB211AA4D /* 178.17.170.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB211AA95 /* 178.17.170.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB211AAA4 /* 178.17.170.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB211AAB3 /* 178.17.170.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB211AAD4 /* 178.17.170.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB211AB28 /* 178.17.171.40/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB211AB2B /* 178.17.171.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB211AB56 /* 178.17.171.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB211AB5D /* 178.17.171.93/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB211AD16 /* 178.17.173.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB211AE02 /* 178.17.174.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB211AE0A /* 178.17.174.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB211AE20 /* 178.17.174.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB211AE4F /* 178.17.174.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB21253D7 /* 178.18.83.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2136072 /* 178.19.96.114/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB21368E3 /* 178.19.104.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2143710 /* 178.20.55.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2143712 /* 178.20.55.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2183362 /* 178.24.51.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2189BC3 /* 178.24.155.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB219DB1E /* 178.25.219.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB21A856D /* 178.26.133.109/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB21B5735 /* 178.27.87.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB21B79E6 /* 178.27.121.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB220225B /* 178.32.34.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2202F8C /* 178.32.47.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB220355E /* 178.32.53.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB220422B /* 178.32.66.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2204C5F /* 178.32.76.95/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2206457 /* 178.32.100.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB220B560 /* 178.32.181.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB220B561 /* 178.32.181.97/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB220B562 /* 178.32.181.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB220B563 /* 178.32.181.99/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB220BD58 /* 178.32.189.88/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB220BE0F /* 178.32.190.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB220D861 /* 178.32.216.97/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB220D892 /* 178.32.216.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB220D944 /* 178.32.217.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB220DC3D /* 178.32.220.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB220DCBA /* 178.32.220.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB220DD3A /* 178.32.221.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB220DD97 /* 178.32.221.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB220DDCF /* 178.32.221.207/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB220DE15 /* 178.32.222.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB220DE7D /* 178.32.222.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2216B6D /* 178.33.107.109/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB221B7FB /* 178.33.183.251/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB221BC93 /* 178.33.188.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB22D27CC /* 178.45.39.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB22DC8CD /* 178.45.200.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB231FDD7 /* 178.49.253.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23CA523 /* 178.60.165.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E08BD /* 178.62.8.189/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E0999 /* 178.62.9.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E1475 /* 178.62.20.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E1624 /* 178.62.22.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E18D4 /* 178.62.24.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E2440 /* 178.62.36.64/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E2520 /* 178.62.37.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E2B05 /* 178.62.43.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E2E07 /* 178.62.46.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E3A2B /* 178.62.58.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E3C25 /* 178.62.60.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E4212 /* 178.62.66.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E48DC /* 178.62.72.220/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E4FE3 /* 178.62.79.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E5660 /* 178.62.86.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E56CE /* 178.62.86.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E586F /* 178.62.88.111/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E5D24 /* 178.62.93.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E5EF3 /* 178.62.94.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E64DC /* 178.62.100.220/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E6939 /* 178.62.105.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E6BC2 /* 178.62.107.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E6DA4 /* 178.62.109.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23E7D7D /* 178.62.125.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23EADCB /* 178.62.173.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23EB893 /* 178.62.184.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23EBA9B /* 178.62.186.155/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23EC131 /* 178.62.193.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23EC447 /* 178.62.196.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23EC513 /* 178.62.197.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23EC552 /* 178.62.197.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23EC636 /* 178.62.198.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23EC7E2 /* 178.62.199.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23EC90F /* 178.62.201.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23ECA3B /* 178.62.202.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23ECB7E /* 178.62.203.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23ECCE0 /* 178.62.204.224/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23ED28A /* 178.62.210.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23ED9E9 /* 178.62.217.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23EDED6 /* 178.62.222.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23EF4A8 /* 178.62.244.168/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23EFBB8 /* 178.62.251.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23EFC52 /* 178.62.252.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23EFCEA /* 178.62.252.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23EFD06 /* 178.62.253.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23F09A5 /* 178.63.9.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23F1030 /* 178.63.16.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23F1219 /* 178.63.18.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23F190A /* 178.63.25.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23F3D43 /* 178.63.61.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23F41B3 /* 178.63.65.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23F4E08 /* 178.63.78.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23F550E /* 178.63.85.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23F6122 /* 178.63.97.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23F6E97 /* 178.63.110.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23F749D /* 178.63.116.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23F9A5D /* 178.63.154.93/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23FA2D4 /* 178.63.162.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23FC671 /* 178.63.198.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB23FD133 /* 178.63.209.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB240253C /* 178.64.37.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2444089 /* 178.68.64.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB249D276 /* 178.73.210.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB24A158D /* 178.74.21.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB24B94CE /* 178.75.148.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB24D7B29 /* 178.77.123.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB24ED5D6 /* 178.78.213.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB24EEAC3 /* 178.78.234.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB24F86C4 /* 178.79.134.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB24F88E6 /* 178.79.136.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB24F8B11 /* 178.79.139.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB24F90A3 /* 178.79.144.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB24F9EDD /* 178.79.158.221/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB24F9F93 /* 178.79.159.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB24F9FE0 /* 178.79.159.224/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB24FA039 /* 178.79.160.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB24FA198 /* 178.79.161.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB24FA1B1 /* 178.79.161.177/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB24FA3A9 /* 178.79.163.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB24FA515 /* 178.79.165.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB24FAD93 /* 178.79.173.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB24FB194 /* 178.79.177.148/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB24FBCD4 /* 178.79.188.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB253BE6C /* 178.83.190.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB25C5A08 /* 178.92.90.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2844E94 /* 178.132.78.148/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB28C6812 /* 178.140.104.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB29BA723 /* 178.155.167.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB29CCAB2 /* 178.156.202.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2A242D4 /* 178.162.66.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2A2C252 /* 178.162.194.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2A2C2D2 /* 178.162.194.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2A2C30C /* 178.162.195.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2A2C742 /* 178.162.199.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2A2C870 /* 178.162.200.112/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2A2C871 /* 178.162.200.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2A2C872 /* 178.162.200.114/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2A2CE11 /* 178.162.206.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2A2CE12 /* 178.162.206.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2A4DC30 /* 178.164.220.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2A4E3FF /* 178.164.227.255/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2AEB438 /* 178.174.180.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2AF8032 /* 178.175.128.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2AF8242 /* 178.175.130.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2AF83C2 /* 178.175.131.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2BFED2B /* 178.191.237.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2C1F126 /* 178.193.241.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2C29763 /* 178.194.151.99/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2C29935 /* 178.194.153.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2C802E5 /* 178.200.2.229/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2C89DAD /* 178.200.157.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2C8D57E /* 178.200.213.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2C9937D /* 178.201.147.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2CAFFA1 /* 178.202.255.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2CBDB0B /* 178.203.219.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2CE7740 /* 178.206.119.64/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2D12EAD /* 178.209.46.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2D13297 /* 178.209.50.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2D13363 /* 178.209.51.99/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2D1342F /* 178.209.52.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2D13491 /* 178.209.52.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2D134A2 /* 178.209.52.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2D9B820 /* 178.217.184.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2D9BB27 /* 178.217.187.39/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2DA72AF /* 178.218.114.175/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2DB593B /* 178.219.89.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2EEE084 /* 178.238.224.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2EEE40C /* 178.238.228.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2EEE86E /* 178.238.232.110/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2EEED2C /* 178.238.237.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2F86C76 /* 178.248.108.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2FBE48E /* 178.251.228.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2FC1CC8 /* 178.252.28.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2FE0D5C /* 178.254.13.92/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2FE0D7E /* 178.254.13.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2FE1215 /* 178.254.18.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2FE1486 /* 178.254.20.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2FE1AF4 /* 178.254.26.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2FE1E56 /* 178.254.30.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2FE2224 /* 178.254.34.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2FE2755 /* 178.254.39.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2FE2914 /* 178.254.41.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2FE2C87 /* 178.254.44.135/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2FE3765 /* 178.254.55.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB2FF94C3 /* 178.255.148.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB32B86CA /* 179.43.134.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB32B86CB /* 179.43.134.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB32B86CC /* 179.43.134.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB32B86CD /* 179.43.134.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB32B92E6 /* 179.43.146.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB32B97E2 /* 179.43.151.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB32B97E3 /* 179.43.151.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB32B97E4 /* 179.43.151.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB32B97E5 /* 179.43.151.229/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB32B97E6 /* 179.43.151.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB32BA0C9 /* 179.43.160.201/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB32BA882 /* 179.43.168.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB32BA8A6 /* 179.43.168.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB32BA90E /* 179.43.169.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB32BBCCE /* 179.43.188.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB330F811 /* 179.48.248.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB36EB595 /* 179.110.181.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB3B337F6 /* 179.179.55.246/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB3B3C9A2 /* 179.179.201.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB40F9869 /* 180.15.152.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB42E910F /* 180.46.145.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB43F539C /* 180.63.83.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB4B5900D /* 180.181.144.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB52812CA /* 181.40.18.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB55FC092 /* 181.95.192.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB58B9234 /* 181.139.146.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB58F629E /* 181.143.98.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB6FD812C /* 182.253.129.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB7B53AA6 /* 183.181.58.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB838AD10 /* 184.56.173.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB844B4EE /* 184.68.180.238/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB85A4952 /* 184.90.73.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB8659839 /* 184.101.152.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB86990B4 /* 184.105.144.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB86990B5 /* 184.105.144.181/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB869DC18 /* 184.105.220.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB86A6DF4 /* 184.106.109.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB89CDDB7 /* 184.156.221.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB8A07785 /* 184.160.119.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB8A79277 /* 184.167.146.119/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB8AEABD3 /* 184.174.171.211/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB8B705CB /* 184.183.5.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9022B54 /* 185.2.43.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9022B57 /* 185.2.43.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9045C43 /* 185.4.92.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB90509BC /* 185.5.9.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9061D37 /* 185.6.29.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB907FE43 /* 185.7.254.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9083F26 /* 185.8.63.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB908EC83 /* 185.8.236.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB908ED2D /* 185.8.237.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB908EDD0 /* 185.8.237.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB908EE8B /* 185.8.238.139/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9091353 /* 185.9.19.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB909517C /* 185.9.81.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB90A445F /* 185.10.68.95/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB90A4477 /* 185.10.68.119/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB90A448E /* 185.10.68.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB90BB443 /* 185.11.180.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB90C1C74 /* 185.12.28.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB90C2D4F /* 185.12.45.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB90D26C5 /* 185.13.38.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB90D27C5 /* 185.13.39.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB90D27F9 /* 185.13.39.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB90E1C6A /* 185.14.28.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB90E1C9A /* 185.14.28.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB90E1EEE /* 185.14.30.238/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB90EB976 /* 185.14.185.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB90EB9F0 /* 185.14.185.240/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB90F483E /* 185.15.72.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB90F4975 /* 185.15.73.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB90F5E0E /* 185.15.94.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB90F5E11 /* 185.15.94.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB90FF47C /* 185.15.244.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9103C53 /* 185.16.60.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB910AC9B /* 185.16.172.155/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB910AD54 /* 185.16.173.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB910AD56 /* 185.16.173.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB910C8B0 /* 185.16.200.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9156432 /* 185.21.100.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB91564A3 /* 185.21.100.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9156532 /* 185.21.101.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB915D89D /* 185.21.216.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB915D8B7 /* 185.21.216.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB915D8BD /* 185.21.216.189/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB915D90D /* 185.21.217.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB915D91D /* 185.21.217.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB915D921 /* 185.21.217.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB916AD4E /* 185.22.173.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB916AD72 /* 185.22.173.114/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB916AD82 /* 185.22.173.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB916ADA2 /* 185.22.173.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB916AE29 /* 185.22.174.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB918E94A /* 185.24.233.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB919304C /* 185.25.48.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB919309D /* 185.25.48.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9193211 /* 185.25.50.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9193267 /* 185.25.50.103/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9193321 /* 185.25.51.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB919332A /* 185.25.51.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB919D8ED /* 185.25.216.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB91A9C1C /* 185.26.156.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB91A9C29 /* 185.26.156.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB91A9C2D /* 185.26.156.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB91A9C32 /* 185.26.156.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB91BAF18 /* 185.27.175.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB91D0884 /* 185.29.8.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB91D08D3 /* 185.29.8.211/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB91D9CE7 /* 185.29.156.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB91EEE4D /* 185.30.238.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB91FA166 /* 185.31.161.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB91FACEA /* 185.31.172.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB91FE645 /* 185.31.230.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB920A016 /* 185.32.160.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB920DDC9 /* 185.32.221.201/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB920DDE4 /* 185.32.221.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB92200BC /* 185.34.0.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9222102 /* 185.34.33.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9223460 /* 185.34.52.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9238A5C /* 185.35.138.92/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB923CADD /* 185.35.202.221/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB925912C /* 185.37.145.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9260EAB /* 185.38.14.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9260ED6 /* 185.38.14.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9260ED7 /* 185.38.14.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9284C0A /* 185.40.76.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9299A82 /* 185.41.154.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB92DC035 /* 185.45.192.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB92F3E51 /* 185.47.62.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB92F3F80 /* 185.47.63.128/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB92FDE22 /* 185.47.222.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB932BFFA /* 185.50.191.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9358346 /* 185.53.131.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9385426 /* 185.56.84.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB938AF9A /* 185.56.175.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB93A15C7 /* 185.58.21.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB93C92F5 /* 185.60.146.245/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB93D8A0D /* 185.61.138.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB93D941D /* 185.61.148.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB93D9450 /* 185.61.148.80/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB93D9479 /* 185.61.148.121/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB93D948E /* 185.61.148.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB93D94BD /* 185.61.148.189/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB93D94C7 /* 185.61.148.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB93D94DD /* 185.61.148.221/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB93D94E4 /* 185.61.148.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB93D9574 /* 185.61.149.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB93D95C1 /* 185.61.149.193/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB93D95F7 /* 185.61.149.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB93EBE17 /* 185.62.190.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB93FBE1C /* 185.63.190.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB93FFD82 /* 185.63.253.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB941C85D /* 185.65.200.93/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB941CD0A /* 185.65.205.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9426751 /* 185.66.103.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB942C80A /* 185.66.200.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB942FA8D /* 185.66.250.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB94535BC /* 185.69.53.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB948B248 /* 185.72.178.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB948F418 /* 185.72.244.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB948F425 /* 185.72.244.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB948F791 /* 185.72.247.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB94927BD /* 185.73.39.189/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9492C36 /* 185.73.44.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB949DC08 /* 185.73.220.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB949F0CD /* 185.73.240.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB94C916D /* 185.76.145.109/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB94D8123 /* 185.77.129.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB94E4328 /* 185.78.67.40/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB950DE69 /* 185.80.222.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB950DE9E /* 185.80.222.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB950DEA4 /* 185.80.222.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9521569 /* 185.82.21.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB952C8D0 /* 185.82.200.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB952C936 /* 185.82.201.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB952CB47 /* 185.82.203.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB952CBD1 /* 185.82.203.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB952D8E9 /* 185.82.216.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB952D90E /* 185.82.217.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB952D924 /* 185.82.217.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9564F5C /* 185.86.79.92/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9569496 /* 185.86.148.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9569518 /* 185.86.149.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9569555 /* 185.86.149.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB95695E6 /* 185.86.149.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB956962C /* 185.86.150.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9569766 /* 185.86.151.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB957B92D /* 185.87.185.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB957B9DD /* 185.87.185.221/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB957BA1B /* 185.87.186.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB95C4409 /* 185.92.68.9/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB95CDE34 /* 185.92.222.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB95CDED0 /* 185.92.222.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB95DB496 /* 185.93.180.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB960581D /* 185.96.88.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB960B41D /* 185.96.180.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9612012 /* 185.97.32.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9612022 /* 185.97.32.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9612024 /* 185.97.32.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9645452 /* 185.100.84.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB964546C /* 185.100.84.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB96454D4 /* 185.100.84.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB96454FB /* 185.100.84.251/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB964553D /* 185.100.85.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9645565 /* 185.100.85.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9645584 /* 185.100.85.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9645593 /* 185.100.85.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB96455BE /* 185.100.85.190/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB96455C0 /* 185.100.85.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB96455CF /* 185.100.85.207/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB96455DC /* 185.100.85.220/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB96455F4 /* 185.100.85.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9645645 /* 185.100.86.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9645656 /* 185.100.86.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9645664 /* 185.100.86.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9645673 /* 185.100.86.115/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9645680 /* 185.100.86.128/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB964569A /* 185.100.86.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB96456F4 /* 185.100.86.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB964571A /* 185.100.87.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB964572B /* 185.100.87.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9645752 /* 185.100.87.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9645759 /* 185.100.87.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB964578F /* 185.100.87.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB96457BA /* 185.100.87.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB96457C0 /* 185.100.87.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB96457F1 /* 185.100.87.241/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB965626C /* 185.101.98.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9656B21 /* 185.101.107.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB967633C /* 185.103.99.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9687802 /* 185.104.120.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9687803 /* 185.104.120.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9687804 /* 185.104.120.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9688CAC /* 185.104.140.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB968B833 /* 185.104.184.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB96BE0D0 /* 185.107.224.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB96D9007 /* 185.109.144.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB96D923E /* 185.109.146.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB96D9294 /* 185.109.146.148/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9709D7E /* 185.112.157.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9709D87 /* 185.112.157.135/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB970FEC3 /* 185.112.254.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB971804F /* 185.113.128.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9754B1B /* 185.117.75.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9755284 /* 185.117.82.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB975585C /* 185.117.88.92/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB975763B /* 185.117.118.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB975D709 /* 185.117.215.9/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB976FB14 /* 185.118.251.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB97893AB /* 185.120.147.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB979A8FE /* 185.121.168.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB97A3BED /* 185.122.59.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB97D213A /* 185.125.33.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB97DD942 /* 185.125.217.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB97DDBCB /* 185.125.219.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB98028EA /* 185.128.40.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9813C83 /* 185.129.60.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9813E3E /* 185.129.62.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9813E3F /* 185.129.62.63/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB98194D2 /* 185.129.148.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB98194D6 /* 185.129.148.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9879C5E /* 185.135.156.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB98F65FD /* 185.143.101.253/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9918065 /* 185.145.128.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9918095 /* 185.145.128.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB99181BA /* 185.145.129.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB99181C5 /* 185.145.129.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB992A813 /* 185.146.168.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB992A9C1 /* 185.146.169.193/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB992AA81 /* 185.146.170.129/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB992ABE7 /* 185.146.171.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB996BDAF /* 185.150.189.175/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB998E823 /* 185.152.232.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB999C572 /* 185.153.197.114/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB999C57D /* 185.153.197.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB999C60B /* 185.153.198.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB999C6DE /* 185.153.198.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB99C4084 /* 185.156.64.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB99CAD94 /* 185.156.173.148/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB99F522B /* 185.159.82.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9A20A6E /* 185.162.10.110/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9A20A79 /* 185.162.10.121/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9A32D18 /* 185.163.45.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9A32D96 /* 185.163.45.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9A32DB0 /* 185.163.45.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9A32DC1 /* 185.163.45.193/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9A32DF3 /* 185.163.45.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9A32DF9 /* 185.163.45.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9A48873 /* 185.164.136.115/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9A5A85E /* 185.165.168.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9A5A861 /* 185.165.168.97/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9A5A862 /* 185.165.168.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9A5A87B /* 185.165.168.123/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9A5A8A8 /* 185.165.168.168/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9A5A8AA /* 185.165.168.170/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9A5A8AD /* 185.165.168.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9A5A8C4 /* 185.165.168.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9A5F38D /* 185.165.243.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9A9E5A3 /* 185.169.229.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9AFD0B3 /* 185.175.208.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9AFD0B4 /* 185.175.208.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9B150F8 /* 185.177.80.248/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9B50815 /* 185.181.8.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9B56551 /* 185.181.101.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9B5E54D /* 185.181.229.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9B63254 /* 185.182.50.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xB9B63256 /* 185.182.50.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBA95F912 /* 186.149.249.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBACCF34A /* 186.204.243.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBACED69A /* 186.206.214.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBAE7787D /* 186.231.120.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBB3D899C /* 187.61.137.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBB3F6418 /* 187.63.100.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBBA354CD /* 187.163.84.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBBA738D4 /* 187.167.56.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC045A36 /* 188.4.90.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC16BC3B /* 188.22.188.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC17C56E /* 188.23.197.110/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC181FD5 /* 188.24.31.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC20E27B /* 188.32.226.123/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC20F2F4 /* 188.32.242.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC282973 /* 188.40.41.115/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC282AC3 /* 188.40.42.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC282C77 /* 188.40.44.119/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC283156 /* 188.40.49.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC2833E8 /* 188.40.51.232/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC284C73 /* 188.40.76.115/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC285B57 /* 188.40.91.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC286345 /* 188.40.99.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC286BCD /* 188.40.107.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC286D92 /* 188.40.109.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC2880F6 /* 188.40.128.246/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC28A61D /* 188.40.166.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC28CE05 /* 188.40.206.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC28EBD7 /* 188.40.235.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC28F839 /* 188.40.248.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC2AD853 /* 188.42.216.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC2AFD07 /* 188.42.253.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC2AFE2F /* 188.42.254.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC402D69 /* 188.64.45.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC44202A /* 188.68.32.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC4424D1 /* 188.68.36.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC4439BC /* 188.68.57.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC4DD3A0 /* 188.77.211.160/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC52A824 /* 188.82.168.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC5DD54B /* 188.93.213.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC614BED /* 188.97.75.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC61A044 /* 188.97.160.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC620431 /* 188.98.4.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC63D545 /* 188.99.213.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC66949C /* 188.102.148.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC66F7E4 /* 188.102.247.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC671F6D /* 188.103.31.109/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC672E4A /* 188.103.46.74/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC6972F8 /* 188.105.114.248/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC6BEFDF /* 188.107.239.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC728CF5 /* 188.114.140.245/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC728E48 /* 188.114.142.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC76D9EC /* 188.118.217.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC77976C /* 188.119.151.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC78EA1A /* 188.120.234.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC78F125 /* 188.120.241.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC78F178 /* 188.120.241.120/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC78F320 /* 188.120.243.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC78FB81 /* 188.120.251.129/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC7AD504 /* 188.122.213.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC7B6E0F /* 188.123.110.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC7E519B /* 188.126.81.155/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC7E5AD3 /* 188.126.90.211/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC7E5E4D /* 188.126.94.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC86055C /* 188.134.5.92/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC8A3DA5 /* 188.138.61.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC8A4B65 /* 188.138.75.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC8A6662 /* 188.138.102.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC8A6995 /* 188.138.105.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC8A703C /* 188.138.112.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC8D4955 /* 188.141.73.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBC8F6EB5 /* 188.143.110.181/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA49A12 /* 188.164.154.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA500AB /* 188.165.0.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA5050E /* 188.165.5.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA50642 /* 188.165.6.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA5133D /* 188.165.19.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA51C98 /* 188.165.28.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA532F4 /* 188.165.50.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA53B2B /* 188.165.59.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA56AF9 /* 188.165.106.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA58A06 /* 188.165.138.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA5919D /* 188.165.145.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA5C2C3 /* 188.165.194.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA5D498 /* 188.165.212.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA5D59C /* 188.165.213.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA5E426 /* 188.165.228.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA5F108 /* 188.165.241.8/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA5F530 /* 188.165.245.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA6036B /* 188.166.3.107/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA6046D /* 188.166.4.109/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA604D1 /* 188.166.4.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA60898 /* 188.166.8.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA61057 /* 188.166.16.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA6105B /* 188.166.16.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA61096 /* 188.166.16.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA61143 /* 188.166.17.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA61168 /* 188.166.17.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA6177F /* 188.166.23.127/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA617F7 /* 188.166.23.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA620C8 /* 188.166.32.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA62296 /* 188.166.34.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA623AB /* 188.166.35.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA628C3 /* 188.166.40.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA6292E /* 188.166.41.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA629D2 /* 188.166.41.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA62DEA /* 188.166.45.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA632DE /* 188.166.50.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA643E7 /* 188.166.67.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA6523D /* 188.166.82.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA657A1 /* 188.166.87.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA6699D /* 188.166.105.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA67A3A /* 188.166.122.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA68585 /* 188.166.133.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA69577 /* 188.166.149.119/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA69E64 /* 188.166.158.100/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA6A7E6 /* 188.166.167.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA6A849 /* 188.166.168.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA6B1B8 /* 188.166.177.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA6B238 /* 188.166.178.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA6B921 /* 188.166.185.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA6D1AC /* 188.166.209.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA6DBCF /* 188.166.219.207/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA6E9E6 /* 188.166.233.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA6F0B6 /* 188.166.240.182/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA6F14B /* 188.166.241.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA6F5D9 /* 188.166.245.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA6F66A /* 188.166.246.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA6FFD1 /* 188.166.255.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA74043 /* 188.167.64.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCA8225A /* 188.168.34.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCAE5BDE /* 188.174.91.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCAEA8C5 /* 188.174.168.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCAEAAE5 /* 188.174.170.229/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCAEB70A /* 188.174.183.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCB78653 /* 188.183.134.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCBBC04B /* 188.187.192.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCC0359E /* 188.192.53.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCC086DE /* 188.192.134.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCC08E02 /* 188.192.142.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCC099B8 /* 188.192.153.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCC0A25A /* 188.192.162.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCC0F519 /* 188.192.245.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCC13139 /* 188.193.49.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCC16C21 /* 188.193.108.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCC16D84 /* 188.193.109.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCC1A930 /* 188.193.169.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCC233FB /* 188.194.51.251/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCC23C1E /* 188.194.60.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCC24F69 /* 188.194.79.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCC279E1 /* 188.194.121.225/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCC2F8F9 /* 188.194.248.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCC30F2A /* 188.195.15.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCC329A5 /* 188.195.41.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCC3ACDF /* 188.195.172.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCC3AD19 /* 188.195.173.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCD13122 /* 188.209.49.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCD51CDE /* 188.213.28.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCD53137 /* 188.213.49.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCD58F77 /* 188.213.143.119/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCD5A565 /* 188.213.165.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCD5A6ED /* 188.213.166.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCD5AA68 /* 188.213.170.104/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCD61E99 /* 188.214.30.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCD68040 /* 188.214.128.64/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCD68115 /* 188.214.129.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCD68155 /* 188.214.129.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCDBE8A2 /* 188.219.232.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCDE6AEF /* 188.222.106.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCE23EBA /* 188.226.62.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCE24784 /* 188.226.71.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCE28258 /* 188.226.130.88/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCE2957C /* 188.226.149.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCE2DDF3 /* 188.226.221.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCE2DE13 /* 188.226.222.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCE2ED9A /* 188.226.237.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCE2F756 /* 188.226.247.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCE2FDB5 /* 188.226.253.181/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCE3C986 /* 188.227.201.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCE43194 /* 188.228.49.148/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCE813A5 /* 188.232.19.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCF0D059 /* 188.240.208.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCF2827A /* 188.242.130.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCF42660 /* 188.244.38.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCF42B19 /* 188.244.43.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCF48F6B /* 188.244.143.107/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBCF6CC43 /* 188.246.204.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBD3E721D /* 189.62.114.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBD54152C /* 189.84.21.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBE08F0EE /* 190.8.240.238/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBE0A0832 /* 190.10.8.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBE0A0844 /* 190.10.8.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBE0A0898 /* 190.10.8.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBE0A0AAD /* 190.10.10.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBE61A58D /* 190.97.165.141/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBE7B2F74 /* 190.123.47.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBED2625A /* 190.210.98.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBED2B6AD /* 190.210.182.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBED80288 /* 190.216.2.136/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBEF55206 /* 190.245.82.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBF60F96E /* 191.96.249.110/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBF651F54 /* 191.101.31.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBF6532FC /* 191.101.50.252/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xBF705F5B /* 191.112.95.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC000E651 /* 192.0.230.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC003941B /* 192.3.148.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC003D90C /* 192.3.217.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC01E202C /* 192.30.32.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC01F17F3 /* 192.31.23.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC021D21E /* 192.33.210.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0223F89 /* 192.34.63.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC02250B0 /* 192.34.80.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0241B04 /* 192.36.27.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0241B06 /* 192.36.27.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0241B07 /* 192.36.27.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0242621 /* 192.36.38.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC02A7166 /* 192.42.113.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC02A7365 /* 192.42.115.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC02A7366 /* 192.42.115.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC02A7410 /* 192.42.116.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC02A74A1 /* 192.42.116.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC02C1E28 /* 192.44.30.40/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC034A746 /* 192.52.167.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC034A747 /* 192.52.167.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC047F524 /* 192.71.245.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC047F589 /* 192.71.245.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC047F5D7 /* 192.71.245.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC049EF53 /* 192.73.239.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0518331 /* 192.81.131.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC051842E /* 192.81.132.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC051D97E /* 192.81.217.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC051DA89 /* 192.81.218.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC051FA76 /* 192.81.250.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0571C1C /* 192.87.28.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0571C52 /* 192.87.28.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC05F1692 /* 192.95.22.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC05F19CA /* 192.95.25.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC05F1B8F /* 192.95.27.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0630BC8 /* 192.99.11.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0630C95 /* 192.99.12.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0630D30 /* 192.99.13.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0630FDC /* 192.99.15.220/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC063259C /* 192.99.37.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0632DE5 /* 192.99.45.229/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC063364F /* 192.99.54.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0633F2C /* 192.99.63.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0634473 /* 192.99.68.115/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0639AEA /* 192.99.154.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC063D48B /* 192.99.212.139/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC063F665 /* 192.99.246.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC06F9072 /* 192.111.144.114/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0794449 /* 192.121.68.73/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC07CFA53 /* 192.124.250.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC087A8FB /* 192.135.168.251/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC096BB89 /* 192.150.187.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0999AF4 /* 192.153.154.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC09B5365 /* 192.155.83.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC09B5D65 /* 192.155.93.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC09B5FDE /* 192.155.95.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC09DEFF3 /* 192.157.239.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC09DFD7D /* 192.157.253.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0A066A4 /* 192.160.102.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0A066A5 /* 192.160.102.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0A066A6 /* 192.160.102.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0A066A7 /* 192.160.102.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0A066A8 /* 192.160.102.168/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0A066A9 /* 192.160.102.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0A066AA /* 192.160.102.170/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0A1B431 /* 192.161.180.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0A28D35 /* 192.162.141.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0A3E033 /* 192.163.224.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0A4FA32 /* 192.164.250.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0A543FE /* 192.165.67.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0A6DA3F /* 192.166.218.63/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0A6DBC2 /* 192.166.219.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0A9A69D /* 192.169.166.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0A9A827 /* 192.169.168.39/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0B7CE2A /* 192.183.206.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0B851A0 /* 192.184.81.160/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0B85280 /* 192.184.82.128/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0B85E6F /* 192.184.94.111/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0BB7C62 /* 192.187.124.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0C3500A /* 192.195.80.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0C35386 /* 192.195.83.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0D2C0E5 /* 192.210.192.229/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0D2CB10 /* 192.210.203.16/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0D2D37B /* 192.210.211.123/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0DED68B /* 192.222.214.139/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0E3A054 /* 192.227.160.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0E3AFEF /* 192.227.175.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0E4A702 /* 192.228.167.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0F07B02 /* 192.240.123.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0F1823C /* 192.241.130.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0F1863E /* 192.241.134.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0F1946C /* 192.241.148.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0F1B41B /* 192.241.180.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0F1B4A3 /* 192.241.180.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0F1B5E9 /* 192.241.181.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0F1C15D /* 192.241.193.93/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0F1C3B2 /* 192.241.195.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0F1C66A /* 192.241.198.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0F1CA6F /* 192.241.202.111/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0F1CEAB /* 192.241.206.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0F1D1C1 /* 192.241.209.193/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0F1D265 /* 192.241.210.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0F1D878 /* 192.241.216.120/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0F1E93A /* 192.241.233.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0F1E9CB /* 192.241.233.203/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0F462A6 /* 192.244.98.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0F70D29 /* 192.247.13.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0F93CC2 /* 192.249.60.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC0FCA537 /* 192.252.165.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC100D52A /* 193.0.213.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC107B1DF /* 193.7.177.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC10A0599 /* 193.10.5.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC10B70A7 /* 193.11.112.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC10B722B /* 193.11.114.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC10B722D /* 193.11.114.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC10B722E /* 193.11.114.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC10B722F /* 193.11.114.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC10BA4F3 /* 193.11.164.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC10BA6C2 /* 193.11.166.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC10F1004 /* 193.15.16.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC117F4F4 /* 193.23.244.244/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC118D146 /* 193.24.209.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC118D27E /* 193.24.210.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC11DBB4B /* 193.29.187.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC11DBB4E /* 193.29.187.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC11DBB6A /* 193.29.187.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1233435 /* 193.35.52.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC12598C7 /* 193.37.152.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC12A9C6A /* 193.42.156.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1462698 /* 193.70.38.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1462B4C /* 193.70.43.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1465AC7 /* 193.70.90.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC151D8E3 /* 193.81.216.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC15A0C56 /* 193.90.12.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC15A0C57 /* 193.90.12.87/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC15A0C58 /* 193.90.12.88/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC15A0C59 /* 193.90.12.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC15A0C5A /* 193.90.12.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC168A903 /* 193.104.169.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC168DC23 /* 193.104.220.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC168DC36 /* 193.104.220.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1694950 /* 193.105.73.80/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1698667 /* 193.105.134.103/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC16AA51B /* 193.106.165.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC16B5538 /* 193.107.85.56/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC16B5539 /* 193.107.85.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC16B553E /* 193.107.85.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC16CF9D7 /* 193.108.249.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC16E9D97 /* 193.110.157.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC16F1A25 /* 193.111.26.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC16F8820 /* 193.111.136.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC16F8DA0 /* 193.111.141.160/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC17CB532 /* 193.124.181.50/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC17CB6BF /* 193.124.182.191/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC18A765E /* 193.138.118.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC18CE034 /* 193.140.224.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1960E3C /* 193.150.14.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC196791A /* 193.150.121.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC196794E /* 193.150.121.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1A48535 /* 193.164.133.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1A4D955 /* 193.164.217.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1A589CA /* 193.165.137.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1A98785 /* 193.169.135.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1A9879A /* 193.169.135.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1A9879D /* 193.169.135.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1ABCA92 /* 193.171.202.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1ABCA9A /* 193.171.202.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1AE0614 /* 193.174.6.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1B69035 /* 193.182.144.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1B7626D /* 193.183.98.109/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1B769CD /* 193.183.105.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1BEA835 /* 193.190.168.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1C66803 /* 193.198.104.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1C8F1C3 /* 193.200.241.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1C9E12D /* 193.201.225.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1D2E00D /* 193.210.224.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1E0A32B /* 193.224.163.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1E3C40A /* 193.227.196.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1E48F11 /* 193.228.143.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC1E48FE1 /* 193.228.143.225/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC201EE73 /* 194.1.238.115/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC20F7323 /* 194.15.115.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC22A6C05 /* 194.42.108.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC23F8BE6 /* 194.63.139.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC23F8E0B /* 194.63.142.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC243D67B /* 194.67.214.123/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC24F1F12 /* 194.79.31.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC2575FB1 /* 194.87.95.177/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC2588F42 /* 194.88.143.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC26DCED4 /* 194.109.206.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC27EAF9D /* 194.126.175.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC291D134 /* 194.145.209.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC2BBCF2D /* 194.187.207.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC2BBF80F /* 194.187.248.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC2BBF974 /* 194.187.249.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC2BFFE97 /* 194.191.254.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC2DA034F /* 194.218.3.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC2ED9DB8 /* 194.237.157.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC3012906 /* 195.1.41.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC30C3044 /* 195.12.48.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC30C304C /* 195.12.48.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC30C304D /* 195.12.48.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC30CBE26 /* 195.12.190.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC3105805 /* 195.16.88.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC31E6BDC /* 195.30.107.220/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC328B523 /* 195.40.181.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC32A73A2 /* 195.42.115.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC3391CCC /* 195.57.28.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC33B6622 /* 195.59.102.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC33B6623 /* 195.59.102.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC33B6624 /* 195.59.102.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC33B6625 /* 195.59.102.37/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC33B6626 /* 195.59.102.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC33BD0A2 /* 195.59.208.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC33BD0A3 /* 195.59.208.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC33BD0A4 /* 195.59.208.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC33BD0A5 /* 195.59.208.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC33BD0A6 /* 195.59.208.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC33E353A /* 195.62.53.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC344D71E /* 195.68.215.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC3474454 /* 195.71.68.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC35298D0 /* 195.82.152.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC35BF462 /* 195.91.244.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC37BD1B8 /* 195.123.209.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC37BD226 /* 195.123.210.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC37BD25F /* 195.123.210.95/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC37BD284 /* 195.123.210.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC37BD422 /* 195.123.212.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC3845544 /* 195.132.85.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC38A5E66 /* 195.138.94.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC3947CC7 /* 195.148.124.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A0A6A /* 195.154.10.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A0C42 /* 195.154.12.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A0C92 /* 195.154.12.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A0D60 /* 195.154.13.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A411D /* 195.154.65.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A4B1D /* 195.154.75.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A4B54 /* 195.154.75.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A4BA5 /* 195.154.75.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A4D95 /* 195.154.77.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A4FC7 /* 195.154.79.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A516C /* 195.154.81.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A516E /* 195.154.81.110/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A518F /* 195.154.81.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A51A9 /* 195.154.81.169/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A51E3 /* 195.154.81.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A51F5 /* 195.154.81.245/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A5258 /* 195.154.82.88/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A52B4 /* 195.154.82.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A56F9 /* 195.154.86.249/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A57E7 /* 195.154.87.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A5A83 /* 195.154.90.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A5B3D /* 195.154.91.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A5B8B /* 195.154.91.139/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A5BC2 /* 195.154.91.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A5C46 /* 195.154.92.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A5C9B /* 195.154.92.155/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A600E /* 195.154.96.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A612B /* 195.154.97.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A61A0 /* 195.154.97.160/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A61A3 /* 195.154.97.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A6935 /* 195.154.105.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A6939 /* 195.154.105.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A6B17 /* 195.154.107.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A6B97 /* 195.154.107.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A6C0C /* 195.154.108.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A6C4E /* 195.154.108.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A6D9D /* 195.154.109.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A6F75 /* 195.154.111.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A714F /* 195.154.113.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A71C8 /* 195.154.113.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A74E8 /* 195.154.116.232/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A75A3 /* 195.154.117.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A75B6 /* 195.154.117.182/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A79C6 /* 195.154.121.198/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A7A20 /* 195.154.122.32/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A7A36 /* 195.154.122.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A7A8A /* 195.154.122.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A7BE3 /* 195.154.123.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A7E2B /* 195.154.126.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39A7FF6 /* 195.154.127.246/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39AA123 /* 195.154.161.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39AA12F /* 195.154.161.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39AA2AC /* 195.154.162.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39AA377 /* 195.154.163.119/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39AA422 /* 195.154.164.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39AA4F3 /* 195.154.164.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39AA540 /* 195.154.165.64/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39AA570 /* 195.154.165.112/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39AAB18 /* 195.154.171.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39AAC16 /* 195.154.172.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39AB79F /* 195.154.183.159/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39AC881 /* 195.154.200.129/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39AD15B /* 195.154.209.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39AE9BA /* 195.154.233.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39AED93 /* 195.154.237.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39AF091 /* 195.154.240.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39AF17D /* 195.154.241.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39AFAEF /* 195.154.250.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39AFC58 /* 195.154.252.88/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39AFDE2 /* 195.154.253.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39AFFAE /* 195.154.255.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC39FCC5E /* 195.159.204.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC3A97DE2 /* 195.169.125.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC3B2A648 /* 195.178.166.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC3B40BC4 /* 195.180.11.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC3BFE9DD /* 195.191.233.221/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC3C8ECC5 /* 195.200.236.197/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC3D08B84 /* 195.208.139.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC3E1D31A /* 195.225.211.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC3E42DB0 /* 195.228.45.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC3E44B95 /* 195.228.75.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC3E6A853 /* 195.230.168.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC3EA9856 /* 195.234.152.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC3EEBE65 /* 195.238.190.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC3FE874C /* 195.254.135.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC5E7DDD3 /* 197.231.221.211/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC60C5F30 /* 198.12.95.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6105C9D /* 198.16.92.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6178523 /* 198.23.133.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC61B40D7 /* 198.27.64.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC61B429F /* 198.27.66.159/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC61B42D1 /* 198.27.66.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC61B45C9 /* 198.27.69.201/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC61B56DD /* 198.27.86.221/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC61B61B8 /* 198.27.97.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC61B6D24 /* 198.27.109.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC62E8A12 /* 198.46.138.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC62E8A28 /* 198.46.138.40/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC62E9933 /* 198.46.153.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC62E9979 /* 198.46.153.121/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6314912 /* 198.49.73.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6328137 /* 198.50.129.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC63285F5 /* 198.50.133.245/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC63287D5 /* 198.50.135.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC63291CF /* 198.50.145.207/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC63292FC /* 198.50.146.252/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6329346 /* 198.50.147.70/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6329F9B /* 198.50.159.155/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC632BF5F /* 198.50.191.95/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC632C886 /* 198.50.200.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC632C887 /* 198.50.200.135/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC632F552 /* 198.50.245.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC63A64F0 /* 198.58.100.240/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC63A66EA /* 198.58.102.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC63A6B35 /* 198.58.107.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC63A6EDF /* 198.58.110.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC63A73D2 /* 198.58.115.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6475142 /* 198.71.81.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC648E523 /* 198.72.229.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6493247 /* 198.73.50.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC64A38BF /* 198.74.56.191/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC64A3939 /* 198.74.57.57/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC64A3C1A /* 198.74.60.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC64A3C52 /* 198.74.60.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC64A3D33 /* 198.74.61.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6609B03 /* 198.96.155.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC66232D4 /* 198.98.50.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC662337C /* 198.98.51.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6623505 /* 198.98.53.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC66493B8 /* 198.100.147.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6649470 /* 198.100.148.112/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6649492 /* 198.100.148.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6649F36 /* 198.100.159.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC68F88E4 /* 198.143.136.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC68F88ED /* 198.143.136.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6931652 /* 198.147.22.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC69451A7 /* 198.148.81.167/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC69A6A36 /* 198.154.106.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6A7DF21 /* 198.167.223.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6A7DF26 /* 198.167.223.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6A7DF2C /* 198.167.223.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6A7DF4B /* 198.167.223.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6C740D9 /* 198.199.64.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6C74896 /* 198.199.72.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6C748B3 /* 198.199.72.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6C75A33 /* 198.199.90.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6C75ACD /* 198.199.90.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6C767B2 /* 198.199.103.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6C76840 /* 198.199.104.64/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6C77079 /* 198.199.112.121/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6C770F7 /* 198.199.112.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6C775A4 /* 198.199.117.164/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6C77686 /* 198.199.118.134/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6D3671A /* 198.211.103.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6D3788A /* 198.211.120.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6D37ABF /* 198.211.122.191/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6D37CD6 /* 198.211.124.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6D37DF2 /* 198.211.125.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6E9CCA5 /* 198.233.204.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6F468AE /* 198.244.104.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6F532AF /* 198.245.50.175/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6F53348 /* 198.245.51.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6F53D95 /* 198.245.61.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6FC794F /* 198.252.121.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6FC9945 /* 198.252.153.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6FC996B /* 198.252.153.107/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6FF5E72 /* 198.255.94.114/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC6FFB101 /* 198.255.177.1/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC70FFAD2 /* 199.15.250.210/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC71355FC /* 199.19.85.252/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC713D5B0 /* 199.19.213.176/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC744C47B /* 199.68.196.123/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC744C47C /* 199.68.196.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC744C47D /* 199.68.196.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC744C47E /* 199.68.196.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC747EA42 /* 199.71.234.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC74ADEAB /* 199.74.222.171/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC7579AFF /* 199.87.154.255/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC773CDF8 /* 199.115.205.248/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC77FE296 /* 199.127.226.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC7BCC235 /* 199.188.194.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC7BD3EFB /* 199.189.62.251/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC7BD564F /* 199.189.86.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC7C3F9D4 /* 199.195.249.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC7C3F9DD /* 199.195.249.221/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC7F11DDF /* 199.241.29.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC7FEEE2C /* 199.254.238.44/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC7FEEE35 /* 199.254.238.53/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC7FFDF58 /* 199.255.223.88/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC87AB50F /* 200.122.181.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC8810B03 /* 200.129.11.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC8810B05 /* 200.129.11.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC8810B07 /* 200.129.11.7/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC8E5C1C2 /* 200.229.193.194/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC944D734 /* 201.68.215.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC9561F26 /* 201.86.31.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xC9837EC9 /* 201.131.126.201/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCA81509A /* 202.129.80.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCA8F5548 /* 202.143.85.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCB6DEA48 /* 203.109.234.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCB8D9ACA /* 203.141.154.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCBBA4562 /* 203.186.69.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCBD9AD92 /* 203.217.173.146/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCBDC5CE6 /* 203.220.92.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCBDDCF6C /* 203.221.207.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCC089C8E /* 204.8.156.142/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCC093219 /* 204.9.50.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCC0B3283 /* 204.11.50.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCC0DA46E /* 204.13.164.110/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCC11382A /* 204.17.56.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCC1B3C93 /* 204.27.60.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCC2C5903 /* 204.44.89.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCC55BF1E /* 204.85.191.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCC66E0ED /* 204.102.224.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCC98DC44 /* 204.152.220.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCC98DCF7 /* 204.152.220.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCC98DCF8 /* 204.152.220.248/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCCC21D04 /* 204.194.29.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCDA85485 /* 205.168.84.133/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCDB9733C /* 205.185.115.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCDB97E76 /* 205.185.126.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCE2876E5 /* 206.40.118.229/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCE36A784 /* 206.54.167.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCE374A00 /* 206.55.74.0/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCE374A01 /* 206.55.74.1/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCE3FE590 /* 206.63.229.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCEAE719C /* 206.174.113.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCEB71F06 /* 206.183.31.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCEF8B87F /* 206.248.184.127/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCF265260 /* 207.38.82.96/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCF26D9BA /* 207.38.217.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCF26E8C8 /* 207.38.232.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCF701236 /* 207.112.18.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCFAC3596 /* 207.172.53.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCFC046FA /* 207.192.70.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xCFF44623 /* 207.244.70.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD0240203 /* 208.36.2.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD0240204 /* 208.36.2.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD0240205 /* 208.36.2.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD026F36B /* 208.38.243.107/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD040AFD9 /* 208.64.175.217/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD04FD17C /* 208.79.209.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD0509A27 /* 208.80.154.39/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD053DF22 /* 208.83.223.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD059D3D0 /* 208.89.211.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD05EF21A /* 208.94.242.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD05EF2DE /* 208.94.242.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD05F031C /* 208.95.3.28/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD071A605 /* 208.113.166.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD076EB30 /* 208.118.235.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD1064FB4 /* 209.6.79.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD1068F99 /* 209.6.143.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD10F4ECD /* 209.15.78.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD12C72B2 /* 209.44.114.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD13AA08A /* 209.58.160.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD13AB45A /* 209.58.180.90/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD1427796 /* 209.66.119.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD15AE005 /* 209.90.224.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD17BEA17 /* 209.123.234.23/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD17E47E9 /* 209.126.71.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD17E67CE /* 209.126.103.206/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD18542D6 /* 209.133.66.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD18D22F0 /* 209.141.34.240/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD18D242A /* 209.141.36.42/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD18D2816 /* 209.141.40.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD18D3126 /* 209.141.49.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD18D328A /* 209.141.50.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD18D340D /* 209.141.52.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD18D3A44 /* 209.141.58.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD19F899C /* 209.159.137.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD1A6AC0A /* 209.166.172.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD1ABA216 /* 209.171.162.22/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD1B53DDB /* 209.181.61.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD1D04F05 /* 209.208.79.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD1D2D215 /* 209.210.210.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD1DE4DDC /* 209.222.77.220/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD1F06DEE /* 209.240.109.238/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD1F99D45 /* 209.249.157.69/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD1F9B4C6 /* 209.249.180.198/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD1FA06BE /* 209.250.6.190/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD2036698 /* 210.3.102.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD203669A /* 210.3.102.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD20366A5 /* 210.3.102.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD2362318 /* 210.54.35.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD298F13C /* 210.152.241.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD31AF589 /* 211.26.245.137/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD34C375C /* 211.76.55.92/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD37858ED /* 211.120.88.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD40370E2 /* 212.3.112.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD407D934 /* 212.7.217.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4106821 /* 212.16.104.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD410AA9E /* 212.16.170.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD411664D /* 212.17.102.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD41311D5 /* 212.19.17.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4143EE2 /* 212.20.62.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4154206 /* 212.21.66.6/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4190B15 /* 212.25.11.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD41A8C51 /* 212.26.140.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD41AF522 /* 212.26.245.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FDFC6 /* 212.47.223.198/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FE295 /* 212.47.226.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FE347 /* 212.47.227.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FE34B /* 212.47.227.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FE372 /* 212.47.227.114/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FE3C3 /* 212.47.227.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FE3EC /* 212.47.227.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FE473 /* 212.47.228.115/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FE502 /* 212.47.229.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FE58A /* 212.47.229.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FE605 /* 212.47.230.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FE631 /* 212.47.230.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FE7F1 /* 212.47.231.241/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FE8E3 /* 212.47.232.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FE8EC /* 212.47.232.236/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FE8ED /* 212.47.232.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FE921 /* 212.47.233.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FE956 /* 212.47.233.86/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FE9EB /* 212.47.233.235/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FEAC0 /* 212.47.234.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FEAD4 /* 212.47.234.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FEB51 /* 212.47.235.81/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FEC9D /* 212.47.236.157/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FED5F /* 212.47.237.95/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FEE41 /* 212.47.238.65/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FEEC1 /* 212.47.238.193/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FEF53 /* 212.47.239.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FEF97 /* 212.47.239.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FEFA3 /* 212.47.239.163/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FEFBB /* 212.47.239.187/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FF00A /* 212.47.240.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FF0BD /* 212.47.240.189/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FF115 /* 212.47.241.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FF35B /* 212.47.243.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FF38C /* 212.47.243.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FF3A6 /* 212.47.243.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FF426 /* 212.47.244.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FF462 /* 212.47.244.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FF54C /* 212.47.245.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FF5E3 /* 212.47.245.227/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FF612 /* 212.47.246.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FF615 /* 212.47.246.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FF6D3 /* 212.47.246.211/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FF871 /* 212.47.248.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FF93F /* 212.47.249.63/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FFBB3 /* 212.47.251.179/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FFDDF /* 212.47.253.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD42FFE82 /* 212.47.254.130/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD433867B /* 212.51.134.123/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4338AC4 /* 212.51.138.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4338F14 /* 212.51.143.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD43393ED /* 212.51.147.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4339619 /* 212.51.150.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD43396B8 /* 212.51.150.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4339755 /* 212.51.151.85/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD43397FA /* 212.51.151.250/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4339C4E /* 212.51.156.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4339E47 /* 212.51.158.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD438582F /* 212.56.88.47/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD438D6B2 /* 212.56.214.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD43C7E33 /* 212.60.126.51/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD43C8248 /* 212.60.130.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD444E4D5 /* 212.68.228.213/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD445A67A /* 212.69.166.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD445A699 /* 212.69.166.153/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD447FC74 /* 212.71.252.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD447FDE2 /* 212.71.253.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD448B013 /* 212.72.176.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD44AFEF3 /* 212.74.254.243/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD451C79F /* 212.81.199.159/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD45328EE /* 212.83.40.238/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD45328EF /* 212.83.40.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4538F2E /* 212.83.143.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4539A21 /* 212.83.154.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4539E05 /* 212.83.158.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4539E14 /* 212.83.158.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD453AE1A /* 212.83.174.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD453B03A /* 212.83.176.58/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD459E1F2 /* 212.89.225.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD45CD6F6 /* 212.92.214.246/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD45CDB0F /* 212.92.219.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD46B9CE2 /* 212.107.156.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD46B9CEE /* 212.107.156.238/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD46DD983 /* 212.109.217.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD46F28B1 /* 212.111.40.177/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD46F298F /* 212.111.41.143/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD472FE5B /* 212.114.254.91/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD475B421 /* 212.117.180.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD475B42D /* 212.117.180.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD475B46B /* 212.117.180.107/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4763E03 /* 212.118.62.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4810454 /* 212.129.4.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD48126FE /* 212.129.38.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4812A09 /* 212.129.42.9/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD481313B /* 212.129.49.59/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4813431 /* 212.129.52.49/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4813EE8 /* 212.129.62.232/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD496868C /* 212.150.134.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD49F4FE4 /* 212.159.79.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD49F5B15 /* 212.159.91.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD49F64E8 /* 212.159.100.232/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD49F70C4 /* 212.159.112.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD49FB1C6 /* 212.159.177.198/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4B5CE7A /* 212.181.206.122/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4B7D5E4 /* 212.183.213.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4BA4726 /* 212.186.71.38/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4BA59A2 /* 212.186.89.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4BB6183 /* 212.187.97.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4BBC8AA /* 212.187.200.170/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4C94483 /* 212.201.68.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4C94498 /* 212.201.68.152/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4E04C94 /* 212.224.76.148/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4E04EEA /* 212.224.78.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4E05FA1 /* 212.224.95.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4E05FE7 /* 212.224.95.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4E30936 /* 212.227.9.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4E81D65 /* 212.232.29.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4EEA021 /* 212.238.160.33/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4EED030 /* 212.238.208.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD4FBD3FE /* 212.251.211.254/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD50544CA /* 213.5.68.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5117CB2 /* 213.17.124.178/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5150A1E /* 213.21.10.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD520136C /* 213.32.19.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5201537 /* 213.32.21.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD52037C3 /* 213.32.55.195/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD52037F7 /* 213.32.55.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD52042C0 /* 213.32.66.192/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5204465 /* 213.32.68.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5205A0F /* 213.32.90.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5205A9A /* 213.32.90.154/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD52077DB /* 213.32.119.219/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD52F3136 /* 213.47.49.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD53D4274 /* 213.61.66.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD53D4275 /* 213.61.66.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD53D4276 /* 213.61.66.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD53D957D /* 213.61.149.125/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD53D957E /* 213.61.149.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD540416A /* 213.64.65.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD54963B6 /* 213.73.99.182/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD55F1536 /* 213.95.21.54/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD55F56B4 /* 213.95.86.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD56C6947 /* 213.108.105.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD56C6CEB /* 213.108.108.235/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD56D38C8 /* 213.109.56.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5708465 /* 213.112.132.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5717475 /* 213.113.116.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD571778A /* 213.113.119.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5729166 /* 213.114.145.102/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD57292BB /* 213.114.146.187/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD57295A0 /* 213.114.149.160/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD572E11E /* 213.114.225.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD572E952 /* 213.114.233.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD57CA99F /* 213.124.169.159/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD57CB319 /* 213.124.179.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD58306BA /* 213.131.6.186/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD585639C /* 213.133.99.156/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD587C66A /* 213.135.198.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD58845A2 /* 213.136.69.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD58845ED /* 213.136.69.237/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5884715 /* 213.136.71.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD588506D /* 213.136.80.109/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5885159 /* 213.136.81.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5885CBC /* 213.136.92.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5885E0A /* 213.136.94.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD58A66D1 /* 213.138.102.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD58A6D90 /* 213.138.109.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD58A6F1F /* 213.138.111.31/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD58C5CC7 /* 213.140.92.199/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD58D82E7 /* 213.141.130.231/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD58D8AAE /* 213.141.138.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD58D9613 /* 213.141.150.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5909D4B /* 213.144.157.75/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5975904 /* 213.151.89.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD598A11E /* 213.152.161.30/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD598A128 /* 213.152.161.40/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD59954D7 /* 213.153.84.215/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD59D0FEB /* 213.157.15.235/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD59FD02B /* 213.159.208.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5A1050C /* 213.161.5.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5A296BF /* 213.162.150.191/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5A346EA /* 213.163.70.234/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5A354C4 /* 213.163.84.196/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5A354CC /* 213.163.84.204/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5A354CD /* 213.163.84.205/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5A7F2B7 /* 213.167.242.183/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5B5CD3D /* 213.181.205.61/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5B5CD3E /* 213.181.205.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5B5CD3F /* 213.181.205.63/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5B7388C /* 213.183.56.140/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5B87E02 /* 213.184.126.2/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5B87EF2 /* 213.184.126.242/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5BC3465 /* 213.188.52.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5BCF58B /* 213.188.245.139/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5BF1B7B /* 213.191.27.123/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5C5167C /* 213.197.22.124/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5C52623 /* 213.197.38.35/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5CAE924 /* 213.202.233.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5E1A0DF /* 213.225.160.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5E2B4A6 /* 213.226.180.166/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5E9E27B /* 213.233.226.123/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5EFC519 /* 213.239.197.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5EFCA95 /* 213.239.202.149/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5EFCDEF /* 213.239.205.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5EFD329 /* 213.239.211.41/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5EFD414 /* 213.239.212.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5EFD8DE /* 213.239.216.222/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5EFD912 /* 213.239.217.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5EFD944 /* 213.239.217.68/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5EFF947 /* 213.239.249.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5F3AC2E /* 213.243.172.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5F53ED4 /* 213.245.62.212/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5F62D4C /* 213.246.45.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5F6383E /* 213.246.56.62/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5F6384F /* 213.246.56.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5F6385F /* 213.246.56.95/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5FBC7AE /* 213.251.199.174/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5FCA60F /* 213.252.166.15/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5FCF469 /* 213.252.244.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD5FE201A /* 213.254.32.26/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD80CC652 /* 216.12.198.82/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD80CC653 /* 216.12.198.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD80CC654 /* 216.12.198.84/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD8116390 /* 216.17.99.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD811654F /* 216.17.101.79/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD818F222 /* 216.24.242.34/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD837B515 /* 216.55.181.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD87FBB1D /* 216.127.187.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD89EE2D8 /* 216.158.226.216/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD8BAA827 /* 216.186.168.39/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD8BD96B9 /* 216.189.150.185/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD8C3851B /* 216.195.133.27/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD8C3A84E /* 216.195.168.78/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD8D37E59 /* 216.211.126.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD8DA860C /* 216.218.134.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD8DA9383 /* 216.218.147.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD8DADE0A /* 216.218.222.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD8DADE0B /* 216.218.222.11/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD8DADE0C /* 216.218.222.12/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD8DADE0D /* 216.218.222.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD8E6944D /* 216.230.148.77/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD8EF5A13 /* 216.239.90.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD8F455D3 /* 216.244.85.211/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD8FCA213 /* 216.252.162.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9083D43 /* 217.8.61.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD90B39E2 /* 217.11.57.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD90CC743 /* 217.12.199.67/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD90CC76C /* 217.12.199.108/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD90CC79E /* 217.12.199.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD90CC7BE /* 217.12.199.190/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD90CC7D0 /* 217.12.199.208/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD90CC7D1 /* 217.12.199.209/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD90CCA28 /* 217.12.202.40/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD90CCA4C /* 217.12.202.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD90CCA74 /* 217.12.202.116/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD90CCB2E /* 217.12.203.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD90CCCA1 /* 217.12.204.161/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD90CD075 /* 217.12.208.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD90CD230 /* 217.12.210.48/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD90CD25F /* 217.12.210.95/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD90CD2CF /* 217.12.210.207/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD90CD2D6 /* 217.12.210.214/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD90DC505 /* 217.13.197.5/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD910B514 /* 217.16.181.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD910B614 /* 217.16.182.20/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9148248 /* 217.20.130.72/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9170767 /* 217.23.7.103/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9170B59 /* 217.23.11.89/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9170B8A /* 217.23.11.138/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9170D81 /* 217.23.13.129/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9170FC8 /* 217.23.15.200/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9178A69 /* 217.23.138.105/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD919AD97 /* 217.25.173.151/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD919E2A0 /* 217.25.226.160/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD91C60B4 /* 217.28.96.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD91CDAEF /* 217.28.218.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD91D3AB8 /* 217.29.58.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD92ADC0E /* 217.42.220.14/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD93214DF /* 217.50.20.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD93FFE63 /* 217.63.254.99/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD945905E /* 217.69.144.94/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD946BF0D /* 217.70.191.13/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD94FB23C /* 217.79.178.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD94FB27E /* 217.79.178.126/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD94FB3B1 /* 217.79.179.177/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD94FB65F /* 217.79.182.95/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD94FBE19 /* 217.79.190.25/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD95235B5 /* 217.82.53.181/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD95509BC /* 217.85.9.188/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD967A496 /* 217.103.164.150/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD96BC10A /* 217.107.193.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9708318 /* 217.112.131.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9708362 /* 217.112.131.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9719E34 /* 217.113.158.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD97293F5 /* 217.114.147.245/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9730A83 /* 217.115.10.131/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9730A84 /* 217.115.10.132/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD975E3E2 /* 217.117.227.226/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD97AAF13 /* 217.122.175.19/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD97AC053 /* 217.122.192.83/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9840EFD /* 217.132.14.253/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD993D66B /* 217.147.214.107/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD996E2B4 /* 217.150.226.180/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD99B0A12 /* 217.155.10.18/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD99B2876 /* 217.155.40.118/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9A00DAD /* 217.160.13.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9A00FF7 /* 217.160.15.247/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9A08D34 /* 217.160.141.52/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9A0B20A /* 217.160.178.10/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9A0B3E9 /* 217.160.179.233/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9AAC96A /* 217.170.201.106/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9AACD71 /* 217.170.205.113/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9AC204C /* 217.172.32.76/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9ACF73C /* 217.172.247.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9C553A2 /* 217.197.83.162/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9C55415 /* 217.197.84.21/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9C55418 /* 217.197.84.24/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9C556AD /* 217.197.86.173/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9C55B91 /* 217.197.91.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9D1B3CA /* 217.209.179.202/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9D35942 /* 217.211.89.66/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9E416D8 /* 217.228.22.216/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9E4D647 /* 217.228.214.71/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9E74909 /* 217.231.73.9/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9EBEDEF /* 217.235.237.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9EEEC9E /* 217.238.236.158/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9EF0D24 /* 217.239.13.36/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9F176FD /* 217.241.118.253/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9F4AB1D /* 217.244.171.29/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9F6BE2B /* 217.246.190.43/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9F942DF /* 217.249.66.223/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9FAD604 /* 217.250.214.4/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9FB0E75 /* 217.251.14.117/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9FD2262 /* 217.253.34.98/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9FD2640 /* 217.253.38.64/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xD9FE5EEF /* 217.254.94.239/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xDAB44A3C /* 218.180.74.60/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xDB4EB793 /* 219.78.183.147/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xDB58E8E6 /* 219.88.232.230/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xDB685CD8 /* 219.104.92.216/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xDB6F57A5 /* 219.111.87.165/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xDB75CE2E /* 219.117.206.46/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xDB75F165 /* 219.117.241.101/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xDC870EE4 /* 220.135.14.228/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xDCDC4591 /* 220.220.69.145/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xDCE97BAC /* 220.233.123.172/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xDCE9A811 /* 220.233.168.17/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xDCF05090 /* 220.240.80.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xDCFD0FF1 /* 220.253.15.241/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xDD274EC9 /* 221.39.78.201/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xDD7999B8 /* 221.121.153.184/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xDDA12637 /* 221.161.38.55/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xDE036590 /* 222.3.101.144/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xDE0A3840 /* 222.10.56.64/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xDE9BA103 /* 222.155.161.3/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xDF10252D /* 223.16.37.45/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xDF1A30F8 /* 223.26.48.248/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xDF87439F /* 223.135.67.159/32 */, 32, NDPI_PROTOCOL_TOR }, + { 0xDF87D907 /* 223.135.217.7/32 */, 32, NDPI_PROTOCOL_TOR }, /* - Twitch ingestion servers : - https://api.twitch.tv/kraken/ingests - Edoardo Dominici edoaramis@gmail.com + Twitch Interactive Inc. + origin AS46489 */ - { 0xB92ACC5D, 32, NDPI_PROTOCOL_TWITCH }, - { 0xB92ACC92, 32, NDPI_PROTOCOL_TWITCH }, - { 0xB92ACCA4, 32, NDPI_PROTOCOL_TWITCH }, - { 0xB92ACCCD, 32, NDPI_PROTOCOL_TWITCH }, - { 0xB92ACC30, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709FE15, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709FE19, 32, NDPI_PROTOCOL_TWITCH }, - { 0xBCACD305, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC0104616, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC010461D, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC0104650, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC0104651, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709FEA3, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709FE87, 32, NDPI_PROTOCOL_TWITCH }, - { 0xB92ACD85, 32, NDPI_PROTOCOL_TWITCH }, - { 0xB92ACDA4, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC010419A, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC01041AD, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC0104172, 32, NDPI_PROTOCOL_TWITCH }, - { 0xB92ACD68, 32, NDPI_PROTOCOL_TWITCH }, - { 0xB92ACD55, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC0104219, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC010421A, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC010421B, 32, NDPI_PROTOCOL_TWITCH }, - { 0xBCACD205, 32, NDPI_PROTOCOL_TWITCH }, - { 0xBCACCB05, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC010413C, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC010413D, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC010413E, 32, NDPI_PROTOCOL_TWITCH }, - { 0xBCACD105, 32, NDPI_PROTOCOL_TWITCH }, - { 0xBCACD005, 32, NDPI_PROTOCOL_TWITCH }, - { 0xBCACCA05, 32, NDPI_PROTOCOL_TWITCH }, - { 0xB92ACD06, 32, NDPI_PROTOCOL_TWITCH }, - { 0xB92ACD14, 32, NDPI_PROTOCOL_TWITCH }, - { 0xB92ACCF3, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709F9C7, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709F9C9, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709F9CB, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709FBA4, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709FBA6, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709FBAA, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709FBB1, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709FBE8, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709FBE9, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709FBEA, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709FBEB, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709FBFB, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709FBFC, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709FBFD, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709FBFE, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709FF4B, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709FF4C, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709F974, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709F976, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709F978, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709F97D, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709F985, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709F986, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709F987, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709F98C, 32, NDPI_PROTOCOL_TWITCH }, - { 0xC709F9C5, 32, NDPI_PROTOCOL_TWITCH }, + + { 0x17A00000 /* 23.160.0.0/24 */, 24, NDPI_PROTOCOL_TWITCH }, + { 0x2D718000 /* 45.113.128.0/22 */, 22, NDPI_PROTOCOL_TWITCH }, + { 0x34DFC000 /* 52.223.192.0/20 */, 20, NDPI_PROTOCOL_TWITCH }, + { 0x34DFD000 /* 52.223.208.0/21 */, 21, NDPI_PROTOCOL_TWITCH }, + { 0x34DFD800 /* 52.223.216.0/21 */, 21, NDPI_PROTOCOL_TWITCH }, + { 0x34DFE000 /* 52.223.224.0/20 */, 20, NDPI_PROTOCOL_TWITCH }, + { 0x34DFF000 /* 52.223.240.0/20 */, 20, NDPI_PROTOCOL_TWITCH }, + { 0x67353000 /* 103.53.48.0/22 */, 22, NDPI_PROTOCOL_TWITCH }, + { 0xB92ACC00 /* 185.42.204.0/22 */, 22, NDPI_PROTOCOL_TWITCH }, + { 0xC0104000 /* 192.16.64.0/21 */, 21, NDPI_PROTOCOL_TWITCH }, + { 0xC06CEF00 /* 192.108.239.0/24 */, 24, NDPI_PROTOCOL_TWITCH }, + { 0xC709F800 /* 199.9.248.0/21 */, 21, NDPI_PROTOCOL_TWITCH }, /* - AnchorFree (Hotspot Shield) - AnchorFree Inc. AFNETWORK-1 (NET-74-115-0-0-1) 74.115.0.0 - 74.115.7.255 + AnchorFree, Inc. (Hotspot Shield) + origin AS26642 */ - { 0x4A730000, 21, NDPI_PROTOCOL_HOTSPOT_SHIELD }, + + { 0x2E102200 /* 46.16.34.0/24 */, 24, NDPI_PROTOCOL_HOTSPOT_SHIELD }, + { 0x2E102300 /* 46.16.35.0/24 */, 24, NDPI_PROTOCOL_HOTSPOT_SHIELD }, + { 0x32752D00 /* 50.117.45.0/24 */, 24, NDPI_PROTOCOL_HOTSPOT_SHIELD }, + { 0x3F8DC600 /* 63.141.198.0/23 */, 23, NDPI_PROTOCOL_HOTSPOT_SHIELD }, + { 0x4A730100 /* 74.115.1.0/24 */, 24, NDPI_PROTOCOL_HOTSPOT_SHIELD }, + { 0x4A730500 /* 74.115.5.0/24 */, 24, NDPI_PROTOCOL_HOTSPOT_SHIELD }, + { 0x4A730600 /* 74.115.6.0/24 */, 24, NDPI_PROTOCOL_HOTSPOT_SHIELD }, + { 0x55EDC500 /* 85.237.197.0/24 */, 24, NDPI_PROTOCOL_HOTSPOT_SHIELD }, + { 0x55EDDE00 /* 85.237.222.0/24 */, 24, NDPI_PROTOCOL_HOTSPOT_SHIELD }, + { 0xC62F7300 /* 198.47.115.0/24 */, 24, NDPI_PROTOCOL_HOTSPOT_SHIELD }, + { 0xC6906800 /* 198.144.104.0/24 */, 24, NDPI_PROTOCOL_HOTSPOT_SHIELD }, + { 0xC7FFD700 /* 199.255.215.0/24 */, 24, NDPI_PROTOCOL_HOTSPOT_SHIELD }, + { 0xCC0E4A00 /* 204.14.74.0/24 */, 24, NDPI_PROTOCOL_HOTSPOT_SHIELD }, + { 0xCC0E4C00 /* 204.14.76.0/24 */, 24, NDPI_PROTOCOL_HOTSPOT_SHIELD }, + { 0xCC0E4D00 /* 204.14.77.0/24 */, 24, NDPI_PROTOCOL_HOTSPOT_SHIELD }, + { 0xCC0E4E00 /* 204.14.78.0/24 */, 24, NDPI_PROTOCOL_HOTSPOT_SHIELD }, + { 0xCDA42000 /* 205.164.32.0/24 */, 24, NDPI_PROTOCOL_HOTSPOT_SHIELD }, + { 0xD1498400 /* 209.73.132.0/24 */, 24, NDPI_PROTOCOL_HOTSPOT_SHIELD }, + { 0xD1499700 /* 209.73.151.0/24 */, 24, NDPI_PROTOCOL_HOTSPOT_SHIELD }, + { 0xD8AC8E00 /* 216.172.142.0/24 */, 24, NDPI_PROTOCOL_HOTSPOT_SHIELD }, /* - Github: https://help.github.com/articles/what-ip-addresses-does-github-use-that-i-should-whitelist/ - 192.30.252.0/22 + GitHub, Inc. + origin AS36459 */ + { 0xC01EFC00 /* 192.30.252.0/22 */, 22, NDPI_PROTOCOL_GITHUB }, /* -- cgit v1.2.3 From a787287bfa02b8fe69d9b8655e9e27073d3a9a43 Mon Sep 17 00:00:00 2001 From: Campus Date: Wed, 22 Feb 2017 17:14:52 +0100 Subject: fix and improved netflix detection by user-agent --- example/ndpiReader.c | 2 +- src/lib/protocols/http.c | 11 ++++++----- 2 files changed, 7 insertions(+), 6 deletions(-) (limited to 'src') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 72b495912..e7761e7f7 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1,7 +1,7 @@ /* * ndpiReader.c * - * Copyright (C) 2011-16 - ntop.org + * Copyright (C) 2011-17 - ntop.org * * nDPI is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 41e04467c..e8b22a145 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -1,8 +1,7 @@ /* * http.c * - * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-17 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -326,8 +325,12 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ } } } + else if(memcmp(ua, "netflix-ios-app", 15) == 0) { + ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_NETFLIX); + return; + } } - + NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "User Agent Type Line found %.*s\n", packet->user_agent_line.len, packet->user_agent_line.ptr); } @@ -419,8 +422,6 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ (char*)packet->content_line.ptr, packet->content_line.len, NDPI_PROTOCOL_HTTP); } - - /* check user agent here too */ } static void check_http_payload(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) -- cgit v1.2.3 From 889cdbff3c553789969b5f4d59a513dd0bf8bf4f Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sat, 25 Feb 2017 06:31:07 +0100 Subject: Fixed bug that can lkead to a crash in iqiyi dissector --- src/lib/protocols/http.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index e8b22a145..5ca47476a 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -841,9 +841,10 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct // additional field in http payload x = 1; while(packet->line[x].len != 0) { - if((memcmp(packet->line[x].ptr, "qyid", 4)) == 0 && - (memcmp(packet->line[x+1].ptr, "qypid", 5)) == 0 && - (memcmp(packet->line[x+2].ptr, "qyplatform", 10)) == 0) { + if(packet->line[x].ptr && ((memcmp(packet->line[x].ptr, "qyid", 4)) == 0) + && packet->line[x+1].ptr && ((memcmp(packet->line[x+1].ptr, "qypid", 5)) == 0) + && packet->line[x+2].ptr && ((memcmp(packet->line[x+2].ptr, "qyplatform", 10)) == 0) + ) { flow->l4.tcp.ppstream_stage++; iqiyi_counter++; check_content_type_and_change_protocol(ndpi_struct, flow); -- cgit v1.2.3 From fd93036b792bc33a81cb46164b7a3184d8723fd6 Mon Sep 17 00:00:00 2001 From: Campus Date: Sun, 5 Mar 2017 12:38:15 +0100 Subject: better improvement of netflix traffic detection - added netflix pcap and output - change little bit http detection behaviour --- src/lib/protocols/http.c | 43 +++++++++++++++++++-------- tests/pcap/netflix.pcap | Bin 0 -> 6267049 bytes tests/result/netflix.pcap.out | 67 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 98 insertions(+), 12 deletions(-) create mode 100644 tests/pcap/netflix.pcap create mode 100644 tests/result/netflix.pcap.out (limited to 'src') diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 5ca47476a..82167e204 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -341,7 +341,8 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HOST Line found %.*s\n", packet->host_line.len, packet->host_line.ptr); - + + /* call ndpi_match_host_subprotocol to see if there is a match with known-host http subprotocol */ if((ndpi_struct->http_dont_dissect_response) || flow->http_detected) ndpi_match_host_subprotocol(ndpi_struct, flow, (char*)packet->host_line.ptr, @@ -356,25 +357,43 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ len = ndpi_min(packet->forwarded_line.len, sizeof(flow->nat_ip)-1); strncpy((char*)flow->nat_ip, (char*)packet->forwarded_line.ptr, len); flow->nat_ip[len] = '\0'; - + if(ndpi_struct->http_dont_dissect_response) parseHttpSubprotocol(ndpi_struct, flow); - if((flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) - && ((ndpi_struct->http_dont_dissect_response) || flow->http_detected)) - ndpi_match_host_subprotocol(ndpi_struct, flow, - (char *)flow->host_server_name, - strlen((const char *)flow->host_server_name), - NDPI_PROTOCOL_HTTP); + /** + check result of host subprotocol detection + + if "detected" in flow == 0 then "detected" = "guess" + else "guess" = "detected" + **/ + if(flow->detected_protocol_stack[1] == 0) { + flow->detected_protocol_stack[1] = flow->guessed_protocol_id; + if(flow->detected_protocol_stack[0] == 0) + flow->detected_protocol_stack[0] = flow->guessed_host_protocol_id; + } + else { + if(flow->detected_protocol_stack[1] != flow->guessed_protocol_id) + flow->guessed_protocol_id = flow->detected_protocol_stack[1]; + if(flow->detected_protocol_stack[0] != flow->guessed_host_protocol_id) + flow->guessed_host_protocol_id = flow->detected_protocol_stack[0]; + } + + /* if((flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) */ + /* && ((ndpi_struct->http_dont_dissect_response) || flow->http_detected)) */ + /* ndpi_match_host_subprotocol(ndpi_struct, flow, */ + /* (char *)flow->host_server_name, */ + /* strlen((const char *)flow->host_server_name), */ + /* NDPI_PROTOCOL_HTTP); */ if((flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) && ((ndpi_struct->http_dont_dissect_response) || flow->http_detected) && (packet->http_origin.len > 0)) ndpi_match_host_subprotocol(ndpi_struct, flow, - (char *)packet->http_origin.ptr, - packet->http_origin.len, - NDPI_PROTOCOL_HTTP); - + (char *)packet->http_origin.ptr, + packet->http_origin.len, + NDPI_PROTOCOL_HTTP); + if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) { if(packet->detected_protocol_stack[0] != NDPI_PROTOCOL_HTTP) { ndpi_int_http_add_connection(ndpi_struct, flow, packet->detected_protocol_stack[0]); diff --git a/tests/pcap/netflix.pcap b/tests/pcap/netflix.pcap new file mode 100644 index 000000000..5139cf5cc Binary files /dev/null and b/tests/pcap/netflix.pcap differ diff --git a/tests/result/netflix.pcap.out b/tests/result/netflix.pcap.out new file mode 100644 index 000000000..ec6e125c6 --- /dev/null +++ b/tests/result/netflix.pcap.out @@ -0,0 +1,67 @@ +DNS 4 386 2 +SSDP 16 2648 1 +IGMP 1 60 1 +NetFlix 6976 6151821 56 +Amazon 2 126 1 + + 1 TCP 192.168.1.7:53149 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][126 pkts/128603 bytes][Host: art-2.nflximg.net] + 2 TCP 192.168.1.7:53153 <-> 184.25.204.24:80 [proto: 7.133/HTTP.NetFlix][637 pkts/745904 bytes][Host: tp.akam.nflximg.com] + 3 TCP 192.168.1.7:53251 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][41 pkts/34971 bytes][Host: art-1.nflximg.net] + 4 UDP 192.168.1.1:53 <-> 192.168.1.7:51543 [proto: 5.133/DNS.NetFlix][4 pkts/806 bytes][Host: ios.nccp.netflix.com] + 5 UDP 192.168.1.1:53 <-> 192.168.1.7:51949 [proto: 5.133/DNS.NetFlix][2 pkts/322 bytes][Host: api-global.latency.prodaa.netflix.com] + 6 UDP 192.168.1.1:53 <-> 192.168.1.7:52095 [proto: 5.133/DNS.NetFlix][2 pkts/322 bytes][Host: api-global.latency.prodaa.netflix.com] + 7 UDP 192.168.1.1:53 <-> 192.168.1.7:52347 [proto: 5.133/DNS.NetFlix][2 pkts/451 bytes][Host: ios.nccp.netflix.com] + 8 UDP 192.168.1.1:53 <-> 192.168.1.7:57093 [proto: 5/DNS][2 pkts/194 bytes][Host: a1907.dscg.akamai.net] + 9 UDP 192.168.1.1:53 <-> 192.168.1.7:57719 [proto: 5.133/DNS.NetFlix][2 pkts/222 bytes][Host: sha2.san.akam.nflximg.net] + 10 TCP 192.168.1.7:53163 <-> 23.246.11.145:80 [proto: 7.133/HTTP.NetFlix][53 pkts/45005 bytes] + 11 TCP 192.168.1.7:53171 <-> 23.246.3.140:80 [proto: 7.133/HTTP.NetFlix][55 pkts/47007 bytes] + 12 TCP 192.168.1.7:53173 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][49 pkts/32105 bytes] + 13 TCP 192.168.1.7:53175 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][53 pkts/30613 bytes] + 14 TCP 192.168.1.7:53177 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][55 pkts/29233 bytes] + 15 TCP 192.168.1.7:53179 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][60 pkts/40140 bytes] + 16 TCP 192.168.1.7:53181 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][54 pkts/25252 bytes] + 17 TCP 192.168.1.7:53183 <-> 23.246.3.140:80 [proto: 7.133/HTTP.NetFlix][1307 pkts/1242780 bytes][Host: 23.246.3.140] + 18 TCP 192.168.1.7:53217 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][1872 pkts/1858337 bytes][Host: 23.246.11.141] + 19 IGMP 192.168.1.7:0 <-> 239.255.255.250:0 [proto: 82/IGMP][1 pkts/60 bytes] + 20 TCP 192.168.1.7:53152 <-> 52.89.39.139:80 [proto: 7.133/HTTP.NetFlix][27 pkts/16505 bytes][Host: api-global.netflix.com] + 21 TCP 192.168.1.7:53116 <-> 52.32.196.36:443 [proto: 91.133/SSL.NetFlix][148 pkts/73954 bytes][client: api-global.netflix.com] + 22 TCP 52.41.30.5:443 <-> 192.168.1.7:53239 [proto: 91.133/SSL.NetFlix][48 pkts/29661 bytes][client: api-global.netflix.com] + 23 TCP 192.168.1.7:53133 <-> 52.89.39.139:443 [proto: 91.133/SSL.NetFlix][69 pkts/43938 bytes][client: api-global.netflix.com] + 24 TCP 192.168.1.7:53203 <-> 52.37.36.252:443 [proto: 91.133/SSL.NetFlix][45 pkts/27952 bytes][client: ichnaea.netflix.com] + 25 TCP 192.168.1.7:53238 <-> 52.32.22.214:443 [proto: 91.133/SSL.NetFlix][31 pkts/10934 bytes][client: ios.nccp.netflix.com] + 26 TCP 192.168.1.7:53248 <-> 52.32.22.214:443 [proto: 91.133/SSL.NetFlix][22 pkts/10239 bytes][client: ios.nccp.netflix.com] + 27 TCP 52.41.30.5:443 <-> 192.168.1.7:53249 [proto: 91.133/SSL.NetFlix][52 pkts/25886 bytes][client: api-global.netflix.com] + 28 TCP 192.168.1.7:53105 <-> 54.69.204.241:443 [proto: 91.133/SSL.NetFlix][37 pkts/9285 bytes][client: ichnaea.netflix.com] + 29 TCP 192.168.1.7:53119 <-> 54.69.204.241:443 [proto: 91.133/SSL.NetFlix][36 pkts/12874 bytes][client: ichnaea.netflix.com] + 30 TCP 192.168.1.7:53193 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][71 pkts/58161 bytes][client: ios.nccp.netflix.com] + 31 TCP 192.168.1.7:53148 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][63 pkts/47005 bytes][Host: art-2.nflximg.net] + 32 TCP 192.168.1.7:53150 <-> 184.25.204.25:80 [proto: 7.133/HTTP.NetFlix][21 pkts/13259 bytes][Host: art-2.nflximg.net] + 33 TCP 192.168.1.7:53252 <-> 184.25.204.10:80 [proto: 7.133/HTTP.NetFlix][41 pkts/42239 bytes][Host: art-1.nflximg.net] + 34 UDP 192.168.1.1:53 <-> 192.168.1.7:51622 [proto: 5.133/DNS.NetFlix][4 pkts/806 bytes][Host: ios.nccp.netflix.com] + 35 UDP 192.168.1.1:53 <-> 192.168.1.7:51728 [proto: 5/DNS][2 pkts/192 bytes][Host: a803.dscg.akamai.net] + 36 UDP 192.168.1.1:53 <-> 192.168.1.7:52116 [proto: 5.133/DNS.NetFlix][2 pkts/320 bytes][Host: ichnaea.us-west-2.prodaa.netflix.com] + 37 UDP 192.168.1.1:53 <-> 192.168.1.7:58102 [proto: 5.133/DNS.NetFlix][2 pkts/271 bytes][Host: appboot.netflix.com] + 38 UDP 192.168.1.1:53 <-> 192.168.1.7:59180 [proto: 5.133/DNS.NetFlix][2 pkts/232 bytes][Host: artwork.akam.nflximg.net] + 39 UDP 192.168.1.1:53 <-> 192.168.1.7:60962 [proto: 5.133/DNS.NetFlix][2 pkts/331 bytes][Host: ichnaea.geo.netflix.com] + 40 UDP 192.168.1.7:53776 <-> 239.255.255.250:1900 [proto: 12/SSDP][16 pkts/2648 bytes] + 41 TCP 192.168.1.7:53164 <-> 23.246.10.139:80 [proto: 7.133/HTTP.NetFlix][58 pkts/47176 bytes] + 42 TCP 192.168.1.7:53172 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][50 pkts/25032 bytes] + 43 TCP 192.168.1.7:53174 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][54 pkts/25348 bytes] + 44 TCP 192.168.1.7:53176 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][57 pkts/28485 bytes] + 45 TCP 192.168.1.7:53178 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][52 pkts/28063 bytes] + 46 TCP 192.168.1.7:53180 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][55 pkts/28320 bytes] + 47 TCP 192.168.1.7:53182 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][58 pkts/32796 bytes] + 48 TCP 192.168.1.7:53184 <-> 23.246.11.141:80 [proto: 7.133/HTTP.NetFlix][178 pkts/157382 bytes][Host: 23.246.11.141] + 49 TCP 192.168.1.7:53210 <-> 23.246.11.133:80 [proto: 7.133/HTTP.NetFlix][788 pkts/759283 bytes][Host: 23.246.11.133] + 50 TCP 52.24.87.6:443 <-> 192.168.1.7:52929 [proto: 91.178/SSL.Amazon][2 pkts/126 bytes] + 51 TCP 192.168.1.7:53115 <-> 52.32.196.36:443 [proto: 91.133/SSL.NetFlix][28 pkts/6662 bytes][client: api-global.netflix.com] + 52 TCP 192.168.1.7:53117 <-> 52.32.196.36:443 [proto: 91.133/SSL.NetFlix][20 pkts/3017 bytes][client: api-global.netflix.com] + 53 TCP 192.168.1.7:53132 <-> 52.89.39.139:443 [proto: 91.133/SSL.NetFlix][40 pkts/13487 bytes][client: api-global.netflix.com] + 54 TCP 192.168.1.7:53134 <-> 52.89.39.139:443 [proto: 91.133/SSL.NetFlix][25 pkts/8201 bytes][client: api-global.netflix.com] + 55 TCP 192.168.1.7:53151 <-> 54.201.191.132:80 [proto: 7.133/HTTP.NetFlix][41 pkts/33170 bytes][Host: appboot.netflix.com] + 56 TCP 52.41.30.5:443 <-> 192.168.1.7:53250 [proto: 91.133/SSL.NetFlix][17 pkts/5314 bytes][client: api-global.netflix.com] + 57 TCP 192.168.1.7:53114 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][25 pkts/8228 bytes][client: ios.nccp.netflix.com] + 58 TCP 192.168.1.7:53118 <-> 54.69.204.241:443 [proto: 91.133/SSL.NetFlix][34 pkts/12728 bytes][client: ichnaea.netflix.com] + 59 TCP 192.168.1.7:53162 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][31 pkts/14720 bytes][client: ios.nccp.netflix.com] + 60 TCP 192.168.1.7:53202 <-> 54.191.17.51:443 [proto: 91.133/SSL.NetFlix][38 pkts/18536 bytes][client: ios.nccp.netflix.com] + 61 TCP 192.168.1.7:53141 <-> 104.86.97.179:443 [proto: 91.133/SSL.NetFlix][230 pkts/209948 bytes][client: art-s.nflximg.net] -- cgit v1.2.3 From f831f30556a0178682061432cd1ab537f4cdc625 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 7 Mar 2017 10:19:29 +0100 Subject: Fixed invalid SNMP detection --- src/lib/protocols/snmp.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/lib/protocols/snmp.c b/src/lib/protocols/snmp.c index b4af37442..71de7589b 100644 --- a/src/lib/protocols/snmp.c +++ b/src/lib/protocols/snmp.c @@ -41,6 +41,8 @@ void ndpi_search_snmp(struct ndpi_detection_module_struct *ndpi_struct, struct n if (packet->payload_packet_len > 32 && packet->payload[0] == 0x30) { int offset; + u_int16_t u16; + switch (packet->payload[1]) { case 0x81: offset = 3; @@ -56,8 +58,10 @@ void ndpi_search_snmp(struct ndpi_detection_module_struct *ndpi_struct, struct n offset = 2; } - if (get_u_int16_t(packet->payload, offset) != htons(0x0201)) { - NDPI_LOG(NDPI_PROTOCOL_SNMP, ndpi_struct, NDPI_LOG_DEBUG, "SNMP excluded, 0x0201 pattern not found\n"); + u16 = ntohs(get_u_int16_t(packet->payload, offset)); + + if((u16 != 0x0201) && (u16 != 0x0204)) { + NDPI_LOG(NDPI_PROTOCOL_SNMP, ndpi_struct, NDPI_LOG_DEBUG, "SNMP excluded, 0x0201/0x0204 pattern not found\n"); goto excl; } -- cgit v1.2.3 From 940c185c5d6ae3c523e2b46c608792475e8e206e Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 7 Mar 2017 10:40:42 +0100 Subject: Improved BJNP protocol --- src/lib/protocols/bjnp.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/lib/protocols/bjnp.c b/src/lib/protocols/bjnp.c index 260bbb9ea..28ddede05 100644 --- a/src/lib/protocols/bjnp.c +++ b/src/lib/protocols/bjnp.c @@ -17,8 +17,12 @@ static void ndpi_check_bjnp(struct ndpi_detection_module_struct *ndpi_struct, st u_int32_t payload_len = packet->payload_packet_len; if(packet->udp != NULL) { - if(payload_len > 2) { - if(strncmp((const char *)packet->payload, "BJNP", 4) == 0) { + if(payload_len > 4) { + if((memcmp((const char *)packet->payload, "BJNP", 4) == 0) + || (memcmp((const char *)packet->payload, "BNJB", 4) == 0) + || (memcmp((const char *)packet->payload, "BJNB", 4) == 0) + || (memcmp((const char *)packet->payload, "MFNP", 4) == 0) + ) { NDPI_LOG(NDPI_PROTOCOL_BJNP, ndpi_struct, NDPI_LOG_DEBUG, "Found bjnp.\n"); ndpi_int_bjnp_add_connection(ndpi_struct, flow, 0); return; -- cgit v1.2.3 From 616b6ce4d5230f103e6b68744b8b15f2b7040226 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Thu, 9 Mar 2017 04:54:42 +0000 Subject: spelling: address --- src/lib/protocols/msn.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/lib/protocols/msn.c b/src/lib/protocols/msn.c index 2f5b6c468..2ef60e8ff 100644 --- a/src/lib/protocols/msn.c +++ b/src/lib/protocols/msn.c @@ -203,7 +203,7 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct if(memcmp(&packet->payload[5], "http://", 7) == 0) { /* * We are searching for a pattern "POST http://gateway.messenger.hotmail.com/gateway/gateway.dll" or - * "POST http:///gateway/gateway.dll" + * "POST http:///gateway/gateway.dll" * POST http:// is 12 byte so we are searching for 13 to 70 byte for this paten. */ for(c = 13; c < 50; c++) { -- cgit v1.2.3 From b0e0b2920131620faed24cbf8ce2060158430464 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Thu, 9 Mar 2017 04:56:31 +0000 Subject: spelling: associated --- src/lib/third_party/src/ndpi_patricia.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/lib/third_party/src/ndpi_patricia.c b/src/lib/third_party/src/ndpi_patricia.c index c9c052314..ccf76473d 100644 --- a/src/lib/third_party/src/ndpi_patricia.c +++ b/src/lib/third_party/src/ndpi_patricia.c @@ -874,7 +874,7 @@ ndpi_patricia_remove (patricia_tree_t *patricia, patricia_node_t *node) #endif /* PATRICIA_DEBUG */ /* this might be a placeholder node -- have to check and make sure - * there is a prefix aossciated with it ! */ + * there is a prefix associated with it ! */ if(node->prefix != NULL) ndpi_Deref_Prefix (node->prefix); node->prefix = NULL; -- cgit v1.2.3 From 6a7ad10ae0d9f7dcfc24cc2c0482dbd430cf2bc1 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 21:22:34 +0000 Subject: spelling: conservative --- src/lib/protocols/ftp_data.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/lib/protocols/ftp_data.c b/src/lib/protocols/ftp_data.c index 47b45ec4c..f5622ffb5 100644 --- a/src/lib/protocols/ftp_data.c +++ b/src/lib/protocols/ftp_data.c @@ -62,7 +62,7 @@ static int ndpi_match_file_header(struct ndpi_detection_module_struct *ndpi_stru struct ndpi_packet_struct *packet = &flow->packet; u_int32_t payload_len = packet->payload_packet_len; - /* A FTP packet is pretty long so 256 is a bit consrvative but it should be OK */ + /* A FTP packet is pretty long so 256 is a bit conservative but it should be OK */ if(packet->payload_packet_len < 256) return 0; -- cgit v1.2.3 From 064562558525e5377ad71545919b130b2eab9da9 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 21:31:28 +0000 Subject: spelling: datastructure --- src/lib/ndpi_main.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 2bf1a103e..51c9bef7a 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -528,7 +528,7 @@ static void addDefaultPort(ndpi_port_range *range, NOTE This function must be called with a semaphore set, this in order to avoid - changing the datastrutures while using them + changing the datastructures while using them */ static int removeDefaultPort(ndpi_port_range *range, ndpi_proto_defaults_t *def, @@ -605,7 +605,7 @@ int ndpi_add_content_subprotocol(struct ndpi_detection_module_struct *ndpi_struc NOTE This function must be called with a semaphore set, this in order to avoid - changing the datastrutures while using them + changing the datastructures while using them */ static int ndpi_remove_host_url_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, char *value, int protocol_id) { -- cgit v1.2.3 From e89ce717ba2e6ddf06b5c4bf365157dc70c6cc8d Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 21:31:56 +0000 Subject: spelling: delivered --- src/lib/protocols/http.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 82167e204..a807f669b 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -847,7 +847,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct } /* check PPStream protocol or iQiyi service - (iqiyi is deliverd by ppstream) */ + (iqiyi is delivered by ppstream) */ // substring in url if(strstr((const char*) &packet->payload[filename_start], "iqiyi.com") != NULL) { if(kxun_counter == 0) { -- cgit v1.2.3 From 47f9f54b896d20fed175c44ad971575294064f8e Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 21:32:19 +0000 Subject: spelling: discarded --- src/lib/protocols/zattoo.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/lib/protocols/zattoo.c b/src/lib/protocols/zattoo.c index 41d369cf7..3b6adcec8 100644 --- a/src/lib/protocols/zattoo.c +++ b/src/lib/protocols/zattoo.c @@ -230,7 +230,7 @@ void ndpi_search_zattoo(struct ndpi_detection_module_struct *ndpi_struct, struct } NDPI_LOG(NDPI_PROTOCOL_ZATTOO, ndpi_struct, NDPI_LOG_DEBUG, - "ZATTOO: discarted the flow (TCP): packet_size: %u; Flowstage: %u\n", + "ZATTOO: discarded the flow (TCP): packet_size: %u; Flowstage: %u\n", packet->payload_packet_len, flow->zattoo_stage); } -- cgit v1.2.3 From 3dbb97413c6a936ec73a0679cd461167f58e26c4 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 21:32:57 +0000 Subject: spelling: encryption --- src/include/ndpi_typedefs.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 68e332c23..506f79ddd 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -170,7 +170,7 @@ struct ndpi_wifi_header u_char trsm[6]; u_char dest[6]; u_int16_t seq_ctrl; - /* u_int64_t ccmp - for data encription only - check fc.flag */ + /* u_int64_t ccmp - for data encryption only - check fc.flag */ } PACK_OFF; /* +++++++++++++++++++++++ MPLS header +++++++++++++++++++++++ */ -- cgit v1.2.3 From f8fed9be7e443c8261c5eba764135f0dd21d7ae5 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 21:33:32 +0000 Subject: spelling: exclude --- src/lib/protocols/http.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index a807f669b..79d61fc94 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -1181,7 +1181,7 @@ void init_http_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int NDPI_BITMASK_SET(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, ndpi_struct->callback_buffer[a].detection_bitmask); - /*Delete protocol from exluded protocol bitmask*/ + /*Delete protocol from excluded protocol bitmask*/ NDPI_DEL_PROTOCOL_FROM_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, NDPI_PROTOCOL_UNKNOWN); NDPI_DEL_PROTOCOL_FROM_BITMASK(ndpi_struct->callback_buffer[a].excluded_protocol_bitmask, NDPI_PROTOCOL_QQ); -- cgit v1.2.3 From 66e93da6f530ea83b16f14c1ec3e89f00517f8f0 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 21:33:20 +0000 Subject: spelling: excluding --- src/lib/protocols/gnutella.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/lib/protocols/gnutella.c b/src/lib/protocols/gnutella.c index e45096391..1ead0570b 100644 --- a/src/lib/protocols/gnutella.c +++ b/src/lib/protocols/gnutella.c @@ -203,7 +203,7 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru && packet->payload[packet->payload_packet_len - 2] == 0x0a) { if (packet->payload_packet_len > 3 && memcmp(packet->payload, "GIV", 3) == 0) { NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, NDPI_LOG_TRACE, "MORPHEUS GIV DETECTED\n"); - /* Not Excludeing the flow now.. We shall Check the next Packet too for Gnutella Patterns */ + /* Not Excluding the flow now.. We shall Check the next Packet too for Gnutella Patterns */ return; } } -- cgit v1.2.3 From d5b15c498b7ea0ae1efd2b77ba4aa5c5e75472dc Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 21:34:28 +0000 Subject: spelling: five --- src/lib/protocols/ayiya.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/lib/protocols/ayiya.c b/src/lib/protocols/ayiya.c index 59f319f9c..6e5401093 100644 --- a/src/lib/protocols/ayiya.c +++ b/src/lib/protocols/ayiya.c @@ -51,11 +51,11 @@ void ndpi_search_ayiya(struct ndpi_detection_module_struct *ndpi_struct, struct /* FINISH */ struct ayiya *a = (struct ayiya*)packet->payload; u_int32_t epoch = ntohl(a->epoch), now; - u_int32_t fireyears = 86400 * 365 * 5; + u_int32_t fiveyears = 86400 * 365 * 5; now = flow->packet.tick_timestamp; - if((epoch >= (now - fireyears)) && (epoch <= (now+86400 /* 1 day */))) + if((epoch >= (now - fiveyears)) && (epoch <= (now+86400 /* 1 day */))) ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_AYIYA, NDPI_PROTOCOL_UNKNOWN); return; -- cgit v1.2.3 From 4a5407feb7689e5a537534670f3db8f6ae105ead Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 21:43:45 +0000 Subject: spelling: incomplete --- src/lib/third_party/src/ndpi_patricia.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/lib/third_party/src/ndpi_patricia.c b/src/lib/third_party/src/ndpi_patricia.c index ccf76473d..13ed71371 100644 --- a/src/lib/third_party/src/ndpi_patricia.c +++ b/src/lib/third_party/src/ndpi_patricia.c @@ -84,7 +84,7 @@ int ndpi_comp_with_mask (void *addr, void *dest, u_int mask) { return (0); } -/* this allows imcomplete prefix */ +/* this allows incomplete prefix */ int ndpi_my_inet_pton (int af, const char *src, void *dst) { -- cgit v1.2.3 From 120e3473f8bea2725b098a7f05acc0b327617643 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 21:43:57 +0000 Subject: spelling: initialize --- src/lib/ndpi_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 51c9bef7a..b1903908b 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -3067,7 +3067,7 @@ void ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_struct, } if((flow->next_tcp_seq_nr[0] == 0 && flow->next_tcp_seq_nr[1] == 0) || (proxy_enabled && (flow->next_tcp_seq_nr[0] == 0 || flow->next_tcp_seq_nr[1] == 0))) { - /* initalize tcp sequence counters */ + /* initialize tcp sequence counters */ /* the ack flag needs to be set to get valid sequence numbers from the other * direction. Usually it will catch the second packet syn+ack but it works * also for asymmetric traffic where it will use the first data packet -- cgit v1.2.3 From c51f88e62a0e4b519b41099e0003860839b99452 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 21:44:26 +0000 Subject: spelling: interface --- example/ndpiReader.c | 2 +- src/lib/third_party/include/ndpi_patricia.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 6a6a7a135..29f6bc054 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -52,7 +52,7 @@ #include "ndpi_util.h" /** Client parameters **/ -static char *_pcap_file[MAX_NUM_READER_THREADS]; /**< Ingress pcap file/interafaces */ +static char *_pcap_file[MAX_NUM_READER_THREADS]; /**< Ingress pcap file/interfaces */ static FILE *playlist_fp[MAX_NUM_READER_THREADS] = { NULL }; /**< Ingress playlist */ static FILE *results_file = NULL; static char *results_path = NULL; diff --git a/src/lib/third_party/include/ndpi_patricia.h b/src/lib/third_party/include/ndpi_patricia.h index 3053cf9e1..bb1806877 100644 --- a/src/lib/third_party/include/ndpi_patricia.h +++ b/src/lib/third_party/include/ndpi_patricia.h @@ -236,7 +236,7 @@ MRT Credits originally written by him. Alexey Kuznetsov made enhancements to 1.4.3a and fixed the Linux - kernel intarface. Linux's netlink interface was written, referring to + kernel interface. Linux's netlink interface was written, referring to his code "iproute2". We would also like to thank our other colleagues in Japan, Portugal, -- cgit v1.2.3 From 7bb615a262ddc6605f4fb4763c7612f45f8c0c28 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 21:45:36 +0000 Subject: spelling: length --- src/lib/protocols/smpp.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'src') diff --git a/src/lib/protocols/smpp.c b/src/lib/protocols/smpp.c index d6d898893..3185cbf44 100644 --- a/src/lib/protocols/smpp.c +++ b/src/lib/protocols/smpp.c @@ -31,9 +31,9 @@ static void ndpi_int_smpp_add_connection(struct ndpi_detection_module_struct* nd ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SMPP, NDPI_PROTOCOL_UNKNOWN); } -static u_int8_t ndpi_check_overflow(u_int32_t current_legth, u_int32_t total_lenth) +static u_int8_t ndpi_check_overflow(u_int32_t current_length, u_int32_t total_lenth) { - return (current_legth > 0 && current_legth > INT_MAX - total_lenth); + return (current_length > 0 && current_length > INT_MAX - total_lenth); } void ndpi_search_smpp_tcp(struct ndpi_detection_module_struct* ndpi_struct, @@ -122,7 +122,7 @@ void ndpi_search_smpp_tcp(struct ndpi_detection_module_struct* ndpi_struct, switch(pdu_type){ // GENERIC_NACK case 0x80000000: - // body lengh must be zero + // body length must be zero if(pdu_l > 16) extra_passed = 0; break; @@ -134,7 +134,7 @@ void ndpi_search_smpp_tcp(struct ndpi_detection_module_struct* ndpi_struct, case 0x00000009: // status field must be NULL if(get_u_int32_t(packet->payload, 8) != 0) extra_passed = 0; - // min body lengh = 10 bytes (+16 in header) + // min body length = 10 bytes (+16 in header) if(pdu_l < 26) extra_passed = 0; break; @@ -160,13 +160,13 @@ void ndpi_search_smpp_tcp(struct ndpi_detection_module_struct* ndpi_struct, case 0x00000006: // status field must be NULL if(get_u_int32_t(packet->payload, 8) != 0) extra_passed = 0; - // body lengh must be zero + // body length must be zero if(pdu_l > 16) extra_passed = 0; break; // UNBIND_RESP case 0x80000006: - // body lengh must be zero + // body length must be zero if(pdu_l > 16) extra_passed = 0; break; @@ -277,13 +277,13 @@ void ndpi_search_smpp_tcp(struct ndpi_detection_module_struct* ndpi_struct, case 0x00000015: // status field must be NULL if(get_u_int32_t(packet->payload, 8) != 0) extra_passed = 0; - // body lengh must be zero + // body length must be zero if(pdu_l > 16) extra_passed = 0; break; // ENQUIRE_LINK_RESP case 0x80000015: - // body lengh must be zero + // body length must be zero if(pdu_l > 16) extra_passed = 0; break; -- cgit v1.2.3 From 35fe91116ab18182fbf558d16a5740635dfa7c86 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 21:48:05 +0000 Subject: spelling: ninety --- src/lib/protocols/irc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/lib/protocols/irc.c b/src/lib/protocols/irc.c index e63e7a7b2..b2b73ac5f 100644 --- a/src/lib/protocols/irc.c +++ b/src/lib/protocols/irc.c @@ -141,14 +141,14 @@ static u_int8_t ndpi_check_for_IRC_traces(const u_int8_t * ptr, u_int16_t len) } -u_int8_t ndpi_search_irc_ssl_detect_ninty_percent_but_very_fast(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) +u_int8_t ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_DEBUG, - "called ndpi_search_irc_ssl_detect_ninty_percent_but_very_fast\n"); + "called ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast\n"); /* case 1: len 1460, len 1460, len 1176 several times in one direction, than len = 4, 4096, 8192 in the other direction */ if (packet->payload_packet_len == 1460 @@ -475,7 +475,7 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc } } if (flow->detected_protocol_stack[0] != NDPI_PROTOCOL_IRC && - ndpi_search_irc_ssl_detect_ninty_percent_but_very_fast(ndpi_struct, flow) != 0) { + ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast(ndpi_struct, flow) != 0) { return; } -- cgit v1.2.3 From 1aa10f5211c9e8ac147cd6375fa1e2e78156a961 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 21:58:56 +0000 Subject: spelling: optimization --- src/lib/ndpi_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index b1903908b..4d2f04aa5 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -3012,7 +3012,7 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str void ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - /* const for gcc code optimisation and cleaner code */ + /* const for gcc code optimization and cleaner code */ struct ndpi_packet_struct *packet = &flow->packet; const struct ndpi_iphdr *iph = packet->iph; #ifdef NDPI_DETECTION_SUPPORT_IPV6 -- cgit v1.2.3 From 04014d73d94664acc725c87f53b0fa2efbf43e56 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 22:00:07 +0000 Subject: spelling: pedantic --- src/lib/protocols/tor.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/lib/protocols/tor.c b/src/lib/protocols/tor.c index c9ab55542..f6987ef19 100644 --- a/src/lib/protocols/tor.c +++ b/src/lib/protocols/tor.c @@ -69,7 +69,7 @@ int ndpi_is_ssl_tor(struct ndpi_detection_module_struct *ndpi_struct, ndpi_int_tor_add_connection(ndpi_struct, flow); return(1); } else { -#ifdef PENDANTIC_TOR_CHECK +#ifdef PEDANTIC_TOR_CHECK if(gethostbyname(certificate) == NULL) { ndpi_int_tor_add_connection(ndpi_struct, flow); return(1); -- cgit v1.2.3 From 7bac815938bfaed9b8d5be789db093fba1199786 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 22:00:38 +0000 Subject: spelling: protocol --- src/lib/protocols/rx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/lib/protocols/rx.c b/src/lib/protocols/rx.c index e5ae25476..b206ff5aa 100644 --- a/src/lib/protocols/rx.c +++ b/src/lib/protocols/rx.c @@ -27,7 +27,7 @@ #ifdef NDPI_PROTOCOL_RX -/* See http://web.mit.edu/kolya/afs/rx/rx-spec for procotol description. */ +/* See http://web.mit.edu/kolya/afs/rx/rx-spec for protocol description. */ /* The should be no need for explicit packing, but just in case... */ PACK_ON -- cgit v1.2.3 From fba88e225f0f7c803f47582205e875b826c193bf Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 22:06:05 +0000 Subject: spelling: remove --- src/lib/protocols/sopcast.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/lib/protocols/sopcast.c b/src/lib/protocols/sopcast.c index 64a50542a..63590fec7 100644 --- a/src/lib/protocols/sopcast.c +++ b/src/lib/protocols/sopcast.c @@ -144,7 +144,7 @@ static void ndpi_search_sopcast_udp(struct ndpi_detection_module_struct ndpi_int_sopcast_add_connection(ndpi_struct, flow); return; } - /* this case has been seen once. Please revome this comment, if you see it another time */ + /* this case has been seen once. Please remove this comment, if you see it another time */ if (packet->payload_packet_len == 60 && packet->payload[0] == 0x00 && packet->payload[2] == 0x01 && packet->payload[8] == 0x03 && packet->payload[9] == 0xff @@ -174,7 +174,7 @@ static void ndpi_search_sopcast_udp(struct ndpi_detection_module_struct ndpi_int_sopcast_add_connection(ndpi_struct, flow); return; } - /* this case has been seen once. Please revome this comment, if you see it another time */ + /* this case has been seen once. Please remove this comment, if you see it another time */ if (packet->payload_packet_len == 286 && packet->payload[0] == 0x00 && packet->payload[1] == 0x02 && packet->payload[2] == 0x01 && packet->payload[3] == 0x07 && packet->payload[4] == 0x03 -- cgit v1.2.3 From d178bec60e105ec9e4349e48f6da1da52d3f39e7 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 22:02:56 +0000 Subject: spelling: reset --- src/include/ndpi_typedefs.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 506f79ddd..b19b53fa0 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -348,7 +348,7 @@ struct ndpi_id_struct { /** detected_protocol_bitmask: access this bitmask to find out whether an id has used skype or not - if a flag is set here, it will not be resetted + if a flag is set here, it will not be reset to compare this, use: **/ NDPI_PROTOCOL_BITMASK detected_protocol_bitmask; -- cgit v1.2.3 From ce0a3e858ab553d2144aaa4e9bdec0a6a1d9771d Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 22:06:44 +0000 Subject: spelling: scrupulous --- src/lib/protocols/http.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 79d61fc94..33b15c689 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -903,7 +903,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct if(packet->host_line.ptr != NULL) { /** - nDPI is pretty scrupoulous about HTTP so it waits until the + nDPI is pretty scrupulous about HTTP so it waits until the HTTP response is received just to check that it conforms with the HTTP specs. However this might be a waste of time as in 99.99% of the cases is like that. -- cgit v1.2.3 From 710d528215ee1a57cc0d5b3e5c4c728b86ad42c5 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 22:07:00 +0000 Subject: spelling: second --- src/lib/protocols/msn.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/lib/protocols/msn.c b/src/lib/protocols/msn.c index 2ef60e8ff..dd652ef1f 100644 --- a/src/lib/protocols/msn.c +++ b/src/lib/protocols/msn.c @@ -373,7 +373,7 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct } } } - /* finished examining the secone packet only */ + /* finished examining the second packet only */ /* direct user connection (file transfer,...) */ if((src != NULL && NDPI_COMPARE_PROTOCOL_TO_BITMASK(src->detected_protocol_bitmask, NDPI_PROTOCOL_MSN) != 0) -- cgit v1.2.3 From 7a2dcf0f9fbc100cf261b0b8f97726429e1cfe69 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 22:10:05 +0000 Subject: spelling: soulseek --- src/lib/protocols/soulseek.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/lib/protocols/soulseek.c b/src/lib/protocols/soulseek.c index 2e13edd3a..c7acc3bdc 100644 --- a/src/lib/protocols/soulseek.c +++ b/src/lib/protocols/soulseek.c @@ -82,7 +82,7 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, && ((u_int32_t)(packet->tick_timestamp - dst->soulseek_last_safe_access_time) < ndpi_struct->soulseek_connection_ip_tick_timeout)) { NDPI_LOG(NDPI_PROTOCOL_SOULSEEK, ndpi_struct, NDPI_LOG_DEBUG, - "Soulseek: Plain detection on Port : %u packet_tick_timestamp: %u soulseeek_last_safe_access_time: %u soulseek_connection_ip_ticktimeout: %u\n", + "Soulseek: Plain detection on Port : %u packet_tick_timestamp: %u soulseek_last_safe_access_time: %u soulseek_connection_ip_ticktimeout: %u\n", dst->soulseek_listen_port, packet->tick_timestamp, dst->soulseek_last_safe_access_time, ndpi_struct->soulseek_connection_ip_tick_timeout); dst->soulseek_last_safe_access_time = packet->tick_timestamp; @@ -100,7 +100,7 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, if(packet->payload_packet_len >= 12 && packet->payload_packet_len < 300 && get_l32(packet->payload, 4) == 1) { while (!get_u_int16_t(packet->payload, index + 2) && (index + get_l32(packet->payload, index)) < packet->payload_packet_len - 4) { - if(get_l32(packet->payload, index) < 8) /*Minimum soulsek login msg is 8B */ + if(get_l32(packet->payload, index) < 8) /*Minimum soulseek login msg is 8B */ break; if(index + get_l32(packet->payload, index) + 4 <= index) { -- cgit v1.2.3 From 249b5d67837ca57e115e1ffb34404dfa1286fffe Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 22:10:38 +0000 Subject: spelling: structure --- src/lib/ndpi_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 4d2f04aa5..c90615e77 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -2211,7 +2211,7 @@ void ndpi_set_bitmask_protocol_detection( char * label, } /* - Set function and index protocol within proto_default strcuture for port protocol detection + Set function and index protocol within proto_default structure for port protocol detection and callback_buffer function for DPI protocol detection */ ndpi_struct->proto_defaults[ndpi_protocol_id].protoIdx = idx; -- cgit v1.2.3 From 11fc826e52b41363f57edd303b5403dd52c72b71 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 22:10:54 +0000 Subject: spelling: switch --- src/lib/protocols/msn.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/lib/protocols/msn.c b/src/lib/protocols/msn.c index dd652ef1f..2938d39b8 100644 --- a/src/lib/protocols/msn.c +++ b/src/lib/protocols/msn.c @@ -509,7 +509,7 @@ void ndpi_search_msn(struct ndpi_detection_module_struct *ndpi_struct, struct nd /* we deal with tcp now */ if(packet->tcp != NULL) { /* msn can use http or ssl for connection. That's why every http, ssl and ukn packet must enter in the msn detection */ - /* the detection can swich out the http or the ssl detection. In this case we need not check those protocols */ + /* the detection can switch out the http or the ssl detection. In this case we need not check those protocols */ // need to do the ceck when protocol == http too (POST /gateway ...) if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN #ifdef NDPI_PROTOCOL_HTTP -- cgit v1.2.3 From 9a5402518c0069d056ab921028cfa32502bae550 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 22:13:00 +0000 Subject: spelling: unencrypted --- src/include/ndpi_protocol_ids.h | 2 +- src/include/ndpi_typedefs.h | 6 ++-- src/lib/ndpi_main.c | 4 +-- src/lib/protocols/jabber.c | 68 ++++++++++++++++++++--------------------- src/lib/protocols/ssl.c | 14 ++++----- 5 files changed, 47 insertions(+), 47 deletions(-) (limited to 'src') diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index b74f384e6..2e453689b 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -103,7 +103,7 @@ #define NDPI_PROTOCOL_SSL_NO_CERT 64 /* SSL without certificate (Skype Ultrasurf?) - ntop.org */ #define NDPI_PROTOCOL_IRC 65 #define NDPI_PROTOCOL_AYIYA 66 -#define NDPI_PROTOCOL_UNENCRYPED_JABBER 67 +#define NDPI_PROTOCOL_UNENCRYPTED_JABBER 67 #define NDPI_PROTOCOL_MSN 68 #define NDPI_PROTOCOL_OSCAR 69 #define NDPI_PROTOCOL_YAHOO 70 diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index b19b53fa0..cd10d3dd1 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -385,7 +385,7 @@ struct ndpi_id_struct { #ifdef NDPI_PROTOCOL_ZATTOO u_int32_t zattoo_ts; #endif -#ifdef NDPI_PROTOCOL_UNENCRYPED_JABBER +#ifdef NDPI_PROTOCOL_UNENCRYPTED_JABBER u_int32_t jabber_stun_or_ft_ts; #endif #ifdef NDPI_PROTOCOL_DIRECTCONNECT @@ -404,7 +404,7 @@ struct ndpi_id_struct { u_int16_t bt_port_t[NDPI_BT_PORTS]; u_int16_t bt_port_u[NDPI_BT_PORTS]; #endif -#ifdef NDPI_PROTOCOL_UNENCRYPED_JABBER +#ifdef NDPI_PROTOCOL_UNENCRYPTED_JABBER #define JABBER_MAX_STUN_PORTS 6 u_int16_t jabber_voice_stun_port[JABBER_MAX_STUN_PORTS]; u_int16_t jabber_file_transfer_port[2]; @@ -425,7 +425,7 @@ struct ndpi_id_struct { #ifdef NDPI_PROTOCOL_OSCAR u_int8_t oscar_ssl_session_id[33]; #endif -#ifdef NDPI_PROTOCOL_UNENCRYPED_JABBER +#ifdef NDPI_PROTOCOL_UNENCRYPTED_JABBER u_int8_t jabber_voice_stun_used_ports; #endif #ifdef NDPI_PROTOCOL_SIP diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index c90615e77..87d479fd7 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1037,9 +1037,9 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "Ayiya", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 5072, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_UNENCRYPED_JABBER, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_UNENCRYPTED_JABBER, no_master, - no_master, "Unencryped_Jabber", NDPI_PROTOCOL_CATEGORY_WEB, + no_master, "Unencrypted_Jabber", NDPI_PROTOCOL_CATEGORY_WEB, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_OSCAR, diff --git a/src/lib/protocols/jabber.c b/src/lib/protocols/jabber.c index 8457df7dd..d8be54adf 100644 --- a/src/lib/protocols/jabber.c +++ b/src/lib/protocols/jabber.c @@ -25,7 +25,7 @@ #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_UNENCRYPED_JABBER +#ifdef NDPI_PROTOCOL_UNENCRYPTED_JABBER struct jabber_string { char *string; u_int ndpi_protocol; @@ -70,19 +70,19 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st u_int16_t x; - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, NDPI_LOG_TRACE, "JABBER detection....\n"); + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_TRACE, "JABBER detection....\n"); /* search for jabber file transfer */ /* this part is working asymmetrically */ if (packet->tcp != NULL && packet->tcp->syn != 0 && packet->payload_packet_len == 0) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "check jabber syn\n"); + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "check jabber syn\n"); if (src != NULL && src->jabber_file_transfer_port[0] != 0) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "src jabber ft port set, ports are: %u, %u\n", ntohs(src->jabber_file_transfer_port[0]), ntohs(src->jabber_file_transfer_port[1])); if (((u_int32_t) (packet->tick_timestamp - src->jabber_stun_or_ft_ts)) >= ndpi_struct->jabber_file_transfer_timeout) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "JABBER src stun timeout %u %u\n", src->jabber_stun_or_ft_ts, packet->tick_timestamp); src->jabber_file_transfer_port[0] = 0; @@ -91,20 +91,20 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st || src->jabber_file_transfer_port[0] == packet->tcp->source || src->jabber_file_transfer_port[1] == packet->tcp->dest || src->jabber_file_transfer_port[1] == packet->tcp->source) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "found jabber file transfer.\n"); ndpi_int_jabber_add_connection(ndpi_struct, flow, - NDPI_PROTOCOL_UNENCRYPED_JABBER); + NDPI_PROTOCOL_UNENCRYPTED_JABBER); } } if (dst != NULL && dst->jabber_file_transfer_port[0] != 0) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "dst jabber ft port set, ports are: %u, %u\n", ntohs(dst->jabber_file_transfer_port[0]), ntohs(dst->jabber_file_transfer_port[1])); if (((u_int32_t) (packet->tick_timestamp - dst->jabber_stun_or_ft_ts)) >= ndpi_struct->jabber_file_transfer_timeout) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "JABBER dst stun timeout %u %u\n", dst->jabber_stun_or_ft_ts, packet->tick_timestamp); dst->jabber_file_transfer_port[0] = 0; @@ -113,11 +113,11 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st || dst->jabber_file_transfer_port[0] == packet->tcp->source || dst->jabber_file_transfer_port[1] == packet->tcp->dest || dst->jabber_file_transfer_port[1] == packet->tcp->source) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "found jabber file transfer.\n"); ndpi_int_jabber_add_connection(ndpi_struct, flow, - NDPI_PROTOCOL_UNENCRYPED_JABBER); + NDPI_PROTOCOL_UNENCRYPTED_JABBER); } } return; @@ -129,23 +129,23 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st /* this part parses a packet and searches for port=. it works asymmetrically. */ - if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_UNENCRYPED_JABBER) { + if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_UNENCRYPTED_JABBER) { u_int16_t lastlen; u_int16_t j_port = 0; /* check for google jabber voip connections ... */ /* need big packet */ if (packet->payload_packet_len < 100) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "packet too small, return.\n"); + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "packet too small, return.\n"); return; } /* need message to or type for file-transfer */ if (memcmp(packet->payload, "payload, "payload_packet_len - 11; for (x = 10; x < lastlen; x++) { if (packet->payload[x] == 'p') { if (memcmp(&packet->payload[x], "port=", 5) == 0) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "port=\n"); + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "port=\n"); if (src != NULL) { src->jabber_stun_or_ft_ts = packet->tick_timestamp; } @@ -155,16 +155,16 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st } x += 6; j_port = ntohs_ndpi_bytestream_to_number(&packet->payload[x], packet->payload_packet_len, &x); - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "JABBER port : %u\n", ntohs(j_port)); if (src != NULL) { if (src->jabber_file_transfer_port[0] == 0 || src->jabber_file_transfer_port[0] == j_port) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "src->jabber_file_transfer_port[0] = j_port = %u;\n", ntohs(j_port)); src->jabber_file_transfer_port[0] = j_port; } else { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "src->jabber_file_transfer_port[1] = j_port = %u;\n", ntohs(j_port)); src->jabber_file_transfer_port[1] = j_port; @@ -172,12 +172,12 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st } if (dst != NULL) { if (dst->jabber_file_transfer_port[0] == 0 || dst->jabber_file_transfer_port[0] == j_port) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "dst->jabber_file_transfer_port[0] = j_port = %u;\n", ntohs(j_port)); dst->jabber_file_transfer_port[0] = j_port; } else { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "dst->jabber_file_transfer_port[1] = j_port = %u;\n", ntohs(j_port)); dst->jabber_file_transfer_port[1] = j_port; @@ -191,7 +191,7 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st } else if (memcmp(packet->payload, "payload, "payload, "payload_packet_len - 21; for (x = 8; x < lastlen; x++) { /* invalid character */ @@ -199,7 +199,7 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st return; } if (packet->payload[x] == '@') { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "JABBER @\n"); + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "JABBER @\n"); break; } } @@ -211,7 +211,7 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st for (; x < lastlen; x++) { if (packet->payload[x] == 'p') { if (memcmp(&packet->payload[x], "port=", 5) == 0) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "port=\n"); + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "port=\n"); if (src != NULL) { src->jabber_stun_or_ft_ts = packet->tick_timestamp; } @@ -222,7 +222,7 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st x += 6; j_port = ntohs_ndpi_bytestream_to_number(&packet->payload[x], packet->payload_packet_len, &x); - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "JABBER port : %u\n", ntohs(j_port)); if (src != NULL && src->jabber_voice_stun_used_ports < JABBER_MAX_STUN_PORTS - 1) { @@ -232,11 +232,11 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st } else { if (src->jabber_file_transfer_port[0] == 0 || src->jabber_file_transfer_port[0] == j_port) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "src->jabber_file_transfer_port[0] = j_port = %u;\n", ntohs(j_port)); src->jabber_file_transfer_port[0] = j_port; } else { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "src->jabber_file_transfer_port[1] = j_port = %u;\n", ntohs(j_port)); src->jabber_file_transfer_port[1] = j_port; @@ -251,11 +251,11 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st } else { if (dst->jabber_file_transfer_port[0] == 0 || dst->jabber_file_transfer_port[0] == j_port) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "dst->jabber_file_transfer_port[0] = j_port = %u;\n", ntohs(j_port)); dst->jabber_file_transfer_port[0] = j_port; } else { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "dst->jabber_file_transfer_port[1] = j_port = %u;\n", ntohs(j_port)); dst->jabber_file_transfer_port[1] = j_port; @@ -282,7 +282,7 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st || ndpi_strnstr((const char *)&packet->payload[13], "xmlns:stream=\"http://etherx.jabber.org/streams\"", start)) { /* Protocol family */ - ndpi_int_jabber_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_UNENCRYPED_JABBER); + ndpi_int_jabber_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_UNENCRYPTED_JABBER); /* search for subprotocols */ check_content_type_and_change_protocol(ndpi_struct, flow, 13); @@ -291,13 +291,13 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st } if (flow->packet_counter < 3) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "packet_counter: %u\n", flow->packet_counter); return; } - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, NDPI_LOG_TRACE, "JABBER Excluded.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_UNENCRYPED_JABBER); + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_TRACE, "JABBER Excluded.\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_UNENCRYPTED_JABBER); #ifdef NDPI_PROTOCOL_TRUPHONE NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_TRUPHONE); @@ -307,8 +307,8 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st void init_jabber_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { - ndpi_set_bitmask_protocol_detection("Unencryped_Jabber", ndpi_struct, detection_bitmask, *id, - NDPI_PROTOCOL_UNENCRYPED_JABBER, + ndpi_set_bitmask_protocol_detection("Unencrypted_Jabber", ndpi_struct, detection_bitmask, *id, + NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_search_jabber_tcp, NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITHOUT_RETRANSMISSION, SAVE_DETECTION_BITMASK_AS_UNKNOWN, diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c index bc64a6695..ca42adbbe 100644 --- a/src/lib/protocols/ssl.c +++ b/src/lib/protocols/ssl.c @@ -363,14 +363,14 @@ static void ssl_mark_and_payload_search_for_other_protocols(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { -#if defined(NDPI_PROTOCOL_MEEBO)|| defined(NDPI_PROTOCOL_TOR) || defined(NDPI_PROTOCOL_VPN_X) || defined(NDPI_PROTOCOL_UNENCRYPED_JABBER) || defined (NDPI_PROTOCOL_OSCAR) || defined (NDPI_PROTOCOL_ITUNES) || defined (NDPI_PROTOCOL_GMAIL) +#if defined(NDPI_PROTOCOL_MEEBO)|| defined(NDPI_PROTOCOL_TOR) || defined(NDPI_PROTOCOL_VPN_X) || defined(NDPI_PROTOCOL_UNENCRYPTED_JABBER) || defined (NDPI_PROTOCOL_OSCAR) || defined (NDPI_PROTOCOL_ITUNES) || defined (NDPI_PROTOCOL_GMAIL) struct ndpi_packet_struct *packet = &flow->packet; // struct ndpi_id_struct *src=flow->src; // struct ndpi_id_struct *dst=flow->dst; u_int32_t a; u_int32_t end; -#if defined(NDPI_PROTOCOL_UNENCRYPED_JABBER) - if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(ndpi_struct->detection_bitmask, NDPI_PROTOCOL_UNENCRYPED_JABBER) != 0) +#if defined(NDPI_PROTOCOL_UNENCRYPTED_JABBER) + if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(ndpi_struct->detection_bitmask, NDPI_PROTOCOL_UNENCRYPTED_JABBER) != 0) goto check_for_ssl_payload; #endif #if defined(NDPI_PROTOCOL_OSCAR) @@ -382,13 +382,13 @@ static void ssl_mark_and_payload_search_for_other_protocols(struct check_for_ssl_payload: end = packet->payload_packet_len - 20; for (a = 5; a < end; a++) { -#ifdef NDPI_PROTOCOL_UNENCRYPED_JABBER +#ifdef NDPI_PROTOCOL_UNENCRYPTED_JABBER if(packet->payload[a] == 't') { if(memcmp(&packet->payload[a], "talk.google.com", 15) == 0) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "ssl jabber packet match\n"); + NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "ssl jabber packet match\n"); if(NDPI_COMPARE_PROTOCOL_TO_BITMASK - (ndpi_struct->detection_bitmask, NDPI_PROTOCOL_UNENCRYPED_JABBER) != 0) { - ndpi_int_ssl_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_UNENCRYPED_JABBER); + (ndpi_struct->detection_bitmask, NDPI_PROTOCOL_UNENCRYPTED_JABBER) != 0) { + ndpi_int_ssl_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_UNENCRYPTED_JABBER); return; } } -- cgit v1.2.3 From 65cde78f6dca8a3d4c9aa35a4ad96dbac923f1b9 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 22:11:52 +0000 Subject: spelling: unknown --- src/lib/protocols/btlib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/lib/protocols/btlib.c b/src/lib/protocols/btlib.c index beea43d0d..5685eb7e9 100644 --- a/src/lib/protocols/btlib.c +++ b/src/lib/protocols/btlib.c @@ -401,7 +401,7 @@ void cb_data(bt_parse_data_cb_t *cbd,int *ret) { p->e_len = cbd->v.s.l; return; } - // DEBUG_TRACE(print_safe_str("UKNOWN",cbd)); + // DEBUG_TRACE(print_safe_str("UNKNOWN",cbd)); } -- cgit v1.2.3 From e17f62d26149b176d59deb9b7b643b3c57d223bb Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 12 Mar 2017 22:21:51 +0000 Subject: spelling: values --- src/lib/protocols/btlib.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/lib/protocols/btlib.h b/src/lib/protocols/btlib.h index b68adbad1..a9ca53786 100644 --- a/src/lib/protocols/btlib.h +++ b/src/lib/protocols/btlib.h @@ -150,9 +150,9 @@ struct bt_parse_protocol { struct bt_nodes6_data *nodes6; u_int16_t name_len; u_int16_t nn; // nodes num - u_int16_t nv; // valuse num + u_int16_t nv; // values num u_int16_t nn6; // nodes6 num - u_int16_t nv6; // valuse6 num + u_int16_t nv6; // values6 num u_int16_t port; u_int16_t t_len; } r; -- cgit v1.2.3 From 40aaa05456115d9e04ec68eebccc12dfbf46aa47 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 13 Mar 2017 01:16:58 +0100 Subject: Minor changes for tracking Youtube content Added test pcap for working on quic/youtube dissector --- src/lib/ndpi_content_match.c.inc | 2 ++ tests/pcap/youtube_quic.pcap | Bin 0 -> 196287 bytes 2 files changed, 2 insertions(+) create mode 100644 tests/pcap/youtube_quic.pcap (limited to 'src') diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 86927edb2..5670eeb33 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8012,6 +8012,8 @@ ndpi_protocol_match host_match[] = { { ".googlevideo.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { ".ytimg.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "youtube-nocookie.", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "ggpht.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "googleusercontent.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { ".vevo.com", "Vevo", NDPI_PROTOCOL_VEVO, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { ".spotify.", "Spotify", NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { ".pandora.com", "Pandora", NDPI_PROTOCOL_PANDORA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, diff --git a/tests/pcap/youtube_quic.pcap b/tests/pcap/youtube_quic.pcap new file mode 100644 index 000000000..78a28bb86 Binary files /dev/null and b/tests/pcap/youtube_quic.pcap differ -- cgit v1.2.3 From 9962eb1f085c07b03c38375e2a688850cf82a8ce Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 13 Mar 2017 14:33:03 +0100 Subject: Fixed invalid QUIC header parsing --- src/lib/protocols/quic.c | 66 ++++++++++++++++++++------------------ tests/result/youtube_quic.pcap.out | 9 +++--- 2 files changed, 40 insertions(+), 35 deletions(-) (limited to 'src') diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c index 35b8d0911..5a7fc70ab 100644 --- a/src/lib/protocols/quic.c +++ b/src/lib/protocols/quic.c @@ -81,40 +81,44 @@ void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct, NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "found QUIC.\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_QUIC, NDPI_PROTOCOL_UNKNOWN); - if(udp_len > quic_hlen + 17 + 4 && - !strncmp((char*)&packet->payload[quic_hlen+17], "CHLO" /* Client Hello */, 4)) { - /* Check if SNI (Server Name Identification) is present */ - for(i=quic_hlen+12; ipayload[i] == 'S') - && (packet->payload[i+1] == 'N') - && (packet->payload[i+2] == 'I') - && (packet->payload[i+3] == 0)) { - u_int32_t offset = *((u_int32_t*)&packet->payload[i+4]); - u_int32_t prev_offset = *((u_int32_t*)&packet->payload[i-4]); - int len = offset-prev_offset; - int sni_offset = i+prev_offset+1; - - while((sni_offset < udp_len) && (packet->payload[sni_offset] == '-')) - sni_offset++; - - if((sni_offset+len) < udp_len) { - int max_len = sizeof(flow->host_server_name)-1, j = 0; - - if(len > max_len) len = max_len; - - while((len > 0) && (sni_offset < udp_len)) { - flow->host_server_name[j++] = packet->payload[sni_offset]; - sni_offset++, len--; + if(packet->payload[quic_hlen+12] != 0xA0) + quic_hlen++; + + if(udp_len > quic_hlen + 16 + 4) { + if(!strncmp((char*)&packet->payload[quic_hlen+16], "CHLO" /* Client Hello */, 4)) { + /* Check if SNI (Server Name Identification) is present */ + for(i=quic_hlen+12; ipayload[i] == 'S') + && (packet->payload[i+1] == 'N') + && (packet->payload[i+2] == 'I') + && (packet->payload[i+3] == 0)) { + u_int32_t offset = *((u_int32_t*)&packet->payload[i+4]); + u_int32_t prev_offset = *((u_int32_t*)&packet->payload[i-4]); + int len = offset-prev_offset; + int sni_offset = i+prev_offset+1; + + while((sni_offset < udp_len) && (packet->payload[sni_offset] == '-')) + sni_offset++; + + if((sni_offset+len) < udp_len) { + int max_len = sizeof(flow->host_server_name)-1, j = 0; + + if(len > max_len) len = max_len; + + while((len > 0) && (sni_offset < udp_len)) { + flow->host_server_name[j++] = packet->payload[sni_offset]; + sni_offset++, len--; + } + + ndpi_match_host_subprotocol(ndpi_struct, flow, + (char *)flow->host_server_name, + strlen((const char*)flow->host_server_name), + NDPI_PROTOCOL_QUIC); + } - ndpi_match_host_subprotocol(ndpi_struct, flow, - (char *)flow->host_server_name, - strlen((const char*)flow->host_server_name), - NDPI_PROTOCOL_QUIC); - + break; } - - break; } } } diff --git a/tests/result/youtube_quic.pcap.out b/tests/result/youtube_quic.pcap.out index b5e31b109..0ca9427bb 100644 --- a/tests/result/youtube_quic.pcap.out +++ b/tests/result/youtube_quic.pcap.out @@ -1,5 +1,6 @@ -QUIC 289 191639 3 +YouTube 258 178495 1 +Google 31 13144 2 - 1 UDP 192.168.1.7:53859 <-> 216.58.205.66:443 [proto: 188/QUIC][18 pkts/8665 bytes] - 2 UDP 192.168.1.7:54997 <-> 216.58.205.66:443 [proto: 188/QUIC][13 pkts/4479 bytes] - 3 UDP 192.168.1.7:56074 <-> 216.58.198.33:443 [proto: 188/QUIC][258 pkts/178495 bytes] + 1 UDP 192.168.1.7:53859 <-> 216.58.205.66:443 [proto: 188.126/QUIC.Google][18 pkts/8665 bytes][Host: googleads.g.doubleclick.net] + 2 UDP 192.168.1.7:54997 <-> 216.58.205.66:443 [proto: 188.126/QUIC.Google][13 pkts/4479 bytes][Host: pagead2.googlesyndication.com] + 3 UDP 192.168.1.7:56074 <-> 216.58.198.33:443 [proto: 188.124/QUIC.YouTube][258 pkts/178495 bytes][Host: yt3.ggpht.com] -- cgit v1.2.3 From 5de6a96af5754c13846883b556f58fc79831c61d Mon Sep 17 00:00:00 2001 From: Campus Date: Wed, 15 Mar 2017 17:28:31 +0100 Subject: change behaviour for https://github.com/ntop/nDPI/issues/344 - fix skype detection deleting parts that detect host name and ip addr (duplicate behaviour) - improved any detection after fix - added skype host name --- example/ndpiReader.c | 38 +- example/ndpi_util.c | 40 +- src/include/ndpi_api.h | 46 - src/include/ndpi_typedefs.h | 2 +- src/lib/ndpi_content_match.c.inc | 5 +- src/lib/ndpi_main.c | 2536 +++++++++++++++----------------- src/lib/protocols/skype.c | 32 - src/lib/protocols/ssl.c | 5 - tests/result/1kxun.pcap.out | 5 +- tests/result/KakaoTalk_talk.pcap.out | 6 +- tests/result/Oscar.pcap.out | 4 +- tests/result/openvpn.pcap.out | 5 +- tests/result/skype.pcap.out | 322 ++-- tests/result/skype_no_unknown.pcap.out | 10 +- 14 files changed, 1433 insertions(+), 1623 deletions(-) (limited to 'src') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index a631b68be..aa5db8821 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -370,18 +370,18 @@ static void printFlow(u_int16_t thread_id, struct ndpi_flow_info *flow) { ntohs(flow->upper_port)); if(flow->vlan_id > 0) fprintf(out, "[VLAN: %u]", flow->vlan_id); - + if(flow->detected_protocol.master_protocol) { char buf[64]; fprintf(out, "[proto: %u.%u/%s]", - flow->detected_protocol.master_protocol, flow->detected_protocol.protocol, + flow->detected_protocol.master_protocol, flow->detected_protocol.app_protocol, ndpi_protocol2name(ndpi_thread_info[thread_id].workflow->ndpi_struct, flow->detected_protocol, buf, sizeof(buf))); } else fprintf(out, "[proto: %u/%s]", - flow->detected_protocol.protocol, - ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, flow->detected_protocol.protocol)); + flow->detected_protocol.app_protocol, + ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, flow->detected_protocol.app_protocol)); fprintf(out, "[%u pkts/%llu bytes]", flow->packets, (long long unsigned int) flow->bytes); @@ -405,23 +405,23 @@ static void printFlow(u_int16_t thread_id, struct ndpi_flow_info *flow) { json_object_object_add(jObj,"host_b.port",json_object_new_int(ntohs(flow->upper_port))); if(flow->detected_protocol.master_protocol) - json_object_object_add(jObj,"detected.masterprotocol",json_object_new_int(flow->detected_protocol.master_protocol)); + json_object_object_add(jObj,"detected.master_protocol",json_object_new_int(flow->detected_protocol.master_protocol)); - json_object_object_add(jObj,"detected.protocol",json_object_new_int(flow->detected_protocol.protocol)); + json_object_object_add(jObj,"detected.app_protocol",json_object_new_int(flow->detected_protocol.app_protocol)); if(flow->detected_protocol.master_protocol) { char tmp[256]; snprintf(tmp, sizeof(tmp), "%s.%s", ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, flow->detected_protocol.master_protocol), - ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, flow->detected_protocol.protocol)); + ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, flow->detected_protocol.app_protocol)); json_object_object_add(jObj,"detected.protocol.name", json_object_new_string(tmp)); } else json_object_object_add(jObj,"detected.protocol.name", json_object_new_string(ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, - flow->detected_protocol.protocol))); + flow->detected_protocol.app_protocol))); json_object_object_add(jObj,"packets",json_object_new_int(flow->packets)); json_object_object_add(jObj,"bytes",json_object_new_int(flow->bytes)); @@ -458,7 +458,7 @@ static void node_print_unknown_proto_walker(const void *node, ndpi_VISIT which, struct ndpi_flow_info *flow = *(struct ndpi_flow_info**)node; u_int16_t thread_id = *((u_int16_t*)user_data); - if(flow->detected_protocol.protocol != NDPI_PROTOCOL_UNKNOWN) return; + if(flow->detected_protocol.app_protocol != NDPI_PROTOCOL_UNKNOWN) return; if((which == ndpi_preorder) || (which == ndpi_leaf)) /* Avoid walking the same node multiple times */ printFlow(thread_id, flow); @@ -472,7 +472,7 @@ static void node_print_known_proto_walker(const void *node, ndpi_VISIT which, in struct ndpi_flow_info *flow = *(struct ndpi_flow_info**)node; u_int16_t thread_id = *((u_int16_t*)user_data); - if(flow->detected_protocol.protocol == NDPI_PROTOCOL_UNKNOWN) return; + if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) return; if((which == ndpi_preorder) || (which == ndpi_leaf)) /* Avoid walking the same node multiple times */ printFlow(thread_id, flow); @@ -491,10 +491,10 @@ static u_int16_t node_guess_undetected_protocol(u_int16_t thread_id, struct ndpi ntohl(flow->upper_ip), ntohs(flow->upper_port)); // printf("Guess state: %u\n", flow->detected_protocol); - if(flow->detected_protocol.protocol != NDPI_PROTOCOL_UNKNOWN) + if(flow->detected_protocol.app_protocol != NDPI_PROTOCOL_UNKNOWN) ndpi_thread_info[thread_id].workflow->stats.guessed_flow_protocols++; - return(flow->detected_protocol.protocol); + return(flow->detected_protocol.app_protocol); } @@ -511,15 +511,15 @@ static void node_proto_guess_walker(const void *node, ndpi_VISIT which, int dept flow->detected_protocol = ndpi_detection_giveup(ndpi_thread_info[0].workflow->ndpi_struct, flow->ndpi_flow); if(enable_protocol_guess) { - if(flow->detected_protocol.protocol == NDPI_PROTOCOL_UNKNOWN) { + if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) { node_guess_undetected_protocol(thread_id, flow); // printFlow(thread_id, flow); } } - ndpi_thread_info[thread_id].workflow->stats.protocol_counter[flow->detected_protocol.protocol] += flow->packets; - ndpi_thread_info[thread_id].workflow->stats.protocol_counter_bytes[flow->detected_protocol.protocol] += flow->bytes; - ndpi_thread_info[thread_id].workflow->stats.protocol_flows[flow->detected_protocol.protocol]++; + ndpi_thread_info[thread_id].workflow->stats.protocol_counter[flow->detected_protocol.app_protocol] += flow->packets; + ndpi_thread_info[thread_id].workflow->stats.protocol_counter_bytes[flow->detected_protocol.app_protocol] += flow->bytes; + ndpi_thread_info[thread_id].workflow->stats.protocol_flows[flow->detected_protocol.app_protocol]++; } } @@ -541,7 +541,7 @@ static void node_idle_scan_walker(const void *node, ndpi_VISIT which, int depth, /* update stats */ node_proto_guess_walker(node, which, depth, user_data); - if((flow->detected_protocol.protocol == NDPI_PROTOCOL_UNKNOWN) && !undetected_flows_deleted) + if((flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) && !undetected_flows_deleted) undetected_flows_deleted = 1; ndpi_free_flow_info_half(flow); @@ -565,8 +565,8 @@ static void on_protocol_discovered(struct ndpi_workflow * workflow, if(verbose > 1){ if(enable_protocol_guess) { - if(flow->detected_protocol.protocol == NDPI_PROTOCOL_UNKNOWN) { - flow->detected_protocol.protocol = node_guess_undetected_protocol(thread_id, flow), + if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) { + flow->detected_protocol.app_protocol = node_guess_undetected_protocol(thread_id, flow), flow->detected_protocol.master_protocol = NDPI_PROTOCOL_UNKNOWN; } } diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 105459054..8fe104b3e 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -322,9 +322,8 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow flow.lower_ip = lower_ip, flow.upper_ip = upper_ip; flow.lower_port = lower_port, flow.upper_port = upper_port; - if(0) - NDPI_LOG(0, workflow->ndpi_struct, NDPI_LOG_DEBUG, "[NDPI] [%u][%u:%u <-> %u:%u]\n", - iph->protocol, lower_ip, ntohs(lower_port), upper_ip, ntohs(upper_port)); + NDPI_LOG(0, workflow->ndpi_struct, NDPI_LOG_DEBUG, "[NDPI] [%u][%u:%u <-> %u:%u]\n", + iph->protocol, lower_ip, ntohs(lower_port), upper_ip, ntohs(upper_port)); idx = (vlan_id + lower_ip + upper_ip + iph->protocol + lower_port + upper_port) % workflow->prefs.num_roots; ret = ndpi_tfind(&flow, &workflow->ndpi_flows_root[idx], ndpi_workflow_node_cmp); @@ -491,7 +490,7 @@ static unsigned int packet_processing(struct ndpi_workflow * workflow, iph ? (uint8_t *)iph : (uint8_t *)iph6, ipsize, time, src, dst); - if((flow->detected_protocol.protocol != NDPI_PROTOCOL_UNKNOWN) + if((flow->detected_protocol.app_protocol != NDPI_PROTOCOL_UNKNOWN) || ((proto == IPPROTO_UDP) && (flow->packets > 8)) || ((proto == IPPROTO_TCP) && (flow->packets > 10))) { /* New protocol detected or give up */ @@ -499,7 +498,7 @@ static unsigned int packet_processing(struct ndpi_workflow * workflow, } if(flow->detection_completed) { - if(flow->detected_protocol.protocol == NDPI_PROTOCOL_UNKNOWN) + if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) flow->detected_protocol = ndpi_detection_giveup(workflow->ndpi_struct, flow->ndpi_flow); } @@ -507,29 +506,36 @@ static unsigned int packet_processing(struct ndpi_workflow * workflow, snprintf(flow->host_server_name, sizeof(flow->host_server_name), "%s", flow->ndpi_flow->host_server_name); - if(flow->detected_protocol.protocol == NDPI_PROTOCOL_BITTORRENT) { + /* BITTORRENT */ + if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_BITTORRENT) { int i, j, n = 0; - + for(i=0, j = 0; j < sizeof(flow->bittorent_hash)-1; i++) { sprintf(&flow->bittorent_hash[j], "%02x", flow->ndpi_flow->bittorent_hash[i]); - j += 2, n += flow->ndpi_flow->bittorent_hash[i]; + j += 2, n += flow->ndpi_flow->bittorent_hash[i]; } - + if(n == 0) flow->bittorent_hash[0] = '\0'; - } else if(flow->detected_protocol.protocol == NDPI_PROTOCOL_MDNS) { + } + /* MDNS */ + else if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_MDNS) { snprintf(flow->info, sizeof(flow->info), "%s", flow->ndpi_flow->protos.mdns.answer); - } else if(flow->detected_protocol.protocol == NDPI_PROTOCOL_UBNTAC2) { + } + /* UBNTAC2 */ + else if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UBNTAC2) { snprintf(flow->info, sizeof(flow->info), "%s", flow->ndpi_flow->protos.ubntac2.version); } - - if((proto == IPPROTO_TCP) && (flow->detected_protocol.protocol != NDPI_PROTOCOL_DNS)) { - if(flow->detected_protocol.protocol == NDPI_PROTOCOL_SSH) { + if((proto == IPPROTO_TCP) && (flow->detected_protocol.app_protocol != NDPI_PROTOCOL_DNS)) { + /* SSH */ + if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_SSH) { snprintf(flow->ssh_ssl.client_info, sizeof(flow->ssh_ssl.client_info), "%s", flow->ndpi_flow->protos.ssh.client_signature); snprintf(flow->ssh_ssl.server_info, sizeof(flow->ssh_ssl.server_info), "%s", flow->ndpi_flow->protos.ssh.server_signature); - } else if((flow->detected_protocol.protocol == NDPI_PROTOCOL_SSL) - || (flow->detected_protocol.master_protocol == NDPI_PROTOCOL_SSL)) { + } + /* SSL */ + else if((flow->detected_protocol.app_protocol == NDPI_PROTOCOL_SSL) + || (flow->detected_protocol.master_protocol == NDPI_PROTOCOL_SSL)) { snprintf(flow->ssh_ssl.client_info, sizeof(flow->ssh_ssl.client_info), "%s", flow->ndpi_flow->protos.ssl.client_certificate); snprintf(flow->ssh_ssl.server_info, sizeof(flow->ssh_ssl.server_info), "%s", @@ -538,7 +544,7 @@ static unsigned int packet_processing(struct ndpi_workflow * workflow, } if(flow->detection_completed) { - if(flow->detected_protocol.protocol == NDPI_PROTOCOL_UNKNOWN) { + if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) { if (workflow->__flow_giveup_callback != NULL) workflow->__flow_giveup_callback(workflow, flow, workflow->__flow_giveup_udata); } else { diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index b380c8b03..79de7017e 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -224,52 +224,6 @@ extern "C" { struct ndpi_id_struct *src, struct ndpi_id_struct *dst); - - /** - * Processes one packet of L4 and returns the ID of the detected protocol. - * L3 and L4 packet headers are passed in the arguments while payload - * points to the L4 body. - * This function mimics ndpi_detection_process_packet behaviour. - * - * @par ndpi_struct = the detection module - * @par flow = pointer to the connection state machine - * @par iph = IP packet header for IPv4 or NULL - * @par iph6 = IP packet header for IPv6 or NULL - * @par tcp = TCP packet header for TCP or NULL - * @par udp = UDP packet header for UDP or NULL - * @par src_to_dst_direction = order of src/dst state machines in a flow. - * @par l4_proto = L4 protocol of the packet. - * @par src = pointer to the source subscriber state machine - * @par dst = pointer to the destination subscriber state machine - * @par sport = source port of L4 packet, used for protocol guessing. - * @par dport = destination port of L4 packet, used for protocol guessing. - * @par current_tick_l = the current timestamp for the packet - * @par payload = unsigned char pointer to the Layer 4 (TCP/UDP body) - * @par payload_len = the length of the payload - * @return the detected ID of the protocol - * - * NOTE: in a current implementation flow->src and flow->dst are swapped with - * the src_to_dst_direction flag while ndpi_detection_process_packet does not swap - * these values. - * - */ - -ndpi_protocol ndpi_l4_detection_process_packet(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow, - const struct ndpi_iphdr *iph, - struct ndpi_ipv6hdr *iph6, - struct ndpi_tcphdr *tcp, - struct ndpi_udphdr *udp, - u_int8_t src_to_dst_direction, - u_int8_t l4_proto, - struct ndpi_id_struct *src, - u_int16_t sport, - struct ndpi_id_struct *dst, - u_int16_t dport, - const u_int64_t current_tick_l, - u_int8_t *payload, u_int16_t payload_len); - - /** * Get the main protocol of the passed flows for the detected module diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index cd10d3dd1..96cea5353 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -781,7 +781,7 @@ typedef struct _ndpi_automa { } ndpi_automa; typedef struct ndpi_proto { - u_int16_t master_protocol /* e.g. HTTP */, protocol /* e.g. FaceBook */; + u_int16_t master_protocol /* e.g. HTTP */, app_protocol /* e.g. FaceBook */; } ndpi_protocol; #define NDPI_PROTOCOL_NULL { NDPI_PROTOCOL_UNKNOWN , NDPI_PROTOCOL_UNKNOWN } diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 5670eeb33..1ad13fbd2 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -7989,9 +7989,12 @@ ndpi_protocol_match host_match[] = { { ".skype.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, { ".skypeassets.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, { ".skypedata.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".skypeecs-", /* no final . */ "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".skypeecs-", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, { ".skypeforbusiness.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, { ".lync.com", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { "e7768.b.akamaiedge.net", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { "e4593.dspg.akamaiedge.net", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { "e4593.g.akamaiedge.net", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, { ".tuenti.com", "Tuenti", NDPI_PROTOCOL_TUENTI, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".twttr.com", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, { "twitter.", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 87d479fd7..f7346594e 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1,7 +1,7 @@ /* * ndpi_main.c * - * Copyright (C) 2011-16 - ntop.org + * Copyright (C) 2011-17 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -21,7 +21,6 @@ * */ - #include #include #include "ahocorasick.h" @@ -58,9 +57,8 @@ int check_punycode_string(char * buffer , int len) /* ftp://ftp.cc.uoc.gr/mirrors/OpenBSD/src/lib/libc/stdlib/tsearch.c */ /* find or insert datum into search tree */ -void * -ndpi_tsearch(const void *vkey, void **vrootp, - int (*compar)(const void *, const void *)) +void * ndpi_tsearch(const void *vkey, void **vrootp, + int (*compar)(const void *, const void *)) { ndpi_node *q; char *key = (char *)vkey; @@ -87,9 +85,8 @@ ndpi_tsearch(const void *vkey, void **vrootp, } /* delete node with given key */ -void * -ndpi_tdelete(const void *vkey, void **vrootp, - int (*compar)(const void *, const void *)) +void * ndpi_tdelete(const void *vkey, void **vrootp, + int (*compar)(const void *, const void *)) { ndpi_node **rootp = (ndpi_node **)vrootp; char *key = (char *)vkey; @@ -129,8 +126,7 @@ ndpi_tdelete(const void *vkey, void **vrootp, } /* Walk the nodes of a tree */ -static void -ndpi_trecurse(ndpi_node *root, void (*action)(const void *, ndpi_VISIT, int, void*), int level, void *user_data) +static void ndpi_trecurse(ndpi_node *root, void (*action)(const void *, ndpi_VISIT, int, void*), int level, void *user_data) { if(root->left == (ndpi_node *)0 && root->right == (ndpi_node *)0) (*action)(root, ndpi_leaf, level, user_data); @@ -146,8 +142,7 @@ ndpi_trecurse(ndpi_node *root, void (*action)(const void *, ndpi_VISIT, int, voi } /* Walk the nodes of a tree */ -void -ndpi_twalk(const void *vroot, void (*action)(const void *, ndpi_VISIT, int, void *), void *user_data) +void ndpi_twalk(const void *vroot, void (*action)(const void *, ndpi_VISIT, int, void *), void *user_data) { ndpi_node *root = (ndpi_node *)vroot; @@ -156,8 +151,8 @@ ndpi_twalk(const void *vroot, void (*action)(const void *, ndpi_VISIT, int, void } /* find a node, or return 0 */ -void* ndpi_tfind(const void *vkey, void *vrootp, - int (*compar)(const void *, const void *)) +void * ndpi_tfind(const void *vkey, void *vrootp, + int (*compar)(const void *, const void *)) { char *key = (char *)vkey; ndpi_node **rootp = (ndpi_node **)vrootp; @@ -178,7 +173,8 @@ void* ndpi_tfind(const void *vkey, void *vrootp, /* ****************************************** */ /* Walk the nodes of a tree */ -static void ndpi_tdestroy_recurse(ndpi_node* root, void (*free_action)(void *)) { +static void ndpi_tdestroy_recurse(ndpi_node* root, void (*free_action)(void *)) +{ if(root->left != NULL) ndpi_tdestroy_recurse(root->left, free_action); if(root->right != NULL) @@ -188,9 +184,10 @@ static void ndpi_tdestroy_recurse(ndpi_node* root, void (*free_action)(void *)) ndpi_free(root); } -void ndpi_tdestroy(void *vrootp, void (*freefct)(void *)) { +void ndpi_tdestroy(void *vrootp, void (*freefct)(void *)) +{ ndpi_node *root = (ndpi_node *) vrootp; - + if(root != NULL) ndpi_tdestroy_recurse(root, freefct); } @@ -199,7 +196,8 @@ void ndpi_tdestroy(void *vrootp, void (*freefct)(void *)) { u_int8_t ndpi_net_match(u_int32_t ip_to_check, u_int32_t net, - u_int32_t num_bits) { + u_int32_t num_bits) +{ u_int32_t mask = 0; mask = ~(~mask >> num_bits); @@ -208,7 +206,8 @@ u_int8_t ndpi_net_match(u_int32_t ip_to_check, } u_int8_t ndpi_ips_match(u_int32_t src, u_int32_t dst, - u_int32_t net, u_int32_t num_bits) { + u_int32_t net, u_int32_t num_bits) +{ return(ndpi_net_match(src, net, num_bits) || ndpi_net_match(dst, net, num_bits)); } @@ -262,9 +261,8 @@ static const u_char charmap[] = { '\370', '\371', '\372', '\373', '\374', '\375', '\376', '\377', }; -int -strcasecmp(s1, s2) - const char *s1, *s2; +int strcasecmp(s1, s2) + const char *s1, *s2; { register const u_char *cm = charmap, *us1 = (const u_char *)s1, @@ -276,10 +274,9 @@ strcasecmp(s1, s2) return (cm[*us1] - cm[*--us2]); } -int -strncasecmp(s1, s2, n) - const char *s1, *s2; -register size_t n; +int strncasecmp(s1, s2, n) + const char *s1, *s2; + register size_t n; { if(n != 0) { register const u_char *cm = charmap, @@ -312,11 +309,12 @@ static int removeDefaultPort(ndpi_port_range *range, /* ****************************************** */ -void* ndpi_malloc(size_t size) { return(_ndpi_malloc ? _ndpi_malloc(size) : malloc(size)); } +void * ndpi_malloc(size_t size) { return(_ndpi_malloc ? _ndpi_malloc(size) : malloc(size)); } /* ****************************************** */ -void* ndpi_calloc(unsigned long count, size_t size) { +void * ndpi_calloc(unsigned long count, size_t size) +{ size_t len = count*size; void *p = ndpi_malloc(len); @@ -328,13 +326,14 @@ void* ndpi_calloc(unsigned long count, size_t size) { /* ****************************************** */ -void ndpi_free(void *ptr) { if(_ndpi_free) _ndpi_free(ptr); else free(ptr); } +void ndpi_free(void *ptr) { if(_ndpi_free) _ndpi_free(ptr); else free(ptr); } /* ****************************************** */ -void *ndpi_realloc(void *ptr, size_t old_size, size_t new_size) { +void * ndpi_realloc(void *ptr, size_t old_size, size_t new_size) +{ void *ret = ndpi_malloc(new_size); - + if(!ret) return(ret); else { @@ -345,7 +344,8 @@ void *ndpi_realloc(void *ptr, size_t old_size, size_t new_size) { } /* ****************************************** */ -char *ndpi_strdup(const char *s) { +char * ndpi_strdup(const char *s) +{ int len = strlen(s); char *m = ndpi_malloc(len+1); @@ -357,29 +357,25 @@ char *ndpi_strdup(const char *s) { return(m); } -/* ****************************************** */ +/* *********************************************************************************** */ -u_int32_t ndpi_detection_get_sizeof_ndpi_flow_struct(void) -{ - return sizeof(struct ndpi_flow_struct); -} +u_int32_t ndpi_detection_get_sizeof_ndpi_flow_struct(void) { return sizeof(struct ndpi_flow_struct); } -/* ****************************************** */ +/* *********************************************************************************** */ -u_int32_t ndpi_detection_get_sizeof_ndpi_id_struct(void) -{ - return sizeof(struct ndpi_id_struct); -} +u_int32_t ndpi_detection_get_sizeof_ndpi_id_struct(void) { return sizeof(struct ndpi_id_struct); } -/* ******************************************************************** */ +/* *********************************************************************************** */ -char* ndpi_get_proto_by_id(struct ndpi_detection_module_struct *ndpi_mod, u_int id) { +char * ndpi_get_proto_by_id(struct ndpi_detection_module_struct *ndpi_mod, u_int id) +{ return((id >= ndpi_mod->ndpi_num_supported_protocols) ? NULL : ndpi_mod->proto_defaults[id].protoName); } -/* ****************************************************** */ +/* *********************************************************************************** */ -u_int16_t ndpi_get_proto_by_name(struct ndpi_detection_module_struct *ndpi_mod, const char *name) { +u_int16_t ndpi_get_proto_by_name(struct ndpi_detection_module_struct *ndpi_mod, const char *name) +{ u_int16_t i, num = ndpi_get_num_supported_protocols(ndpi_mod); for(i = 0; i < num; i++) @@ -389,14 +385,15 @@ u_int16_t ndpi_get_proto_by_name(struct ndpi_detection_module_struct *ndpi_mod, return(NDPI_PROTOCOL_UNKNOWN); } -/* ******************************************************************** */ +/* ************************************************************************************* */ -ndpi_port_range* ndpi_build_default_ports_range(ndpi_port_range *ports, - u_int16_t portA_low, u_int16_t portA_high, - u_int16_t portB_low, u_int16_t portB_high, - u_int16_t portC_low, u_int16_t portC_high, - u_int16_t portD_low, u_int16_t portD_high, - u_int16_t portE_low, u_int16_t portE_high) { +ndpi_port_range * ndpi_build_default_ports_range(ndpi_port_range *ports, + u_int16_t portA_low, u_int16_t portA_high, + u_int16_t portB_low, u_int16_t portB_high, + u_int16_t portC_low, u_int16_t portC_high, + u_int16_t portD_low, u_int16_t portD_high, + u_int16_t portE_low, u_int16_t portE_high) +{ int i = 0; ports[i].port_low = portA_low, ports[i].port_high = portA_high; i++; @@ -408,14 +405,15 @@ ndpi_port_range* ndpi_build_default_ports_range(ndpi_port_range *ports, return(ports); } -/* ******************************************************************** */ +/* *********************************************************************************** */ -ndpi_port_range* ndpi_build_default_ports(ndpi_port_range *ports, - u_int16_t portA, - u_int16_t portB, - u_int16_t portC, - u_int16_t portD, - u_int16_t portE) { +ndpi_port_range * ndpi_build_default_ports(ndpi_port_range *ports, + u_int16_t portA, + u_int16_t portB, + u_int16_t portC, + u_int16_t portD, + u_int16_t portE) +{ int i = 0; ports[i].port_low = portA, ports[i].port_high = portA; i++; @@ -427,13 +425,14 @@ ndpi_port_range* ndpi_build_default_ports(ndpi_port_range *ports, return(ports); } -/* ******************************************************************** */ +/* ********************************************************************************** */ void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol_breed_t breed, u_int16_t protoId, u_int16_t tcp_master_protoId[2], u_int16_t udp_master_protoId[2], char *protoName, ndpi_protocol_category_t protoCategory, - ndpi_port_range *tcpDefPorts, ndpi_port_range *udpDefPorts) { + ndpi_port_range *tcpDefPorts, ndpi_port_range *udpDefPorts) +{ char *name; int j; @@ -469,20 +468,22 @@ void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod, /* ******************************************************************** */ -static int ndpi_default_ports_tree_node_t_cmp(const void *a, const void *b) { +static int ndpi_default_ports_tree_node_t_cmp(const void *a, const void *b) +{ ndpi_default_ports_tree_node_t *fa = (ndpi_default_ports_tree_node_t*)a; ndpi_default_ports_tree_node_t *fb = (ndpi_default_ports_tree_node_t*)b; - + //printf("[NDPI] %s(%d, %d)\n", __FUNCTION__, fa->default_port, fb->default_port); - + return((fa->default_port == fb->default_port) ? 0 : ((fa->default_port < fb->default_port) ? -1 : 1)); } /* ******************************************************************** */ -void ndpi_default_ports_tree_node_t_walker(const void *node, const ndpi_VISIT which, const int depth) { +void ndpi_default_ports_tree_node_t_walker(const void *node, const ndpi_VISIT which, const int depth) +{ ndpi_default_ports_tree_node_t *f = *(ndpi_default_ports_tree_node_t **)node; - + printf("<%d>Walk on node %s (%u)\n", depth, @@ -498,7 +499,8 @@ void ndpi_default_ports_tree_node_t_walker(const void *node, const ndpi_VISIT wh static void addDefaultPort(ndpi_port_range *range, ndpi_proto_defaults_t *def, u_int8_t customUserProto, - ndpi_default_ports_tree_node_t **root) { + ndpi_default_ports_tree_node_t **root) +{ ndpi_default_ports_tree_node_t *ret; u_int16_t port; @@ -532,7 +534,8 @@ static void addDefaultPort(ndpi_port_range *range, */ static int removeDefaultPort(ndpi_port_range *range, ndpi_proto_defaults_t *def, - ndpi_default_ports_tree_node_t **root) { + ndpi_default_ports_tree_node_t **root) +{ ndpi_default_ports_tree_node_t node; ndpi_default_ports_tree_node_t *ret; u_int16_t port; @@ -546,1070 +549,1076 @@ static int removeDefaultPort(ndpi_port_range *range, ndpi_free((ndpi_default_ports_tree_node_t*)ret); return(0); } - } - - return(-1); -} - -/* ****************************************************** */ - -static int ndpi_string_to_automa(struct ndpi_detection_module_struct *ndpi_struct, - ndpi_automa *automa, - char *value, int protocol_id, - ndpi_protocol_breed_t breed) { - AC_PATTERN_t ac_pattern; - - if(protocol_id >= (NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS)) { - printf("[NDPI] %s(protoId=%d): INTERNAL ERROR\n", __FUNCTION__, protocol_id); - return(-1); - } - - if(automa->ac_automa == NULL) return(-2); - ac_pattern.astring = value; - ac_pattern.rep.number = protocol_id; - if(value == NULL) - ac_pattern.length = 0; - else - ac_pattern.length = strlen(ac_pattern.astring); - - ac_automata_add(((AC_AUTOMATA_t*)automa->ac_automa), &ac_pattern); - - return(0); -} - -/* ****************************************************** */ - -static int ndpi_add_host_url_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, - char *value, int protocol_id, - ndpi_protocol_breed_t breed) { -#ifdef DEBUG - printf("[NDPI] Adding [%s][%d]\n", value, protocol_id); -#endif - - return(ndpi_string_to_automa(ndpi_struct, &ndpi_struct->host_automa, - value, protocol_id, breed)); -} - -/* ****************************************************** */ - -int ndpi_add_content_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, - char *value, int protocol_id, - ndpi_protocol_breed_t breed) { - return(ndpi_string_to_automa(ndpi_struct, &ndpi_struct->content_automa, - value, protocol_id, breed)); -} - -/* ****************************************************** */ - -/* - NOTE - - This function must be called with a semaphore set, this in order to avoid - changing the datastructures while using them -*/ -static int ndpi_remove_host_url_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, - char *value, int protocol_id) { - - printf("[NDPI] Missing implementation of %s()\n", __FUNCTION__); - return(-1); -} - -/* ******************************************************************** */ - -void ndpi_init_protocol_match(struct ndpi_detection_module_struct *ndpi_mod, - ndpi_protocol_match *match) { - u_int16_t no_master[2] = { NDPI_PROTOCOL_NO_MASTER_PROTO, NDPI_PROTOCOL_NO_MASTER_PROTO }; - ndpi_port_range ports_a[MAX_DEFAULT_PORTS], ports_b[MAX_DEFAULT_PORTS]; - - ndpi_add_host_url_subprotocol(ndpi_mod, match->string_to_match, - match->protocol_id, match->protocol_breed); - - if(ndpi_mod->proto_defaults[match->protocol_id].protoName == NULL) { - ndpi_mod->proto_defaults[match->protocol_id].protoName = ndpi_strdup(match->proto_name); - ndpi_mod->proto_defaults[match->protocol_id].protoCategory = match->proto_category; - ndpi_mod->proto_defaults[match->protocol_id].protoId = match->protocol_id; - ndpi_mod->proto_defaults[match->protocol_id].protoBreed = match->protocol_breed; - } - - ndpi_set_proto_defaults(ndpi_mod, - ndpi_mod->proto_defaults[match->protocol_id].protoBreed, - ndpi_mod->proto_defaults[match->protocol_id].protoId, - no_master, no_master, - ndpi_mod->proto_defaults[match->protocol_id].protoName, - ndpi_mod->proto_defaults[match->protocol_id].protoCategory, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); -} - -/* ******************************************************************** */ - -static void init_string_based_protocols(struct ndpi_detection_module_struct *ndpi_mod) { - int i; - - for(i=0; host_match[i].string_to_match != NULL; i++) - ndpi_init_protocol_match(ndpi_mod, &host_match[i]); - -#ifdef DEBUG - ac_automata_display(ndpi_mod->host_automa.ac_automa, 'n'); -#endif - - for(i=0; content_match[i].string_to_match != NULL; i++) - ndpi_add_content_subprotocol(ndpi_mod, content_match[i].string_to_match, - content_match[i].protocol_id, - content_match[i].protocol_breed); - - for(i=0; ndpi_en_bigrams[i] != NULL; i++) - ndpi_string_to_automa(ndpi_mod, &ndpi_mod->bigrams_automa, - (char*)ndpi_en_bigrams[i], - 1, NDPI_PROTOCOL_UNRATED); - - for(i=0; ndpi_en_impossible_bigrams[i] != NULL; i++) - ndpi_string_to_automa(ndpi_mod, &ndpi_mod->impossible_bigrams_automa, - (char*)ndpi_en_impossible_bigrams[i], - 1, NDPI_PROTOCOL_UNRATED); -} - -/* ******************************************************************** */ - -static void ndpi_init_placeholder_proto(struct ndpi_detection_module_struct *ndpi_mod, - ndpi_port_range *ports_a, - ndpi_port_range *ports_b, - u_int16_t *no_master, - u_int16_t proto_id) { - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, proto_id, - no_master, - no_master, "Placeholder", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ -} - -/* ******************************************************************** */ - -/* This function is used to map protocol name and default ports and it MUST - be updated whenever a new protocol is added to NDPI. - - Do NOT add web services (NDPI_SERVICE_xxx) here. -*/ -static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndpi_mod) { - - int i; - ndpi_port_range ports_a[MAX_DEFAULT_PORTS], ports_b[MAX_DEFAULT_PORTS]; - u_int16_t no_master[2] = { NDPI_PROTOCOL_NO_MASTER_PROTO, NDPI_PROTOCOL_NO_MASTER_PROTO }, - custom_master[2]; - - /* Reset all settings */ - memset(ndpi_mod->proto_defaults, 0, sizeof(ndpi_mod->proto_defaults)); - - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNRATED, NDPI_PROTOCOL_UNKNOWN, - no_master, - no_master, "Unknown", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_FTP_CONTROL, - no_master, - no_master, "FTP_CONTROL", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, - ndpi_build_default_ports(ports_a, 21, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_FTP_DATA, - no_master, - no_master, "FTP_DATA", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, - ndpi_build_default_ports(ports_a, 20, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MAIL_POP, - no_master, - no_master, "POP3", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, - ndpi_build_default_ports(ports_a, 110, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_MAIL_POPS, - no_master, - no_master, "POPS", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, - ndpi_build_default_ports(ports_a, 995, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MAIL_SMTP, - no_master, - no_master, "SMTP", NDPI_PROTOCOL_CATEGORY_MAIL_SEND, - ndpi_build_default_ports(ports_a, 25, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_MAIL_SMTPS, - no_master, - no_master, "SMTPS", NDPI_PROTOCOL_CATEGORY_MAIL_SEND, - ndpi_build_default_ports(ports_a, 465, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MAIL_IMAP, - no_master, - no_master, "IMAP", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, - ndpi_build_default_ports(ports_a, 143, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_MAIL_IMAPS, - no_master, - no_master, "IMAPS", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, - ndpi_build_default_ports(ports_a, 993, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DNS, - no_master, - no_master, "DNS", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 53, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 53, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IPP, - no_master, - no_master, "IPP", NDPI_PROTOCOL_CATEGORY_SYSTEM, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HEP, - no_master, - no_master, "HEP", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 9064, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 9063, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP, - no_master, - no_master, "HTTP", NDPI_PROTOCOL_CATEGORY_WEB, - ndpi_build_default_ports(ports_a, 80, 0 /* ntop */, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MDNS, - no_master, - no_master, "MDNS", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 5353, 5354, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NTP, - no_master, - no_master, "NTP", NDPI_PROTOCOL_CATEGORY_SYSTEM, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 123, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NETBIOS, - no_master, - no_master, "NetBIOS", NDPI_PROTOCOL_CATEGORY_SYSTEM, - ndpi_build_default_ports(ports_a, 139, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 137, 138, 139, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NFS, - no_master, - no_master, "NFS", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, - ndpi_build_default_ports(ports_a, 2049, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 2049, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SSDP, - no_master, - no_master, "SSDP", NDPI_PROTOCOL_CATEGORY_SYSTEM, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BGP, - no_master, - no_master, "BGP", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 2605, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SNMP, - no_master, - no_master, "SNMP", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 161, 162, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_XDMCP, - no_master, - no_master, "XDMCP", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, - ndpi_build_default_ports(ports_a, 177, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 177, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SMB, - no_master, - no_master, "SMB", NDPI_PROTOCOL_CATEGORY_SYSTEM, - ndpi_build_default_ports(ports_a, 445, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SYSLOG, - no_master, - no_master, "Syslog", NDPI_PROTOCOL_CATEGORY_SYSTEM, - ndpi_build_default_ports(ports_a, 514, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 514, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DHCP, - no_master, - no_master, "DHCP", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 67, 68, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_POSTGRES, - no_master, - no_master, "PostgreSQL", NDPI_PROTOCOL_CATEGORY_DATABASE, - ndpi_build_default_ports(ports_a, 5432, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MYSQL, - no_master, - no_master, "MySQL", NDPI_PROTOCOL_CATEGORY_DATABASE, - ndpi_build_default_ports(ports_a, 3306, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK, - no_master, - no_master, "Direct_Download_Link", NDPI_PROTOCOL_CATEGORY_P2P, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_APPLEJUICE, - no_master, - no_master, "AppleJuice", NDPI_PROTOCOL_CATEGORY_P2P, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_DIRECTCONNECT, - no_master, - no_master, "DirectConnect", NDPI_PROTOCOL_CATEGORY_P2P, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_SOCRATES, - no_master, - no_master, "Socrates", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_VMWARE, - no_master, - no_master, "VMware", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, - ndpi_build_default_ports(ports_a, 903, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 902, 903, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_FILETOPIA, - no_master, - no_master, "Filetopia", NDPI_PROTOCOL_CATEGORY_P2P, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_KONTIKI, - no_master, - no_master, "Kontiki", NDPI_PROTOCOL_CATEGORY_MEDIA, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_OPENFT, - no_master, - no_master, "OpenFT", NDPI_PROTOCOL_CATEGORY_P2P, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_FASTTRACK, - no_master, - no_master, "FastTrack", NDPI_PROTOCOL_CATEGORY_P2P, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_GNUTELLA, - no_master, - no_master, "Gnutella", NDPI_PROTOCOL_CATEGORY_P2P, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_EDONKEY, - no_master, - no_master, "eDonkey", NDPI_PROTOCOL_CATEGORY_P2P, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BITTORRENT, - no_master, - no_master, "BitTorrent", NDPI_PROTOCOL_CATEGORY_P2P, - ndpi_build_default_ports(ports_a, 51413, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 6771, 51413, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TEREDO, - no_master, - no_master, "Teredo", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 3544, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_EPP, - no_master, - no_master, "EPP", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_CONTENT_AVI, - no_master, - no_master, "AVI", NDPI_PROTOCOL_CATEGORY_MEDIA, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_CONTENT_FLASH, - no_master, - no_master, "Flash", NDPI_PROTOCOL_CATEGORY_MEDIA, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_CONTENT_OGG, - no_master, - no_master, "OggVorbis", NDPI_PROTOCOL_CATEGORY_MEDIA, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_CONTENT_MPEG, - no_master, - no_master, "MPEG", NDPI_PROTOCOL_CATEGORY_MEDIA, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_CONTENT_QUICKTIME, - no_master, - no_master, "QuickTime", NDPI_PROTOCOL_CATEGORY_MEDIA, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_CONTENT_REALMEDIA, - no_master, - no_master, "RealMedia", NDPI_PROTOCOL_CATEGORY_MEDIA, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_CONTENT_WINDOWSMEDIA, - no_master, - no_master, "WindowsMedia", NDPI_PROTOCOL_CATEGORY_MEDIA, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_CONTENT_MMS, - no_master, - no_master, "MMS", NDPI_PROTOCOL_CATEGORY_MEDIA, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_XBOX, - no_master, - no_master, "Xbox", NDPI_PROTOCOL_CATEGORY_GAME, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_QQ, - no_master, - no_master, "QQ", NDPI_PROTOCOL_CATEGORY_CHAT, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_MOVE, - no_master, - no_master, "Move", NDPI_PROTOCOL_CATEGORY_WEB, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_RTSP, - no_master, - no_master, "RTSP", NDPI_PROTOCOL_CATEGORY_MEDIA, - ndpi_build_default_ports(ports_a, 554, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 554, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_ICECAST, - no_master, - no_master, "IceCast", NDPI_PROTOCOL_CATEGORY_MEDIA, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_PPLIVE, - no_master, - no_master, "PPLive", NDPI_PROTOCOL_CATEGORY_MEDIA, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_PPSTREAM, - no_master, - no_master, "PPStream", NDPI_PROTOCOL_CATEGORY_MEDIA, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_ZATTOO, - no_master, - no_master, "Zattoo", NDPI_PROTOCOL_CATEGORY_MEDIA, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_SHOUTCAST, - no_master, - no_master, "ShoutCast", NDPI_PROTOCOL_CATEGORY_MEDIA, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_SOPCAST, - no_master, - no_master, "Sopcast", NDPI_PROTOCOL_CATEGORY_MEDIA, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_TVANTS, - no_master, - no_master, "Tvants", NDPI_PROTOCOL_CATEGORY_MEDIA, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_TVUPLAYER, - no_master, - no_master, "TVUplayer", NDPI_PROTOCOL_CATEGORY_MEDIA, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_HTTP_DOWNLOAD, - no_master, - no_master, "HTTPDownload", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_QQLIVE, - no_master, - no_master, "QQLive", NDPI_PROTOCOL_CATEGORY_MEDIA, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_THUNDER, - no_master, - no_master, "Thunder", NDPI_PROTOCOL_CATEGORY_P2P, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_SOULSEEK, - no_master, - no_master, "Soulseek", NDPI_PROTOCOL_CATEGORY_P2P, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - - custom_master[0] = NDPI_PROTOCOL_SSL, custom_master[1] = NDPI_PROTOCOL_UNKNOWN; - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SSL_NO_CERT, - custom_master, - no_master, "SSL_No_Cert", NDPI_PROTOCOL_CATEGORY_WEB, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IRC, - no_master, - no_master, "IRC", NDPI_PROTOCOL_CATEGORY_CHAT, - ndpi_build_default_ports(ports_a, 194, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 194, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_AYIYA, - no_master, - no_master, "Ayiya", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 5072, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_UNENCRYPTED_JABBER, - no_master, - no_master, "Unencrypted_Jabber", NDPI_PROTOCOL_CATEGORY_WEB, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_OSCAR, - no_master, - no_master, "Oscar", NDPI_PROTOCOL_CATEGORY_CHAT, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_BATTLEFIELD, - no_master, - no_master, "BattleField", NDPI_PROTOCOL_CATEGORY_GAME, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_QUAKE, - no_master, - no_master, "Quake", NDPI_PROTOCOL_CATEGORY_GAME, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_VRRP, - no_master, - no_master, "VRRP", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_STEAM, - no_master, - no_master, "Steam", NDPI_PROTOCOL_CATEGORY_GAME, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_HALFLIFE2, - no_master, - no_master, "HalfLife2", NDPI_PROTOCOL_CATEGORY_GAME, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_WORLDOFWARCRAFT, - no_master, - no_master, "WorldOfWarcraft", NDPI_PROTOCOL_CATEGORY_GAME, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_HOTSPOT_SHIELD, - no_master, - no_master, "HotspotShield", NDPI_PROTOCOL_CATEGORY_VPN, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_TELNET, - no_master, - no_master, "Telnet", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, - ndpi_build_default_ports(ports_a, 23, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - - custom_master[0] = NDPI_PROTOCOL_SIP, custom_master[1] = NDPI_PROTOCOL_H323; - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_STUN, - no_master, - custom_master, "STUN", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 3478, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_IP_IPSEC, - no_master, - no_master, "IPsec", NDPI_PROTOCOL_CATEGORY_VPN, - ndpi_build_default_ports(ports_a, 500, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 500, 4500, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_GRE, - no_master, - no_master, "GRE", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_ICMP, - no_master, - no_master, "ICMP", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_IGMP, - no_master, - no_master, "IGMP", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_EGP, - no_master, - no_master, "EGP", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_SCTP, - no_master, - no_master, "SCTP", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_OSPF, - no_master, - no_master, "OSPF", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 2604, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_IP_IN_IP, - no_master, - no_master, "IP_in_IP", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RTP, - no_master, - no_master, "RTP", NDPI_PROTOCOL_CATEGORY_VOIP, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RDP, - no_master, - no_master, "RDP", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, - ndpi_build_default_ports(ports_a, 3389, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_VNC, - no_master, - no_master, "VNC", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, - ndpi_build_default_ports(ports_a, 5900, 5901, 5800, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_PCANYWHERE, - no_master, - no_master, "PcAnywhere", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WHATSAPP_VOICE, - no_master, - no_master, "WhatsAppVoice", NDPI_PROTOCOL_CATEGORY_VOIP, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - - custom_master[0] = NDPI_PROTOCOL_SSL_NO_CERT, custom_master[1] = NDPI_PROTOCOL_UNKNOWN; - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_SSL, - no_master, - custom_master, "SSL", NDPI_PROTOCOL_CATEGORY_WEB, - ndpi_build_default_ports(ports_a, 443, 3001 /* ntop */, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SSH, - no_master, - no_master, "SSH", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, - ndpi_build_default_ports(ports_a, 22, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_USENET, - no_master, - no_master, "Usenet", NDPI_PROTOCOL_CATEGORY_WEB, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MGCP, - no_master, - no_master, "MGCP", NDPI_PROTOCOL_CATEGORY_VOIP, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IAX, - no_master, - no_master, "IAX", NDPI_PROTOCOL_CATEGORY_VOIP, - ndpi_build_default_ports(ports_a, 4569, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 4569, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_AFP, - no_master, - no_master, "AFP", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, - ndpi_build_default_ports(ports_a, 548, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 548, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_STEALTHNET, - no_master, - no_master, "Stealthnet", NDPI_PROTOCOL_CATEGORY_P2P, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_AIMINI, - no_master, - no_master, "Aimini", NDPI_PROTOCOL_CATEGORY_P2P, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SIP, - no_master, - no_master, "SIP", NDPI_PROTOCOL_CATEGORY_VOIP, - ndpi_build_default_ports(ports_a, 5060, 5061, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 5060, 5061, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TRUPHONE, - no_master, - no_master, "TruPhone", NDPI_PROTOCOL_CATEGORY_CHAT, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_ICMPV6, - no_master, - no_master, "ICMPV6", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DHCPV6, - no_master, - no_master, "DHCPV6", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_ARMAGETRON, - no_master, - no_master, "Armagetron", NDPI_PROTOCOL_CATEGORY_GAME, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_CROSSFIRE, - no_master, - no_master, "Crossfire", NDPI_PROTOCOL_CATEGORY_RPC, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_DOFUS, - no_master, - no_master, "Dofus", NDPI_PROTOCOL_CATEGORY_GAME, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNRATED, NDPI_PROTOCOL_FIESTA, - no_master, - no_master, "Fiesta", NDPI_PROTOCOL_CATEGORY_GAME, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FLORENSIA, - no_master, - no_master, "Florensia", NDPI_PROTOCOL_CATEGORY_GAME, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_GUILDWARS, - no_master, - no_master, "Guildwars", NDPI_PROTOCOL_CATEGORY_GAME, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC, - no_master, - no_master, "HTTP_Application_ActiveSync", NDPI_PROTOCOL_CATEGORY_CLOUD, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_KERBEROS, - no_master, - no_master, "Kerberos", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 88, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 88, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LDAP, - no_master, - no_master, "LDAP", NDPI_PROTOCOL_CATEGORY_SYSTEM, - ndpi_build_default_ports(ports_a, 389, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 389, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_MAPLESTORY, - no_master, - no_master, "MapleStory", NDPI_PROTOCOL_CATEGORY_GAME, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MSSQL_TDS, - no_master, - no_master, "MsSQL-TDS", NDPI_PROTOCOL_CATEGORY_DATABASE, - ndpi_build_default_ports(ports_a, 1433, 1434, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_PPTP, - no_master, - no_master, "PPTP", NDPI_PROTOCOL_CATEGORY_VPN, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_WARCRAFT3, - no_master, - no_master, "Warcraft3", NDPI_PROTOCOL_CATEGORY_GAME, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_WORLD_OF_KUNG_FU, - no_master, - no_master, "WorldOfKungFu", NDPI_PROTOCOL_CATEGORY_GAME, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DCERPC, - no_master, - no_master, "DCE_RPC", NDPI_PROTOCOL_CATEGORY_RPC, - ndpi_build_default_ports(ports_a, 135, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NETFLOW, - no_master, - no_master, "NetFlow", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 2055, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SFLOW, - no_master, - no_master, "sFlow", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 6343, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP_CONNECT, - no_master, - no_master, "HTTP_Connect", NDPI_PROTOCOL_CATEGORY_WEB, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP_PROXY, - no_master, - no_master, "HTTP_Proxy", NDPI_PROTOCOL_CATEGORY_WEB, - ndpi_build_default_ports(ports_a, 8080, 3128, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CITRIX, - no_master, - no_master, "Citrix", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 1494, 2598, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYFILE_PREPAID, - no_master, - no_master, "SkyFile_PrePaid", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYFILE_RUDICS, - no_master, - no_master, "SkyFile_Rudics", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYFILE_POSTPAID, - no_master, - no_master, "SkyFile_PostPaid", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CITRIX_ONLINE, - no_master, - no_master, "Citrix_Online", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WEBEX, - no_master, - no_master, "Webex", NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RADIUS, - no_master, - no_master, "Radius", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, - ndpi_build_default_ports(ports_a, 1812, 1813, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 1812, 1813, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TEAMVIEWER, - no_master, - no_master, "TeamViewer", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LOTUS_NOTES, - no_master, - no_master, "LotusNotes", NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, - ndpi_build_default_ports(ports_a, 1352, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SAP, - no_master, - no_master, "SAP", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 3201, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); /* Missing dissector: port based only */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_GTP, - no_master, - no_master, "GTP", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 2152, 2123, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_UPNP, - no_master, - no_master, "UPnP", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 1780, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 1900, 0, 0, 0, 0) /* UDP */); /* Missing dissector: port based only */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TELEGRAM, - no_master, - no_master, "Telegram", NDPI_PROTOCOL_CATEGORY_CHAT, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_QUIC, - no_master, - no_master, "QUIC", NDPI_PROTOCOL_CATEGORY_WEB, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 443, 80, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DROPBOX, - no_master, - no_master, "Dropbox", NDPI_PROTOCOL_CATEGORY_CLOUD, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 17500, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_EAQ, - no_master, - no_master, "EAQ", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 6000, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_KAKAOTALK_VOICE, - no_master, - no_master, "KakaoTalk_Voice", NDPI_PROTOCOL_CATEGORY_VOIP, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_MPEGTS, - no_master, - no_master, "MPEG_TS", NDPI_PROTOCOL_CATEGORY_MEDIA, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - /* http://en.wikipedia.org/wiki/Link-local_Multicast_Name_Resolution */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LLMNR, - no_master, - no_master, "LLMNR", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 5355, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 5355, 0, 0, 0, 0) /* UDP */); /* Missing dissector: port based only */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_REMOTE_SCAN, - no_master, - no_master, "RemoteScan", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, - ndpi_build_default_ports(ports_a, 6077, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 6078, 0, 0, 0, 0) /* UDP */); /* Missing dissector: port based only */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_CONTENT_WEBM, - no_master, - no_master, "WebM", NDPI_PROTOCOL_CATEGORY_MEDIA, /* Courtesy of Shreeram Ramamoorthy Swaminathan */ - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_H323, - no_master, - no_master,"H323", NDPI_PROTOCOL_CATEGORY_VOIP, - ndpi_build_default_ports(ports_a, 1719, 1720, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 1719, 1720, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_OPENVPN, - no_master, - no_master, "OpenVPN", NDPI_PROTOCOL_CATEGORY_VPN, - ndpi_build_default_ports(ports_a, 1194, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 1194, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NOE, - no_master, - no_master, "NOE", NDPI_PROTOCOL_CATEGORY_VOIP, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_CISCOVPN, - no_master, - no_master, "CiscoVPN", NDPI_PROTOCOL_CATEGORY_VPN, - ndpi_build_default_ports(ports_a, 10000, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 10000, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TEAMSPEAK, - no_master, - no_master, "TeamSpeak", NDPI_PROTOCOL_CATEGORY_CHAT, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKINNY, - no_master, - no_master, "CiscoSkinny", NDPI_PROTOCOL_CATEGORY_VOIP, - ndpi_build_default_ports(ports_a, 2000, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RTCP, - no_master, - no_master, "RTCP", NDPI_PROTOCOL_CATEGORY_VOIP, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RSYNC, - no_master, - no_master, "RSYNC", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, - ndpi_build_default_ports(ports_a, 873, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_ORACLE, - no_master, - no_master, "Oracle", NDPI_PROTOCOL_CATEGORY_DATABASE, - ndpi_build_default_ports(ports_a, 1521, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CORBA, - no_master, - no_master, "Corba", NDPI_PROTOCOL_CATEGORY_RPC, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_UBUNTUONE, - no_master, - no_master, "UbuntuONE", NDPI_PROTOCOL_CATEGORY_CLOUD, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WHOIS_DAS, - no_master, - no_master, "Whois-DAS", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, - ndpi_build_default_ports(ports_a, 43, 4343, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_COLLECTD, - no_master, - no_master, "Collectd", NDPI_PROTOCOL_CATEGORY_SYSTEM, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 25826, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SOCKS, - no_master, - no_master, "SOCKS", NDPI_PROTOCOL_CATEGORY_WEB, - ndpi_build_default_ports(ports_a, 1080, 0, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 1080, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TFTP, - no_master, - no_master, "TFTP", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 69, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RTMP, - no_master, - no_master, "RTMP", NDPI_PROTOCOL_CATEGORY_MEDIA, - ndpi_build_default_ports(ports_a, 1935, 0, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_PANDO, - no_master, - no_master, "Pando_Media_Booster", NDPI_PROTOCOL_CATEGORY_WEB, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MEGACO, - no_master, - no_master, "Megaco", NDPI_PROTOCOL_CATEGORY_VOIP, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 2944 , 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_REDIS, - no_master, - no_master, "Redis", NDPI_PROTOCOL_CATEGORY_DATABASE, - ndpi_build_default_ports(ports_a, 6379, 0, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 0 , 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_ZMQ, - no_master, - no_master, "ZeroMQ", NDPI_PROTOCOL_CATEGORY_RPC, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 0 , 0, 0, 0, 0) ); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_VHUA, - no_master, - no_master, "VHUA", NDPI_PROTOCOL_CATEGORY_VOIP, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 58267, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_STARCRAFT, - no_master, - no_master, "Starcraft", NDPI_PROTOCOL_CATEGORY_GAME, - ndpi_build_default_ports(ports_a, 1119, 0, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 1119, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_UBNTAC2, - no_master, - no_master, "UBNTAC2", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 10001, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_MS_LYNC, - no_master, - no_master, "Lync", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_VIBER, - no_master, - no_master, "Viber", NDPI_PROTOCOL_CATEGORY_CHAT, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 7985, 7987, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_COAP, - no_master, - no_master, "COAP", NDPI_PROTOCOL_CATEGORY_RPC, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 5683, 5684, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MQTT, - no_master, - no_master, "MQTT", NDPI_PROTOCOL_CATEGORY_RPC, - ndpi_build_default_ports(ports_a, 1883, 8883, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RX, - no_master, - no_master, "RX", NDPI_PROTOCOL_CATEGORY_RPC, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_GIT, - no_master, - no_master, "Git", NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, - ndpi_build_default_ports(ports_a, 9418, 0, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DRDA, - no_master, - no_master, "DRDA", NDPI_PROTOCOL_CATEGORY_DATABASE, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HANGOUT, - no_master, - no_master, "GoogleHangout", NDPI_PROTOCOL_CATEGORY_CHAT, + } + + return(-1); +} + +/* ****************************************************** */ + +static int ndpi_string_to_automa(struct ndpi_detection_module_struct *ndpi_struct, + ndpi_automa *automa, + char *value, int protocol_id, + ndpi_protocol_breed_t breed) +{ + AC_PATTERN_t ac_pattern; + + if(protocol_id >= (NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS)) { + printf("[NDPI] %s(protoId=%d): INTERNAL ERROR\n", __FUNCTION__, protocol_id); + return(-1); + } + + if(automa->ac_automa == NULL) return(-2); + ac_pattern.astring = value; + ac_pattern.rep.number = protocol_id; + if(value == NULL) + ac_pattern.length = 0; + else + ac_pattern.length = strlen(ac_pattern.astring); + + ac_automata_add(((AC_AUTOMATA_t*)automa->ac_automa), &ac_pattern); + + return(0); +} + +/* ****************************************************** */ + +static int ndpi_add_host_url_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, + char *value, int protocol_id, + ndpi_protocol_breed_t breed) +{ +#ifdef DEBUG + printf("[NDPI] Adding [%s][%d]\n", value, protocol_id); +#endif + + return(ndpi_string_to_automa(ndpi_struct, &ndpi_struct->host_automa, + value, protocol_id, breed)); +} + +/* ****************************************************** */ + +int ndpi_add_content_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, + char *value, int protocol_id, + ndpi_protocol_breed_t breed) +{ + return(ndpi_string_to_automa(ndpi_struct, &ndpi_struct->content_automa, + value, protocol_id, breed)); +} + +/* ****************************************************** */ + +/* + NOTE + + This function must be called with a semaphore set, this in order to avoid + changing the datastructures while using them +*/ +static int ndpi_remove_host_url_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, + char *value, int protocol_id) +{ + printf("[NDPI] Missing implementation of %s()\n", __FUNCTION__); + return(-1); +} + +/* ******************************************************************** */ + +void ndpi_init_protocol_match(struct ndpi_detection_module_struct *ndpi_mod, + ndpi_protocol_match *match) +{ + u_int16_t no_master[2] = { NDPI_PROTOCOL_NO_MASTER_PROTO, NDPI_PROTOCOL_NO_MASTER_PROTO }; + ndpi_port_range ports_a[MAX_DEFAULT_PORTS], ports_b[MAX_DEFAULT_PORTS]; + + ndpi_add_host_url_subprotocol(ndpi_mod, match->string_to_match, + match->protocol_id, match->protocol_breed); + + if(ndpi_mod->proto_defaults[match->protocol_id].protoName == NULL) { + ndpi_mod->proto_defaults[match->protocol_id].protoName = ndpi_strdup(match->proto_name); + ndpi_mod->proto_defaults[match->protocol_id].protoCategory = match->proto_category; + ndpi_mod->proto_defaults[match->protocol_id].protoId = match->protocol_id; + ndpi_mod->proto_defaults[match->protocol_id].protoBreed = match->protocol_breed; + } + + ndpi_set_proto_defaults(ndpi_mod, + ndpi_mod->proto_defaults[match->protocol_id].protoBreed, + ndpi_mod->proto_defaults[match->protocol_id].protoId, + no_master, no_master, + ndpi_mod->proto_defaults[match->protocol_id].protoName, + ndpi_mod->proto_defaults[match->protocol_id].protoCategory, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BJNP, - no_master, - no_master, "BJNP", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 8612, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_1KXUN, - no_master, - no_master, "1kxun", NDPI_PROTOCOL_CATEGORY_MEDIA, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SMPP, +} + +/* ******************************************************************** */ + +static void init_string_based_protocols(struct ndpi_detection_module_struct *ndpi_mod) +{ + int i; + + for(i=0; host_match[i].string_to_match != NULL; i++) + ndpi_init_protocol_match(ndpi_mod, &host_match[i]); + +#ifdef DEBUG + ac_automata_display(ndpi_mod->host_automa.ac_automa, 'n'); +#endif + + for(i=0; content_match[i].string_to_match != NULL; i++) + ndpi_add_content_subprotocol(ndpi_mod, content_match[i].string_to_match, + content_match[i].protocol_id, + content_match[i].protocol_breed); + + for(i=0; ndpi_en_bigrams[i] != NULL; i++) + ndpi_string_to_automa(ndpi_mod, &ndpi_mod->bigrams_automa, + (char*)ndpi_en_bigrams[i], + 1, NDPI_PROTOCOL_UNRATED); + + for(i=0; ndpi_en_impossible_bigrams[i] != NULL; i++) + ndpi_string_to_automa(ndpi_mod, &ndpi_mod->impossible_bigrams_automa, + (char*)ndpi_en_impossible_bigrams[i], + 1, NDPI_PROTOCOL_UNRATED); +} + +/* ******************************************************************** */ + +static void ndpi_init_placeholder_proto(struct ndpi_detection_module_struct *ndpi_mod, + ndpi_port_range *ports_a, + ndpi_port_range *ports_b, + u_int16_t *no_master, + u_int16_t proto_id) +{ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, proto_id, no_master, - no_master, "SMPP", NDPI_PROTOCOL_CATEGORY_P2P, + no_master, "Placeholder", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ +} + +/* ******************************************************************** */ + +/* This function is used to map protocol name and default ports and it MUST + be updated whenever a new protocol is added to NDPI. + + Do NOT add web services (NDPI_SERVICE_xxx) here. +*/ +static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndpi_mod) { + + int i; + ndpi_port_range ports_a[MAX_DEFAULT_PORTS], ports_b[MAX_DEFAULT_PORTS]; + u_int16_t no_master[2] = { NDPI_PROTOCOL_NO_MASTER_PROTO, NDPI_PROTOCOL_NO_MASTER_PROTO }, + custom_master[2]; - /* To be removed as soon as we define new protocols */ - ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_191); - ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_192); - ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_197); - ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_208); - ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_209); - ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_217); - ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_224); - - /* calling function for host and content matched protocols */ - init_string_based_protocols(ndpi_mod); - - for(i=0; i<(int)ndpi_mod->ndpi_num_supported_protocols; i++) { - if(ndpi_mod->proto_defaults[i].protoName == NULL) { - printf("[NDPI] %s(missing protoId=%d) INTERNAL ERROR: not all protocols have been initialized\n", __FUNCTION__, i); + /* Reset all settings */ + memset(ndpi_mod->proto_defaults, 0, sizeof(ndpi_mod->proto_defaults)); + + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNRATED, NDPI_PROTOCOL_UNKNOWN, + no_master, + no_master, "Unknown", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_FTP_CONTROL, + no_master, + no_master, "FTP_CONTROL", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, + ndpi_build_default_ports(ports_a, 21, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_FTP_DATA, + no_master, + no_master, "FTP_DATA", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, + ndpi_build_default_ports(ports_a, 20, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MAIL_POP, + no_master, + no_master, "POP3", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, + ndpi_build_default_ports(ports_a, 110, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_MAIL_POPS, + no_master, + no_master, "POPS", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, + ndpi_build_default_ports(ports_a, 995, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MAIL_SMTP, + no_master, + no_master, "SMTP", NDPI_PROTOCOL_CATEGORY_MAIL_SEND, + ndpi_build_default_ports(ports_a, 25, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_MAIL_SMTPS, + no_master, + no_master, "SMTPS", NDPI_PROTOCOL_CATEGORY_MAIL_SEND, + ndpi_build_default_ports(ports_a, 465, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MAIL_IMAP, + no_master, + no_master, "IMAP", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, + ndpi_build_default_ports(ports_a, 143, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_MAIL_IMAPS, + no_master, + no_master, "IMAPS", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, + ndpi_build_default_ports(ports_a, 993, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DNS, + no_master, + no_master, "DNS", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 53, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 53, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IPP, + no_master, + no_master, "IPP", NDPI_PROTOCOL_CATEGORY_SYSTEM, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HEP, + no_master, + no_master, "HEP", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 9064, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 9063, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP, + no_master, + no_master, "HTTP", NDPI_PROTOCOL_CATEGORY_WEB, + ndpi_build_default_ports(ports_a, 80, 0 /* ntop */, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MDNS, + no_master, + no_master, "MDNS", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 5353, 5354, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NTP, + no_master, + no_master, "NTP", NDPI_PROTOCOL_CATEGORY_SYSTEM, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 123, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NETBIOS, + no_master, + no_master, "NetBIOS", NDPI_PROTOCOL_CATEGORY_SYSTEM, + ndpi_build_default_ports(ports_a, 139, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 137, 138, 139, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NFS, + no_master, + no_master, "NFS", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, + ndpi_build_default_ports(ports_a, 2049, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 2049, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SSDP, + no_master, + no_master, "SSDP", NDPI_PROTOCOL_CATEGORY_SYSTEM, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BGP, + no_master, + no_master, "BGP", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 2605, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SNMP, + no_master, + no_master, "SNMP", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 161, 162, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_XDMCP, + no_master, + no_master, "XDMCP", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, + ndpi_build_default_ports(ports_a, 177, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 177, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SMB, + no_master, + no_master, "SMB", NDPI_PROTOCOL_CATEGORY_SYSTEM, + ndpi_build_default_ports(ports_a, 445, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SYSLOG, + no_master, + no_master, "Syslog", NDPI_PROTOCOL_CATEGORY_SYSTEM, + ndpi_build_default_ports(ports_a, 514, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 514, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DHCP, + no_master, + no_master, "DHCP", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 67, 68, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_POSTGRES, + no_master, + no_master, "PostgreSQL", NDPI_PROTOCOL_CATEGORY_DATABASE, + ndpi_build_default_ports(ports_a, 5432, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MYSQL, + no_master, + no_master, "MySQL", NDPI_PROTOCOL_CATEGORY_DATABASE, + ndpi_build_default_ports(ports_a, 3306, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK, + no_master, + no_master, "Direct_Download_Link", NDPI_PROTOCOL_CATEGORY_P2P, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_APPLEJUICE, + no_master, + no_master, "AppleJuice", NDPI_PROTOCOL_CATEGORY_P2P, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_DIRECTCONNECT, + no_master, + no_master, "DirectConnect", NDPI_PROTOCOL_CATEGORY_P2P, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_SOCRATES, + no_master, + no_master, "Socrates", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_VMWARE, + no_master, + no_master, "VMware", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, + ndpi_build_default_ports(ports_a, 903, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 902, 903, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_FILETOPIA, + no_master, + no_master, "Filetopia", NDPI_PROTOCOL_CATEGORY_P2P, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_KONTIKI, + no_master, + no_master, "Kontiki", NDPI_PROTOCOL_CATEGORY_MEDIA, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_OPENFT, + no_master, + no_master, "OpenFT", NDPI_PROTOCOL_CATEGORY_P2P, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_FASTTRACK, + no_master, + no_master, "FastTrack", NDPI_PROTOCOL_CATEGORY_P2P, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_GNUTELLA, + no_master, + no_master, "Gnutella", NDPI_PROTOCOL_CATEGORY_P2P, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_EDONKEY, + no_master, + no_master, "eDonkey", NDPI_PROTOCOL_CATEGORY_P2P, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BITTORRENT, + no_master, + no_master, "BitTorrent", NDPI_PROTOCOL_CATEGORY_P2P, + ndpi_build_default_ports(ports_a, 51413, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 6771, 51413, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TEREDO, + no_master, + no_master, "Teredo", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 3544, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_EPP, + no_master, + no_master, "EPP", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_CONTENT_AVI, + no_master, + no_master, "AVI", NDPI_PROTOCOL_CATEGORY_MEDIA, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_CONTENT_FLASH, + no_master, + no_master, "Flash", NDPI_PROTOCOL_CATEGORY_MEDIA, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_CONTENT_OGG, + no_master, + no_master, "OggVorbis", NDPI_PROTOCOL_CATEGORY_MEDIA, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_CONTENT_MPEG, + no_master, + no_master, "MPEG", NDPI_PROTOCOL_CATEGORY_MEDIA, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_CONTENT_QUICKTIME, + no_master, + no_master, "QuickTime", NDPI_PROTOCOL_CATEGORY_MEDIA, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_CONTENT_REALMEDIA, + no_master, + no_master, "RealMedia", NDPI_PROTOCOL_CATEGORY_MEDIA, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_CONTENT_WINDOWSMEDIA, + no_master, + no_master, "WindowsMedia", NDPI_PROTOCOL_CATEGORY_MEDIA, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_CONTENT_MMS, + no_master, + no_master, "MMS", NDPI_PROTOCOL_CATEGORY_MEDIA, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_XBOX, + no_master, + no_master, "Xbox", NDPI_PROTOCOL_CATEGORY_GAME, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_QQ, + no_master, + no_master, "QQ", NDPI_PROTOCOL_CATEGORY_CHAT, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_MOVE, + no_master, + no_master, "Move", NDPI_PROTOCOL_CATEGORY_WEB, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_RTSP, + no_master, + no_master, "RTSP", NDPI_PROTOCOL_CATEGORY_MEDIA, + ndpi_build_default_ports(ports_a, 554, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 554, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_ICECAST, + no_master, + no_master, "IceCast", NDPI_PROTOCOL_CATEGORY_MEDIA, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_PPLIVE, + no_master, + no_master, "PPLive", NDPI_PROTOCOL_CATEGORY_MEDIA, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_PPSTREAM, + no_master, + no_master, "PPStream", NDPI_PROTOCOL_CATEGORY_MEDIA, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_ZATTOO, + no_master, + no_master, "Zattoo", NDPI_PROTOCOL_CATEGORY_MEDIA, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_SHOUTCAST, + no_master, + no_master, "ShoutCast", NDPI_PROTOCOL_CATEGORY_MEDIA, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_SOPCAST, + no_master, + no_master, "Sopcast", NDPI_PROTOCOL_CATEGORY_MEDIA, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_TVANTS, + no_master, + no_master, "Tvants", NDPI_PROTOCOL_CATEGORY_MEDIA, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_TVUPLAYER, + no_master, + no_master, "TVUplayer", NDPI_PROTOCOL_CATEGORY_MEDIA, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_HTTP_DOWNLOAD, + no_master, + no_master, "HTTPDownload", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_QQLIVE, + no_master, + no_master, "QQLive", NDPI_PROTOCOL_CATEGORY_MEDIA, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_THUNDER, + no_master, + no_master, "Thunder", NDPI_PROTOCOL_CATEGORY_P2P, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_SOULSEEK, + no_master, + no_master, "Soulseek", NDPI_PROTOCOL_CATEGORY_P2P, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + + custom_master[0] = NDPI_PROTOCOL_SSL, custom_master[1] = NDPI_PROTOCOL_UNKNOWN; + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SSL_NO_CERT, + custom_master, + no_master, "SSL_No_Cert", NDPI_PROTOCOL_CATEGORY_WEB, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IRC, + no_master, + no_master, "IRC", NDPI_PROTOCOL_CATEGORY_CHAT, + ndpi_build_default_ports(ports_a, 194, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 194, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_AYIYA, + no_master, + no_master, "Ayiya", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 5072, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_UNENCRYPTED_JABBER, + no_master, + no_master, "Unencrypted_Jabber", NDPI_PROTOCOL_CATEGORY_WEB, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_OSCAR, + no_master, + no_master, "Oscar", NDPI_PROTOCOL_CATEGORY_CHAT, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_BATTLEFIELD, + no_master, + no_master, "BattleField", NDPI_PROTOCOL_CATEGORY_GAME, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_QUAKE, + no_master, + no_master, "Quake", NDPI_PROTOCOL_CATEGORY_GAME, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_VRRP, + no_master, + no_master, "VRRP", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_STEAM, + no_master, + no_master, "Steam", NDPI_PROTOCOL_CATEGORY_GAME, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_HALFLIFE2, + no_master, + no_master, "HalfLife2", NDPI_PROTOCOL_CATEGORY_GAME, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_WORLDOFWARCRAFT, + no_master, + no_master, "WorldOfWarcraft", NDPI_PROTOCOL_CATEGORY_GAME, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_HOTSPOT_SHIELD, + no_master, + no_master, "HotspotShield", NDPI_PROTOCOL_CATEGORY_VPN, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_TELNET, + no_master, + no_master, "Telnet", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, + ndpi_build_default_ports(ports_a, 23, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + + custom_master[0] = NDPI_PROTOCOL_SIP, custom_master[1] = NDPI_PROTOCOL_H323; + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_STUN, + no_master, + custom_master, "STUN", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 3478, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_IP_IPSEC, + no_master, + no_master, "IPsec", NDPI_PROTOCOL_CATEGORY_VPN, + ndpi_build_default_ports(ports_a, 500, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 500, 4500, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_GRE, + no_master, + no_master, "GRE", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_ICMP, + no_master, + no_master, "ICMP", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_IGMP, + no_master, + no_master, "IGMP", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_EGP, + no_master, + no_master, "EGP", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_SCTP, + no_master, + no_master, "SCTP", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_OSPF, + no_master, + no_master, "OSPF", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 2604, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_IP_IN_IP, + no_master, + no_master, "IP_in_IP", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RTP, + no_master, + no_master, "RTP", NDPI_PROTOCOL_CATEGORY_VOIP, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RDP, + no_master, + no_master, "RDP", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, + ndpi_build_default_ports(ports_a, 3389, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_VNC, + no_master, + no_master, "VNC", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, + ndpi_build_default_ports(ports_a, 5900, 5901, 5800, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_PCANYWHERE, + no_master, + no_master, "PcAnywhere", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WHATSAPP_VOICE, + no_master, + no_master, "WhatsAppVoice", NDPI_PROTOCOL_CATEGORY_VOIP, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + + custom_master[0] = NDPI_PROTOCOL_SSL_NO_CERT, custom_master[1] = NDPI_PROTOCOL_UNKNOWN; + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_SSL, + no_master, + custom_master, "SSL", NDPI_PROTOCOL_CATEGORY_WEB, + ndpi_build_default_ports(ports_a, 443, 3001 /* ntop */, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SSH, + no_master, + no_master, "SSH", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, + ndpi_build_default_ports(ports_a, 22, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_USENET, + no_master, + no_master, "Usenet", NDPI_PROTOCOL_CATEGORY_WEB, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MGCP, + no_master, + no_master, "MGCP", NDPI_PROTOCOL_CATEGORY_VOIP, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IAX, + no_master, + no_master, "IAX", NDPI_PROTOCOL_CATEGORY_VOIP, + ndpi_build_default_ports(ports_a, 4569, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 4569, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_AFP, + no_master, + no_master, "AFP", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, + ndpi_build_default_ports(ports_a, 548, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 548, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_STEALTHNET, + no_master, + no_master, "Stealthnet", NDPI_PROTOCOL_CATEGORY_P2P, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_AIMINI, + no_master, + no_master, "Aimini", NDPI_PROTOCOL_CATEGORY_P2P, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SIP, + no_master, + no_master, "SIP", NDPI_PROTOCOL_CATEGORY_VOIP, + ndpi_build_default_ports(ports_a, 5060, 5061, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 5060, 5061, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TRUPHONE, + no_master, + no_master, "TruPhone", NDPI_PROTOCOL_CATEGORY_CHAT, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_ICMPV6, + no_master, + no_master, "ICMPV6", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DHCPV6, + no_master, + no_master, "DHCPV6", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_ARMAGETRON, + no_master, + no_master, "Armagetron", NDPI_PROTOCOL_CATEGORY_GAME, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_CROSSFIRE, + no_master, + no_master, "Crossfire", NDPI_PROTOCOL_CATEGORY_RPC, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_DOFUS, + no_master, + no_master, "Dofus", NDPI_PROTOCOL_CATEGORY_GAME, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNRATED, NDPI_PROTOCOL_FIESTA, + no_master, + no_master, "Fiesta", NDPI_PROTOCOL_CATEGORY_GAME, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FLORENSIA, + no_master, + no_master, "Florensia", NDPI_PROTOCOL_CATEGORY_GAME, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_GUILDWARS, + no_master, + no_master, "Guildwars", NDPI_PROTOCOL_CATEGORY_GAME, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC, + no_master, + no_master, "HTTP_Application_ActiveSync", NDPI_PROTOCOL_CATEGORY_CLOUD, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_KERBEROS, + no_master, + no_master, "Kerberos", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 88, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 88, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LDAP, + no_master, + no_master, "LDAP", NDPI_PROTOCOL_CATEGORY_SYSTEM, + ndpi_build_default_ports(ports_a, 389, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 389, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_MAPLESTORY, + no_master, + no_master, "MapleStory", NDPI_PROTOCOL_CATEGORY_GAME, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MSSQL_TDS, + no_master, + no_master, "MsSQL-TDS", NDPI_PROTOCOL_CATEGORY_DATABASE, + ndpi_build_default_ports(ports_a, 1433, 1434, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_PPTP, + no_master, + no_master, "PPTP", NDPI_PROTOCOL_CATEGORY_VPN, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_WARCRAFT3, + no_master, + no_master, "Warcraft3", NDPI_PROTOCOL_CATEGORY_GAME, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_WORLD_OF_KUNG_FU, + no_master, + no_master, "WorldOfKungFu", NDPI_PROTOCOL_CATEGORY_GAME, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DCERPC, + no_master, + no_master, "DCE_RPC", NDPI_PROTOCOL_CATEGORY_RPC, + ndpi_build_default_ports(ports_a, 135, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NETFLOW, + no_master, + no_master, "NetFlow", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 2055, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SFLOW, + no_master, + no_master, "sFlow", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 6343, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP_CONNECT, + no_master, + no_master, "HTTP_Connect", NDPI_PROTOCOL_CATEGORY_WEB, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP_PROXY, + no_master, + no_master, "HTTP_Proxy", NDPI_PROTOCOL_CATEGORY_WEB, + ndpi_build_default_ports(ports_a, 8080, 3128, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CITRIX, + no_master, + no_master, "Citrix", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 1494, 2598, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYFILE_PREPAID, + no_master, + no_master, "SkyFile_PrePaid", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYFILE_RUDICS, + no_master, + no_master, "SkyFile_Rudics", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYFILE_POSTPAID, + no_master, + no_master, "SkyFile_PostPaid", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CITRIX_ONLINE, + no_master, + no_master, "Citrix_Online", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WEBEX, + no_master, + no_master, "Webex", NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RADIUS, + no_master, + no_master, "Radius", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, + ndpi_build_default_ports(ports_a, 1812, 1813, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 1812, 1813, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TEAMVIEWER, + no_master, + no_master, "TeamViewer", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LOTUS_NOTES, + no_master, + no_master, "LotusNotes", NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, + ndpi_build_default_ports(ports_a, 1352, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SAP, + no_master, + no_master, "SAP", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 3201, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); /* Missing dissector: port based only */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_GTP, + no_master, + no_master, "GTP", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 2152, 2123, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_UPNP, + no_master, + no_master, "UPnP", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 1780, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 1900, 0, 0, 0, 0) /* UDP */); /* Missing dissector: port based only */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TELEGRAM, + no_master, + no_master, "Telegram", NDPI_PROTOCOL_CATEGORY_CHAT, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_QUIC, + no_master, + no_master, "QUIC", NDPI_PROTOCOL_CATEGORY_WEB, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 443, 80, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DROPBOX, + no_master, + no_master, "Dropbox", NDPI_PROTOCOL_CATEGORY_CLOUD, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 17500, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_EAQ, + no_master, + no_master, "EAQ", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 6000, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_KAKAOTALK_VOICE, + no_master, + no_master, "KakaoTalk_Voice", NDPI_PROTOCOL_CATEGORY_VOIP, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_MPEGTS, + no_master, + no_master, "MPEG_TS", NDPI_PROTOCOL_CATEGORY_MEDIA, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + /* http://en.wikipedia.org/wiki/Link-local_Multicast_Name_Resolution */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LLMNR, + no_master, + no_master, "LLMNR", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 5355, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 5355, 0, 0, 0, 0) /* UDP */); /* Missing dissector: port based only */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_REMOTE_SCAN, + no_master, + no_master, "RemoteScan", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, + ndpi_build_default_ports(ports_a, 6077, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 6078, 0, 0, 0, 0) /* UDP */); /* Missing dissector: port based only */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_CONTENT_WEBM, + no_master, + no_master, "WebM", NDPI_PROTOCOL_CATEGORY_MEDIA, /* Courtesy of Shreeram Ramamoorthy Swaminathan */ + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_H323, + no_master, + no_master,"H323", NDPI_PROTOCOL_CATEGORY_VOIP, + ndpi_build_default_ports(ports_a, 1719, 1720, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 1719, 1720, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_OPENVPN, + no_master, + no_master, "OpenVPN", NDPI_PROTOCOL_CATEGORY_VPN, + ndpi_build_default_ports(ports_a, 1194, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 1194, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NOE, + no_master, + no_master, "NOE", NDPI_PROTOCOL_CATEGORY_VOIP, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_CISCOVPN, + no_master, + no_master, "CiscoVPN", NDPI_PROTOCOL_CATEGORY_VPN, + ndpi_build_default_ports(ports_a, 10000, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 10000, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TEAMSPEAK, + no_master, + no_master, "TeamSpeak", NDPI_PROTOCOL_CATEGORY_CHAT, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKINNY, + no_master, + no_master, "CiscoSkinny", NDPI_PROTOCOL_CATEGORY_VOIP, + ndpi_build_default_ports(ports_a, 2000, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RTCP, + no_master, + no_master, "RTCP", NDPI_PROTOCOL_CATEGORY_VOIP, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RSYNC, + no_master, + no_master, "RSYNC", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, + ndpi_build_default_ports(ports_a, 873, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_ORACLE, + no_master, + no_master, "Oracle", NDPI_PROTOCOL_CATEGORY_DATABASE, + ndpi_build_default_ports(ports_a, 1521, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CORBA, + no_master, + no_master, "Corba", NDPI_PROTOCOL_CATEGORY_RPC, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_UBUNTUONE, + no_master, + no_master, "UbuntuONE", NDPI_PROTOCOL_CATEGORY_CLOUD, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WHOIS_DAS, + no_master, + no_master, "Whois-DAS", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, + ndpi_build_default_ports(ports_a, 43, 4343, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_COLLECTD, + no_master, + no_master, "Collectd", NDPI_PROTOCOL_CATEGORY_SYSTEM, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 25826, 0, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SOCKS, + no_master, + no_master, "SOCKS", NDPI_PROTOCOL_CATEGORY_WEB, + ndpi_build_default_ports(ports_a, 1080, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 1080, 0, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TFTP, + no_master, + no_master, "TFTP", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 69, 0, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RTMP, + no_master, + no_master, "RTMP", NDPI_PROTOCOL_CATEGORY_MEDIA, + ndpi_build_default_ports(ports_a, 1935, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_PANDO, + no_master, + no_master, "Pando_Media_Booster", NDPI_PROTOCOL_CATEGORY_WEB, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MEGACO, + no_master, + no_master, "Megaco", NDPI_PROTOCOL_CATEGORY_VOIP, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 2944 , 0, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_REDIS, + no_master, + no_master, "Redis", NDPI_PROTOCOL_CATEGORY_DATABASE, + ndpi_build_default_ports(ports_a, 6379, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 0 , 0, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_ZMQ, + no_master, + no_master, "ZeroMQ", NDPI_PROTOCOL_CATEGORY_RPC, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 0 , 0, 0, 0, 0) ); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_VHUA, + no_master, + no_master, "VHUA", NDPI_PROTOCOL_CATEGORY_VOIP, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 58267, 0, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_STARCRAFT, + no_master, + no_master, "Starcraft", NDPI_PROTOCOL_CATEGORY_GAME, + ndpi_build_default_ports(ports_a, 1119, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 1119, 0, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_UBNTAC2, + no_master, + no_master, "UBNTAC2", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 10001, 0, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_MS_LYNC, + no_master, + no_master, "Lync", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_VIBER, + no_master, + no_master, "Viber", NDPI_PROTOCOL_CATEGORY_CHAT, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 7985, 7987, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_COAP, + no_master, + no_master, "COAP", NDPI_PROTOCOL_CATEGORY_RPC, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 5683, 5684, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MQTT, + no_master, + no_master, "MQTT", NDPI_PROTOCOL_CATEGORY_RPC, + ndpi_build_default_ports(ports_a, 1883, 8883, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RX, + no_master, + no_master, "RX", NDPI_PROTOCOL_CATEGORY_RPC, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_GIT, + no_master, + no_master, "Git", NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, + ndpi_build_default_ports(ports_a, 9418, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DRDA, + no_master, + no_master, "DRDA", NDPI_PROTOCOL_CATEGORY_DATABASE, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HANGOUT, + no_master, + no_master, "GoogleHangout", NDPI_PROTOCOL_CATEGORY_CHAT, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BJNP, + no_master, + no_master, "BJNP", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 8612, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_1KXUN, + no_master, + no_master, "1kxun", NDPI_PROTOCOL_CATEGORY_MEDIA, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SMPP, + no_master, + no_master, "SMPP", NDPI_PROTOCOL_CATEGORY_P2P, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ + + /* To be removed as soon as we define new protocols */ + ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_191); + ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_192); + ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_197); + ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_208); + ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_209); + ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_217); + ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_224); + + /* calling function for host and content matched protocols */ + init_string_based_protocols(ndpi_mod); + + for(i=0; i<(int)ndpi_mod->ndpi_num_supported_protocols; i++) { + if(ndpi_mod->proto_defaults[i].protoName == NULL) { + printf("[NDPI] %s(missing protoId=%d) INTERNAL ERROR: not all protocols have been initialized\n", __FUNCTION__, i); + } } - } } /* ****************************************************** */ @@ -2123,20 +2132,20 @@ int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_mod, char* rule, if(is_tcp || is_udp) { if(sscanf(value, "%u-%u", (u_int32_t *)&range.port_low, (u_int32_t *)&range.port_high) != 2) - range.port_low = range.port_high = atoi(&elem[4]); + range.port_low = range.port_high = atoi(&elem[4]); if(do_add) - addDefaultPort(&range, def, 1 /* Custom user proto */, is_tcp ? &ndpi_mod->tcpRoot : &ndpi_mod->udpRoot); + addDefaultPort(&range, def, 1 /* Custom user proto */, is_tcp ? &ndpi_mod->tcpRoot : &ndpi_mod->udpRoot); else - removeDefaultPort(&range, def, is_tcp ? &ndpi_mod->tcpRoot : &ndpi_mod->udpRoot); + removeDefaultPort(&range, def, is_tcp ? &ndpi_mod->tcpRoot : &ndpi_mod->udpRoot); } else if(is_ip) { #ifdef NDPI_PROTOCOL_TOR ndpi_add_host_ip_subprotocol(ndpi_mod, value, subprotocol_id); #endif } else { if(do_add) - ndpi_add_host_url_subprotocol(ndpi_mod, value, subprotocol_id, NDPI_PROTOCOL_ACCEPTABLE); + ndpi_add_host_url_subprotocol(ndpi_mod, value, subprotocol_id, NDPI_PROTOCOL_ACCEPTABLE); else - ndpi_remove_host_url_subprotocol(ndpi_mod, value, subprotocol_id); + ndpi_remove_host_url_subprotocol(ndpi_mod, value, subprotocol_id); } } @@ -3245,18 +3254,17 @@ void check_ndpi_tcp_flow_func(struct ndpi_detection_module_struct *ndpi_struct, func = ndpi_struct->proto_defaults[flow->guessed_protocol_id].func; } - if((flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) - && (flow->guessed_protocol_id == NDPI_PROTOCOL_UNKNOWN)) { + if((flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN)) { for(a = 0; a < ndpi_struct->callback_buffer_size_tcp_payload; a++) { - if((func != ndpi_struct->callback_buffer_tcp_payload[a].func) + if((func != ndpi_struct->callback_buffer_tcp_payload[a].func) && (ndpi_struct->callback_buffer_tcp_payload[a].ndpi_selection_bitmask & *ndpi_selection_packet) == ndpi_struct->callback_buffer_tcp_payload[a].ndpi_selection_bitmask && NDPI_BITMASK_COMPARE(flow->excluded_protocol_bitmask, ndpi_struct->callback_buffer_tcp_payload[a].excluded_protocol_bitmask) == 0 && NDPI_BITMASK_COMPARE(ndpi_struct->callback_buffer_tcp_payload[a].detection_bitmask, detection_bitmask) != 0) { ndpi_struct->callback_buffer_tcp_payload[a].func(ndpi_struct, flow); - - + + if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) break; /* Stop after detecting the first protocol */ } @@ -3309,128 +3317,6 @@ void check_ndpi_flow_func(struct ndpi_detection_module_struct *ndpi_struct, /* ********************************************************************************* */ -ndpi_protocol ndpi_l4_detection_process_packet(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow, - const struct ndpi_iphdr *iph, - struct ndpi_ipv6hdr *iph6, - struct ndpi_tcphdr *tcp, - struct ndpi_udphdr *udp, - u_int8_t src_to_dst_direction, - u_int8_t l4_proto, - struct ndpi_id_struct *src, - u_int16_t sport, - struct ndpi_id_struct *dst, - u_int16_t dport, - const u_int64_t current_tick_l, - u_int8_t *payload, u_int16_t payload_len) { - NDPI_SELECTION_BITMASK_PROTOCOL_SIZE ndpi_selection_packet; - u_int32_t a; - ndpi_protocol ret = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_UNKNOWN }; - - if(flow == NULL) - return(ret); - - if(payload_len == 0) return(ret); - - flow->packet.tcp = tcp, flow->packet.udp = udp; - flow->packet.payload = payload, flow->packet.payload_packet_len = payload_len; - - flow->packet.tick_timestamp_l = current_tick_l; - flow->packet.tick_timestamp = (u_int32_t)current_tick_l/1000; - - if(flow) { - ndpi_apply_flow_protocol_to_packet(flow, &flow->packet); - } else { - ndpi_int_reset_packet_protocol(&flow->packet); - } - - if(flow->server_id == NULL) flow->server_id = dst; /* Default */ - if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) - goto ret_protocols; - - if(src_to_dst_direction) - flow->src = src, flow->dst = dst; - else - flow->src = dst, flow->dst = src; - - ndpi_selection_packet = NDPI_SELECTION_BITMASK_PROTOCOL_COMPLETE_TRAFFIC; - if((flow->packet.iph = iph) != NULL) - ndpi_selection_packet |= NDPI_SELECTION_BITMASK_PROTOCOL_IP | NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6; -#ifdef NDPI_DETECTION_SUPPORT_IPV6 - else if((flow->packet.iphv6 = iph6) != NULL) - ndpi_selection_packet |= NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6; -#endif /* NDPI_DETECTION_SUPPORT_IPV6 */ - - ndpi_connection_tracking(ndpi_struct, flow); - - if(flow->packet.tcp != NULL) - ndpi_selection_packet |= - (NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP); - - if(flow->packet.udp != NULL) - ndpi_selection_packet |= - (NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP); - - if(flow->packet.payload_packet_len != 0) { - ndpi_selection_packet |= NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD; - } - - if(flow->packet.tcp_retransmission == 0) - ndpi_selection_packet |= NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION; - - flow->packet.l4_protocol = l4_proto, flow->packet.packet_direction = src_to_dst_direction; - - if((!flow->protocol_id_already_guessed) - && ( -#ifdef NDPI_DETECTION_SUPPORT_IPV6 - flow->packet.iphv6 || -#endif - flow->packet.iph)) { - u_int8_t user_defined_proto; - - flow->protocol_id_already_guessed = 1, - flow->guessed_protocol_id = (int16_t)ndpi_guess_protocol_id(ndpi_struct, l4_proto, sport, dport, &user_defined_proto); - - if(user_defined_proto && (flow->guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN)) { - ret.master_protocol = NDPI_PROTOCOL_UNKNOWN, ret.protocol = flow->guessed_protocol_id; - return(ret); - } - - if(flow->packet.iph) { - if((flow->guessed_host_protocol_id = ndpi_network_ptree_match(ndpi_struct, (struct in_addr *)&flow->packet.iph->saddr)) == NDPI_PROTOCOL_UNKNOWN) - flow->guessed_host_protocol_id = ndpi_network_ptree_match(ndpi_struct, (struct in_addr *)&flow->packet.iph->daddr); - } - } - - check_ndpi_flow_func(ndpi_struct, flow, &ndpi_selection_packet); - - a = flow->packet.detected_protocol_stack[0]; - if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(ndpi_struct->detection_bitmask, a) == 0) - a = NDPI_PROTOCOL_UNKNOWN; - - if(a != NDPI_PROTOCOL_UNKNOWN) { - int i; - - for(i=0; (ihost_server_name)) && (flow->host_server_name[i] != '\0'); i++) - flow->host_server_name[i] = tolower(flow->host_server_name[i]); - - flow->host_server_name[i] ='\0'; - } - - ret_protocols: - if(flow->detected_protocol_stack[1] != NDPI_PROTOCOL_UNKNOWN) { - ret.master_protocol = flow->detected_protocol_stack[1], ret.protocol = flow->detected_protocol_stack[0]; - - if(ret.protocol == ret.master_protocol) - ret.master_protocol = NDPI_PROTOCOL_UNKNOWN; - } else - ret.protocol = flow->detected_protocol_stack[0]; - - return(ret); -} - -/* ********************************************************************************* */ - ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_protocol ret = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_UNKNOWN }; @@ -3477,7 +3363,7 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st if((flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) && (flow->num_stun_udp_pkts > 0)) ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_STUN, flow->guessed_host_protocol_id); - ret.master_protocol = flow->detected_protocol_stack[1], ret.protocol = flow->detected_protocol_stack[0]; + ret.master_protocol = flow->detected_protocol_stack[1], ret.app_protocol = flow->detected_protocol_stack[0]; return(ret); } @@ -3575,28 +3461,32 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct else if(flow->packet.tcp) sport = ntohs(flow->packet.tcp->source), dport = ntohs(flow->packet.tcp->dest); else sport = dport = 0; - flow->guessed_protocol_id = (int16_t)ndpi_guess_protocol_id(ndpi_struct, protocol, sport, dport, &user_defined_proto); - - if(user_defined_proto && (flow->guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN)) { - ret.master_protocol = NDPI_PROTOCOL_UNKNOWN, ret.protocol = flow->guessed_protocol_id; - return(ret); + /* guess protocol */ + flow->guessed_protocol_id = (int16_t) ndpi_guess_protocol_id(ndpi_struct, protocol, sport, dport, &user_defined_proto); + + if(user_defined_proto && flow->guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) { + + if(flow->packet.iph) { + /* guess host protocol */ + flow->guessed_host_protocol_id = ndpi_network_ptree_match(ndpi_struct, (struct in_addr *)&flow->packet.iph->saddr); + if(flow->guessed_host_protocol_id == NDPI_PROTOCOL_UNKNOWN) + flow->guessed_host_protocol_id = ndpi_network_ptree_match(ndpi_struct, (struct in_addr *)&flow->packet.iph->daddr); + if(flow->guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN) + /* ret.master_protocol = flow->guessed_protocol_id , ret.app_protocol = flow->guessed_host_protocol_id; /\* ****** *\/ */ + ret = ndpi_detection_giveup(ndpi_struct, flow); + + return(ret); + } } else { - /* - TODO - The statement below at some point should be modified as we should not - guess the protocol id unless users requested us to do that. Probably - we need to modify the nDPI API as since we introduced ndpi_detection_giveup() - we need to make some changes to have a consistent behaviour - */ - // flow->guessed_protocol_id = NDPI_PROTOCOL_UNKNOWN; - } - - if(flow->packet.iph) { - if((flow->guessed_host_protocol_id = ndpi_network_ptree_match(ndpi_struct, (struct in_addr *)&flow->packet.iph->saddr)) == NDPI_PROTOCOL_UNKNOWN) - flow->guessed_host_protocol_id = ndpi_network_ptree_match(ndpi_struct, (struct in_addr *)&flow->packet.iph->daddr); + /* guess host protocol */ + if(flow->packet.iph) { + flow->guessed_host_protocol_id = ndpi_network_ptree_match(ndpi_struct, (struct in_addr *)&flow->packet.iph->saddr); + if(flow->guessed_host_protocol_id == NDPI_PROTOCOL_UNKNOWN) + flow->guessed_host_protocol_id = ndpi_network_ptree_match(ndpi_struct, (struct in_addr *)&flow->packet.iph->daddr); + } } } - + check_ndpi_flow_func(ndpi_struct, flow, &ndpi_selection_packet); a = flow->packet.detected_protocol_stack[0]; @@ -3614,12 +3504,12 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct ret_protocols: if(flow->detected_protocol_stack[1] != NDPI_PROTOCOL_UNKNOWN) { - ret.master_protocol = flow->detected_protocol_stack[1], ret.protocol = flow->detected_protocol_stack[0]; + ret.master_protocol = flow->detected_protocol_stack[1], ret.app_protocol = flow->detected_protocol_stack[0]; - if(ret.protocol == ret.master_protocol) + if(ret.app_protocol == ret.master_protocol) ret.master_protocol = NDPI_PROTOCOL_UNKNOWN; } else - ret.protocol = flow->detected_protocol_stack[0]; + ret.app_protocol = flow->detected_protocol_stack[0]; return(ret); } @@ -4161,28 +4051,6 @@ void ndpi_int_change_packet_protocol(struct ndpi_detection_module_struct *ndpi_s packet->detected_protocol_stack[0] = upper_detected_protocol, packet->detected_protocol_stack[1] = lower_detected_protocol; } -/* /\* */ -/* * this function checks whether a protocol can be found in the */ -/* * history. Actually it accesses the packet stack since this is what */ -/* * leaves the library but it could also use the flow stack. */ -/* *\/ */ -/* u_int8_t ndpi_detection_flow_protocol_history_contains_protocol(struct ndpi_detection_module_struct * ndpi_struct, */ -/* struct ndpi_flow_struct *flow, */ -/* u_int16_t protocol_id) { */ -/* u_int8_t a; */ -/* struct ndpi_packet_struct *packet = &flow->packet; */ - -/* if(!packet) */ -/* return 0; */ - -/* for(a = 0; a < NDPI_PROTOCOL_HISTORY_SIZE; a++) { */ -/* if(packet->detected_protocol_stack[a] == protocol_id) */ -/* return 1; */ -/* } */ - -/* return 0; */ -/* } */ - /* generic function for changing the protocol * * what it does is: @@ -4206,6 +4074,24 @@ void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, upper_detected_protocol, lower_detected_protocol); } +/* change protocol only if guessing is active */ +/* void ndpi_guess_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, */ +/* struct ndpi_flow_struct *flow) */ +/* { */ +/* if(flow->guessed_host_protocol_id != 0 && */ +/* flow->guessed_protocol_id != 0) { */ +/* /\* app proto for flow *\/ */ +/* flow->detected_protocol_stack[0] = flow->guessed_host_protocol_id; */ +/* /\* master proto for flow *\/ */ +/* flow->detected_protocol_stack[1] = flow->guessed_protocol_id; */ + +/* /\* app proto for packet *\/ */ +/* flow->packet.detected_protocol_stack[0] = flow->guessed_host_protocol_id; */ +/* /\* master proto for packet *\/ */ +/* flow->packet.detected_protocol_stack[1] = flow->guessed_protocol_id; */ + +/* } */ +/* } */ /* turns a packet back to unknown */ void ndpi_int_reset_packet_protocol(struct ndpi_packet_struct *packet) { @@ -4395,29 +4281,29 @@ ndpi_protocol ndpi_find_port_based_protocol(struct ndpi_detection_module_struct /* u_int8_t proto, */ u_int32_t shost, u_int16_t sport, u_int32_t dhost, u_int16_t dport) { - ndpi_protocol p = NDPI_PROTOCOL_NULL; + ndpi_protocol proto = NDPI_PROTOCOL_NULL; /* Skyfile (host 193.252.234.246 or host 10.10.102.80) */ if((shost == 0xC1FCEAF6) || (dhost == 0xC1FCEAF6) || (shost == 0x0A0A6650) || (dhost == 0x0A0A6650)) { - if((sport == 4708) || (dport == 4708)) p.protocol = NDPI_PROTOCOL_SKYFILE_PREPAID; - else if((sport == 4709) || (dport == 4709)) p.protocol = NDPI_PROTOCOL_SKYFILE_RUDICS; - else if((sport == 4710) || (dport == 4710)) p.protocol = NDPI_PROTOCOL_SKYFILE_POSTPAID; + if((sport == 4708) || (dport == 4708)) proto.app_protocol = NDPI_PROTOCOL_SKYFILE_PREPAID; + else if((sport == 4709) || (dport == 4709)) proto.app_protocol = NDPI_PROTOCOL_SKYFILE_RUDICS; + else if((sport == 4710) || (dport == 4710)) proto.app_protocol = NDPI_PROTOCOL_SKYFILE_POSTPAID; } - return(p); + return(proto); } /* ****************************************************** */ -u_int8_t ndpi_is_proto(ndpi_protocol p, u_int16_t proto) { - return(((p.protocol == proto) || (p.master_protocol == proto)) ? 1 : 0); +u_int8_t ndpi_is_proto(ndpi_protocol proto, u_int16_t p) { + return(((proto.app_protocol == p) || (proto.master_protocol == p)) ? 1 : 0); } /* ****************************************************** */ -u_int16_t ndpi_get_lower_proto(ndpi_protocol p) { - return((p.master_protocol != NDPI_PROTOCOL_UNKNOWN) ? p.master_protocol : p.protocol); +u_int16_t ndpi_get_lower_proto(ndpi_protocol proto) { + return((proto.master_protocol != NDPI_PROTOCOL_UNKNOWN) ? proto.master_protocol : proto.app_protocol); } /* ****************************************************** */ @@ -4436,10 +4322,10 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct shost, dhost, sport, dport); if(rc != NDPI_PROTOCOL_UNKNOWN) { - ret.protocol = rc, + ret.app_protocol = rc, ret.master_protocol = ndpi_guess_protocol_id(ndpi_struct, proto, sport, dport, &user_defined_proto); - - if(ret.protocol == ret.master_protocol) + + if(ret.app_protocol == ret.master_protocol) ret.master_protocol = NDPI_PROTOCOL_UNKNOWN; return(ret); @@ -4447,7 +4333,7 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct rc = ndpi_guess_protocol_id(ndpi_struct, proto, sport, dport, &user_defined_proto); if(rc != NDPI_PROTOCOL_UNKNOWN) { - ret.protocol = rc; + ret.app_protocol = rc; if(rc == NDPI_PROTOCOL_SSL) goto check_guessed_skype; @@ -4456,20 +4342,20 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct } ret = ndpi_find_port_based_protocol(ndpi_struct/* , proto */, shost, sport, dhost, dport); - if(ret.protocol != NDPI_PROTOCOL_UNKNOWN) + if(ret.app_protocol != NDPI_PROTOCOL_UNKNOWN) return(ret); check_guessed_skype: addr.s_addr = htonl(shost); if(ndpi_network_ptree_match(ndpi_struct, &addr) == NDPI_PROTOCOL_SKYPE) { - ret.protocol = NDPI_PROTOCOL_SKYPE; + ret.app_protocol = NDPI_PROTOCOL_SKYPE; } else { addr.s_addr = htonl(dhost); if(ndpi_network_ptree_match(ndpi_struct, &addr) == NDPI_PROTOCOL_SKYPE) - ret.protocol = NDPI_PROTOCOL_SKYPE; + ret.app_protocol = NDPI_PROTOCOL_SKYPE; } } else - ret.protocol = ndpi_guess_protocol_id(ndpi_struct, proto, sport, dport, &user_defined_proto); + ret.app_protocol = ndpi_guess_protocol_id(ndpi_struct, proto, sport, dport, &user_defined_proto); return(ret); } @@ -4479,13 +4365,13 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct char* ndpi_protocol2name(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol proto, char *buf, u_int buf_len) { if((proto.master_protocol != NDPI_PROTOCOL_UNKNOWN) - && (proto.master_protocol != proto.protocol)) { + && (proto.master_protocol != proto.app_protocol)) { snprintf(buf, buf_len, "%s.%s", ndpi_get_proto_name(ndpi_mod, proto.master_protocol), - ndpi_get_proto_name(ndpi_mod, proto.protocol)); + ndpi_get_proto_name(ndpi_mod, proto.app_protocol)); } else snprintf(buf, buf_len, "%s", - ndpi_get_proto_name(ndpi_mod, proto.protocol)); + ndpi_get_proto_name(ndpi_mod, proto.app_protocol)); return(buf); } @@ -4568,8 +4454,8 @@ ndpi_protocol_category_t ndpi_get_proto_category(struct ndpi_detection_module_st ndpi_protocol proto) { /* simple rule: sub protocol first, master after */ if ((proto.master_protocol == NDPI_PROTOCOL_UNKNOWN) || - (ndpi_mod->proto_defaults[proto.protocol].protoCategory != NDPI_PROTOCOL_CATEGORY_UNSPECIFIED)) - return ndpi_mod->proto_defaults[proto.protocol].protoCategory; + (ndpi_mod->proto_defaults[proto.app_protocol].protoCategory != NDPI_PROTOCOL_CATEGORY_UNSPECIFIED)) + return ndpi_mod->proto_defaults[proto.app_protocol].protoCategory; else return ndpi_mod->proto_defaults[proto.master_protocol].protoCategory; } diff --git a/src/lib/protocols/skype.c b/src/lib/protocols/skype.c index 7236da777..1a4c260c0 100644 --- a/src/lib/protocols/skype.c +++ b/src/lib/protocols/skype.c @@ -21,32 +21,6 @@ #ifdef NDPI_PROTOCOL_SKYPE -static u_int8_t is_skype_host(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t host) { - struct in_addr pin; - - pin.s_addr = host; - - return((ndpi_network_ptree_match(ndpi_struct, &pin) == NDPI_PROTOCOL_SKYPE) ? 1 : 0); -} - -u_int8_t is_skype_flow(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; - - if(packet->iph) { - /* - Skype connections are identified by some SSL-like communications - without SSL certificate being exchanged - */ - if(is_skype_host(ndpi_struct, packet->iph->saddr) - || is_skype_host(ndpi_struct, packet->iph->daddr)) { - return(1); - } - } - - return(0); -} - static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; @@ -57,12 +31,6 @@ static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, s if(flow->host_server_name[0] != '\0') return; - - if(is_skype_flow(ndpi_struct, flow)) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_UNKNOWN); - return; - } - // UDP check if(packet->udp != NULL) { flow->l4.udp.skype_packet_id++; diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c index ca42adbbe..8915b0e99 100644 --- a/src/lib/protocols/ssl.c +++ b/src/lib/protocols/ssl.c @@ -70,11 +70,6 @@ static u_int32_t ndpi_ssl_refine_master_protocol(struct ndpi_detection_module_st } break; } - - if((protocol == NDPI_PROTOCOL_SSL_NO_CERT) - && is_skype_flow(ndpi_struct, flow)) { - protocol = NDPI_PROTOCOL_SKYPE; - } } return protocol; diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out index 832e11264..4eea2595d 100644 --- a/tests/result/1kxun.pcap.out +++ b/tests/result/1kxun.pcap.out @@ -11,10 +11,9 @@ SSL 105 21914 7 DHCPV6 10 980 3 Facebook 19 6840 2 Google 3 176 1 -HTTP_Proxy 33 11721 1 LLMNR 89 6799 47 Lync 2 132 1 -1kxun 934 523997 27 +1kxun 967 535718 28 1 TCP 192.168.5.16:53406 <-> 119.235.235.84:443 [proto: 91/SSL][23 pkts/7434 bytes] 2 TCP 192.168.115.8:49613 <-> 183.131.48.144:80 [proto: 7.205/HTTP.1kxun][419 pkts/183693 bytes][Host: 183.131.48.144] @@ -60,7 +59,7 @@ Lync 2 132 1 42 UDP 8.8.8.8:53 <-> 192.168.115.8:60724 [proto: 5.205/DNS.1kxun][3 pkts/283 bytes][Host: pic.1kxun.com] 43 UDP [fe80::edf5:240a:c8c0:8312]:5355 <-> [ff02::1:3]:61603 [proto: 154/LLMNR][2 pkts/172 bytes][Host: ro_x1c] 44 UDP 192.168.5.49:1900 <-> 239.255.255.250:1900 [proto: 12/SSDP][16 pkts/8473 bytes] - 45 TCP 192.168.115.8:49609 <-> 42.120.51.152:8080 [proto: 131/HTTP_Proxy][33 pkts/11721 bytes] + 45 TCP 192.168.115.8:49609 <-> 42.120.51.152:8080 [proto: 7.205/HTTP.1kxun][33 pkts/11721 bytes][Host: 42.120.51.152:8080] 46 TCP 192.168.5.16:53624 <-> 68.233.253.133:80 [proto: 7.205/HTTP.1kxun][12 pkts/1982 bytes][Host: api.magicansoft.com] 47 UDP [fe80::e98f:bae2:19f7:6b0f]:5355 <-> [ff02::1:3]:51451 [proto: 154/LLMNR][2 pkts/184 bytes][Host: 小佛專機] 48 TCP 192.168.115.8:49600 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][69 pkts/63429 bytes][Host: pic.1kxun.com] diff --git a/tests/result/KakaoTalk_talk.pcap.out b/tests/result/KakaoTalk_talk.pcap.out index 85ec9a008..97b69377c 100644 --- a/tests/result/KakaoTalk_talk.pcap.out +++ b/tests/result/KakaoTalk_talk.pcap.out @@ -1,11 +1,11 @@ HTTP 5 280 1 QQ 15 1727 1 -SSL_No_Cert 29 4024 1 +SSL_No_Cert 74 14132 2 RTP 2991 398751 2 SSL 5 1198 1 Facebook 5 377 3 Google 4 359 4 -HTTP_Proxy 61 11946 3 +HTTP_Proxy 16 1838 2 Tor 40 10538 1 Amazon 4 396 1 KakaoTalk_Voice 44 6196 2 @@ -18,7 +18,7 @@ KakaoTalk_Voice 44 6196 2 6 TCP 173.252.88.128:443 <-> 10.24.82.188:59912 [proto: 91.119/SSL.Facebook][2 pkts/124 bytes] 7 TCP 173.252.88.128:443 <-> 10.24.82.188:59954 [proto: 64/SSL_No_Cert][29 pkts/4024 bytes] 8 TCP 10.24.82.188:53974 <-> 203.205.151.233:8080 [proto: 131/HTTP_Proxy][5 pkts/350 bytes] - 9 TCP 110.76.143.50:8080 <-> 10.24.82.188:32968 [proto: 131/HTTP_Proxy][45 pkts/10108 bytes] + 9 TCP 110.76.143.50:8080 <-> 10.24.82.188:32968 [proto: 64/SSL_No_Cert][45 pkts/10108 bytes] 10 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/SSL][5 pkts/1198 bytes] 11 TCP 173.194.72.188:5228 <-> 10.24.82.188:34686 [proto: 126/Google][1 pkts/164 bytes] 12 TCP 110.76.143.50:9001 <-> 10.24.82.188:58857 [proto: 163/Tor][40 pkts/10538 bytes] diff --git a/tests/result/Oscar.pcap.out b/tests/result/Oscar.pcap.out index f1c89cf0c..1f9e194a9 100644 --- a/tests/result/Oscar.pcap.out +++ b/tests/result/Oscar.pcap.out @@ -1,3 +1,3 @@ -SSL 71 9386 1 +Oscar 71 9386 1 - 1 TCP 10.30.29.3:63357 <-> 178.237.24.249:443 [proto: 91/SSL][71 pkts/9386 bytes] + 1 TCP 10.30.29.3:63357 <-> 178.237.24.249:443 [proto: 69/Oscar][71 pkts/9386 bytes] diff --git a/tests/result/openvpn.pcap.out b/tests/result/openvpn.pcap.out index 561f3b468..81d959dc1 100644 --- a/tests/result/openvpn.pcap.out +++ b/tests/result/openvpn.pcap.out @@ -1,6 +1,5 @@ -SSL 95 15380 1 -OpenVPN 203 41731 2 +OpenVPN 298 57111 3 1 UDP 192.168.43.12:41507 <-> 139.59.151.137:13680 [proto: 159/OpenVPN][83 pkts/13559 bytes] 2 UDP 192.168.43.18:13680 <-> 139.59.151.137:13680 [proto: 159/OpenVPN][120 pkts/28172 bytes] - 3 TCP 192.168.1.77:60140 <-> 46.101.231.218:443 [proto: 91/SSL][95 pkts/15380 bytes] + 3 TCP 192.168.1.77:60140 <-> 46.101.231.218:443 [proto: 159/OpenVPN][95 pkts/15380 bytes] diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index 29ee2021f..59752f6a8 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -1,13 +1,13 @@ -Unknown 404 52712 16 -DNS 8 807 4 +Unknown 349 43621 14 +DNS 2 267 1 MDNS 8 1736 2 NTP 2 180 1 SSDP 101 38156 6 ICMP 8 656 1 IGMP 5 258 4 -SSL 96 8876 7 +SSL 88 8268 6 Dropbox 38 17948 5 -Skype 1904 292070 241 +Skype 1973 302309 247 Apple 15 2045 2 AppleiCloud 88 20520 2 Spotify 5 430 1 @@ -80,7 +80,7 @@ MS_OneDrive 387 198090 1 65 UDP 192.168.1.1:53 <-> 192.168.1.34:49793 [proto: 5.125/DNS.Skype][7 pkts/532 bytes][Host: dsn4.d.skype.net] 66 UDP 192.168.1.1:53 <-> 192.168.1.34:49903 [proto: 5.125/DNS.Skype][9 pkts/648 bytes][Host: ui.skype.com] 67 TCP 192.168.1.34:50134 <-> 157.56.53.47:12350 [proto: 125/Skype][15 pkts/1920 bytes] - 68 UDP 192.168.1.1:53 <-> 192.168.1.34:51879 [proto: 5/DNS][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] + 68 UDP 192.168.1.1:53 <-> 192.168.1.34:51879 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] 69 UDP 192.168.1.1:53 <-> 192.168.1.34:54343 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] 70 UDP 192.168.1.1:53 <-> 192.168.1.34:55159 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] 71 UDP 192.168.1.1:53 <-> 192.168.1.34:55711 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] @@ -94,10 +94,10 @@ MS_OneDrive 387 198090 1 79 UDP 192.168.1.34:13021 <-> 213.199.179.168:40006 [proto: 125/Skype][1 pkts/73 bytes] 80 UDP 192.168.1.1:53 <-> 192.168.1.34:58681 [proto: 5/DNS][2 pkts/267 bytes][Host: db3msgr5011709.gateway.messenger.live.com] 81 TCP 192.168.1.34:50122 <-> 81.133.19.185:44431 [proto: 125/Skype][20 pkts/1624 bytes] - 82 UDP 192.168.1.1:53 <-> 192.168.1.34:63321 [proto: 5/DNS][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] + 82 UDP 192.168.1.1:53 <-> 192.168.1.34:63321 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] 83 UDP 192.168.1.34:49485 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] 84 UDP 192.168.1.1:53 <-> 192.168.1.34:63421 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 85 UDP 192.168.1.1:53 <-> 192.168.1.34:64085 [proto: 5/DNS][2 pkts/180 bytes][Host: e7768.b.akamaiedge.net] + 85 UDP 192.168.1.1:53 <-> 192.168.1.34:64085 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e7768.b.akamaiedge.net] 86 UDP 192.168.1.1:53 <-> 192.168.1.34:65045 [proto: 5.125/DNS.Skype][7 pkts/532 bytes][Host: dsn4.d.skype.net] 87 UDP 192.168.1.1:53 <-> 192.168.1.34:65037 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] 88 TCP 192.168.1.34:50055 <-> 111.221.74.47:40030 [proto: 125/Skype][16 pkts/1262 bytes] @@ -144,152 +144,154 @@ MS_OneDrive 387 198090 1 129 TCP 192.168.1.34:50087 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][12 pkts/1107 bytes] 130 UDP 76.185.207.12:45493 <-> 192.168.1.34:13021 [proto: 125/Skype][5 pkts/300 bytes] 131 TCP 192.168.1.34:50137 <-> 5.248.186.221:31010 [proto: 125/Skype][18 pkts/1445 bytes] - 132 UDP 192.168.1.34:13021 <-> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes] - 133 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes] - 134 UDP 111.221.74.24:40001 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/64 bytes] - 135 UDP 111.221.74.19:40001 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/68 bytes] - 136 UDP 111.221.74.12:40031 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/75 bytes] - 137 UDP 192.168.1.34:13021 <-> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes] - 138 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes] - 139 UDP 111.221.74.32:40009 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] - 140 UDP 111.221.74.31:40021 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/73 bytes] - 141 UDP 192.168.1.34:13021 <-> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes] - 142 UDP 192.168.1.34:13021 <-> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes] - 143 UDP 192.168.1.34:13021 <-> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes] - 144 UDP 192.168.1.34:13021 <-> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes] - 145 UDP 192.168.1.34:13021 <-> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes] - 146 UDP 192.168.1.34:13021 <-> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes] - 147 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes] - 148 UDP 192.168.1.34:13021 <-> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes] - 149 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/483 bytes] - 150 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/769 bytes] - 151 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/599 bytes] - 152 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][14 pkts/1101 bytes] - 153 UDP 192.168.1.34:13021 <-> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes] - 154 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes] - 155 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] - 156 UDP 192.168.1.34:13021 <-> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes] - 157 TCP 76.167.161.6:20274 <-> 192.168.1.34:50112 [proto: 125/Skype][15 pkts/1254 bytes] - 158 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][387 pkts/198090 bytes][server: *.gateway.messenger.live.com] - 159 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][14 pkts/1328 bytes] - 160 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] - 161 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][15 pkts/1411 bytes] - 162 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][15 pkts/1351 bytes] - 163 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][15 pkts/1349 bytes] - 164 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][15 pkts/1401 bytes] - 165 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1513 bytes] - 166 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][16 pkts/1754 bytes] - 167 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][15 pkts/1590 bytes] - 168 TCP 192.168.1.34:50146 <-> 157.56.53.51:443 [proto: 91/SSL][8 pkts/608 bytes] - 169 UDP 192.168.1.34:13021 <-> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes] - 170 UDP 192.168.1.34:13021 <-> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes] - 171 UDP 192.168.1.34:13021 <-> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes] - 172 UDP 157.56.52.21:40004 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/64 bytes] - 173 UDP 157.56.52.26:40026 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes] - 174 UDP 192.168.1.34:13021 <-> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes] - 175 UDP 192.168.1.34:13021 <-> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes] - 176 UDP 192.168.1.34:13021 <-> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes] - 177 UDP 192.168.1.34:13021 <-> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes] - 178 UDP 192.168.1.34:13021 <-> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes] - 179 UDP 192.168.1.34:13021 <-> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes] - 180 UDP 192.168.1.34:13021 <-> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes] - 181 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes] - 182 UDP 192.168.1.34:13021 <-> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes] - 183 UDP 192.168.1.34:13021 <-> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes] - 184 UDP 192.168.1.34:13021 <-> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes] - 185 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes] - 186 UDP 192.168.1.34:13021 <-> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes] - 187 UDP 192.168.1.34:13021 <-> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes] - 188 UDP 192.168.1.34:13021 <-> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes] - 189 UDP 192.168.1.34:13021 <-> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes] - 190 UDP 192.168.1.34:13021 <-> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes] - 191 UDP 192.168.1.34:13021 <-> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes] - 192 UDP 192.168.1.34:13021 <-> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes] - 193 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes] - 194 UDP 192.168.1.1:53 <-> 192.168.1.34:49360 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 195 TCP 149.13.32.15:13392 <-> 192.168.1.34:50132 [proto: 125/Skype][18 pkts/1412 bytes] - 196 UDP 192.168.1.92:57621 <-> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes] - 197 UDP 192.168.1.1:53 <-> 192.168.1.34:49990 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 198 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes] - 199 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes] - 200 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes] - 201 UDP 192.168.1.1:53 <-> 192.168.1.34:51802 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 202 UDP 192.168.1.1:53 <-> 192.168.1.34:52714 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 203 UDP 192.168.1.1:53 <-> 192.168.1.34:52850 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] - 204 UDP 192.168.1.1:53 <-> 192.168.1.34:52742 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] - 205 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][16 pkts/1592 bytes] - 206 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][16 pkts/1376 bytes] - 207 UDP 192.168.1.1:53 <-> 192.168.1.34:54396 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 208 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][16 pkts/1355 bytes] - 209 TCP 65.55.223.33:40002 <-> 192.168.1.34:50026 [proto: 125/Skype][17 pkts/1370 bytes] - 210 TCP 65.55.223.12:40031 <-> 192.168.1.34:50065 [proto: 125/Skype][17 pkts/1401 bytes] - 211 TCP 65.55.223.15:40026 <-> 192.168.1.34:50098 [proto: 125/Skype][17 pkts/1381 bytes] - 212 UDP 192.168.1.1:53 <-> 192.168.1.34:57288 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 213 UDP 192.168.1.1:53 <-> 192.168.1.34:57406 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 214 UDP 192.168.1.1:53 <-> 192.168.1.34:57726 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 215 UDP 192.168.1.34:13021 <-> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes] - 216 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes] - 217 UDP 192.168.1.34:13021 <-> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes] - 218 UDP 192.168.1.34:13021 <-> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes] - 219 UDP 192.168.1.34:13021 <-> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes] - 220 UDP 192.168.1.34:13021 <-> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes] - 221 UDP 192.168.1.1:53 <-> 192.168.1.34:58458 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 222 UDP 192.168.1.1:53 <-> 192.168.1.34:58368 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] - 223 UDP 192.168.1.1:53 <-> 192.168.1.34:60288 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 224 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes] - 225 UDP 192.168.1.1:53 <-> 192.168.1.34:62454 [proto: 5.143/DNS.AppleiCloud][2 pkts/234 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] - 226 UDP 192.168.1.1:53 <-> 192.168.1.34:63108 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] - 227 UDP 192.168.1.92:50084 <-> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes] - 228 UDP 192.168.1.34:51066 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 229 UDP 192.168.1.1:53 <-> 192.168.1.34:65426 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 230 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][17 pkts/1380 bytes] - 231 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][16 pkts/1236 bytes] - 232 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] - 233 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][2 pkts/92 bytes] - 234 IGMP 224.0.0.1:0 <-> 192.168.1.1:0 [proto: 82/IGMP][1 pkts/60 bytes] - 235 IGMP 192.168.1.92:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] - 236 IGMP 192.168.1.34:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes] - 237 UDP 192.168.1.34:56886 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 238 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][17 pkts/1361 bytes] - 239 TCP 157.56.52.28:40009 <-> 192.168.1.34:50108 [proto: 125/Skype][472 pkts/164627 bytes] - 240 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][16 pkts/1278 bytes] - 241 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][17 pkts/1305 bytes] - 242 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][17 pkts/1312 bytes] - 243 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][18 pkts/1442 bytes] - 244 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][17 pkts/1387 bytes] - 245 UDP 192.168.1.34:64560 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 246 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] - 247 TCP 86.31.35.30:59621 <-> 192.168.1.34:50115 [proto: 125/Skype][17 pkts/1386 bytes] - 248 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][12 pkts/1147 bytes] - 249 TCP 65.55.223.33:443 <-> 192.168.1.34:50030 [proto: 91/SSL][15 pkts/1311 bytes] - 250 TCP 65.55.223.12:443 <-> 192.168.1.34:50066 [proto: 91/SSL][15 pkts/1452 bytes] - 251 TCP 65.55.223.15:443 <-> 192.168.1.34:50102 [proto: 91/SSL][14 pkts/1390 bytes] - 252 UDP 239.255.255.250:1900 <-> 192.168.0.254:1025 [proto: 12/SSDP][79 pkts/29479 bytes] - 253 UDP 192.168.1.34:13021 <-> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes] - 254 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes] - 255 UDP 192.168.1.34:13021 <-> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes] - 256 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes] - 257 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes] - 258 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes] - 259 UDP 65.55.223.15:40026 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/66 bytes] - 260 UDP 192.168.1.34:13021 <-> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes] - 261 UDP 65.55.223.17:40022 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] - 262 UDP 65.55.223.25:40028 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/76 bytes] - 263 UDP 65.55.223.24:40032 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/67 bytes] - 264 UDP 65.55.223.28:40026 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes] - 265 UDP 65.55.223.26:40004 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/79 bytes] - 266 UDP 65.55.223.29:40010 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes] - 267 UDP 192.168.1.34:13021 <-> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes] - 268 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][2 pkts/180 bytes] - 269 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][20 pkts/1516 bytes] - 270 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][18 pkts/1506 bytes] - 271 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][15 pkts/1237 bytes] - 272 TCP 192.168.1.34:49445 <-> 108.160.170.46:443 [proto: 91.121/SSL.Dropbox][16 pkts/5980 bytes] - 273 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][14 pkts/1208 bytes] - 274 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][13 pkts/1109 bytes] - 275 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][17 pkts/1304 bytes] - 276 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][19 pkts/1495 bytes] - 277 UDP [fe80::c62c:3ff:fe06:49fe]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][4 pkts/908 bytes] + 132 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 125/Skype][23 pkts/4119 bytes] + 133 UDP 192.168.1.34:13021 <-> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes] + 134 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes] + 135 UDP 111.221.74.24:40001 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/64 bytes] + 136 UDP 111.221.74.19:40001 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/68 bytes] + 137 UDP 111.221.74.12:40031 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/75 bytes] + 138 UDP 192.168.1.34:13021 <-> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes] + 139 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes] + 140 UDP 111.221.74.32:40009 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] + 141 UDP 111.221.74.31:40021 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/73 bytes] + 142 UDP 192.168.1.34:13021 <-> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes] + 143 UDP 192.168.1.34:13021 <-> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes] + 144 UDP 192.168.1.34:13021 <-> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes] + 145 UDP 192.168.1.34:13021 <-> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes] + 146 UDP 192.168.1.34:13021 <-> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes] + 147 UDP 192.168.1.34:13021 <-> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes] + 148 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes] + 149 UDP 192.168.1.34:13021 <-> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes] + 150 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/483 bytes] + 151 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/769 bytes] + 152 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/599 bytes] + 153 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][14 pkts/1101 bytes] + 154 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 125/Skype][32 pkts/4972 bytes] + 155 UDP 192.168.1.34:13021 <-> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes] + 156 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes] + 157 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] + 158 UDP 192.168.1.34:13021 <-> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes] + 159 TCP 76.167.161.6:20274 <-> 192.168.1.34:50112 [proto: 125/Skype][15 pkts/1254 bytes] + 160 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][387 pkts/198090 bytes][server: *.gateway.messenger.live.com] + 161 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][14 pkts/1328 bytes] + 162 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] + 163 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][15 pkts/1411 bytes] + 164 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][15 pkts/1351 bytes] + 165 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][15 pkts/1349 bytes] + 166 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][15 pkts/1401 bytes] + 167 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1513 bytes] + 168 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][16 pkts/1754 bytes] + 169 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][15 pkts/1590 bytes] + 170 TCP 192.168.1.34:50146 <-> 157.56.53.51:443 [proto: 91.125/SSL.Skype][8 pkts/608 bytes] + 171 UDP 192.168.1.34:13021 <-> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes] + 172 UDP 192.168.1.34:13021 <-> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes] + 173 UDP 192.168.1.34:13021 <-> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes] + 174 UDP 157.56.52.21:40004 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/64 bytes] + 175 UDP 157.56.52.26:40026 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes] + 176 UDP 192.168.1.34:13021 <-> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes] + 177 UDP 192.168.1.34:13021 <-> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes] + 178 UDP 192.168.1.34:13021 <-> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes] + 179 UDP 192.168.1.34:13021 <-> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes] + 180 UDP 192.168.1.34:13021 <-> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes] + 181 UDP 192.168.1.34:13021 <-> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes] + 182 UDP 192.168.1.34:13021 <-> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes] + 183 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes] + 184 UDP 192.168.1.34:13021 <-> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes] + 185 UDP 192.168.1.34:13021 <-> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes] + 186 UDP 192.168.1.34:13021 <-> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes] + 187 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes] + 188 UDP 192.168.1.34:13021 <-> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes] + 189 UDP 192.168.1.34:13021 <-> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes] + 190 UDP 192.168.1.34:13021 <-> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes] + 191 UDP 192.168.1.34:13021 <-> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes] + 192 UDP 192.168.1.34:13021 <-> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes] + 193 UDP 192.168.1.34:13021 <-> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes] + 194 UDP 192.168.1.34:13021 <-> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes] + 195 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes] + 196 UDP 192.168.1.1:53 <-> 192.168.1.34:49360 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 197 TCP 149.13.32.15:13392 <-> 192.168.1.34:50132 [proto: 125/Skype][18 pkts/1412 bytes] + 198 UDP 192.168.1.92:57621 <-> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes] + 199 UDP 192.168.1.1:53 <-> 192.168.1.34:49990 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 200 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes] + 201 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes] + 202 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes] + 203 UDP 192.168.1.1:53 <-> 192.168.1.34:51802 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 204 UDP 192.168.1.1:53 <-> 192.168.1.34:52714 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 205 UDP 192.168.1.1:53 <-> 192.168.1.34:52850 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] + 206 UDP 192.168.1.1:53 <-> 192.168.1.34:52742 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] + 207 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][16 pkts/1592 bytes] + 208 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][16 pkts/1376 bytes] + 209 UDP 192.168.1.1:53 <-> 192.168.1.34:54396 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 210 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][16 pkts/1355 bytes] + 211 TCP 65.55.223.33:40002 <-> 192.168.1.34:50026 [proto: 125/Skype][17 pkts/1370 bytes] + 212 TCP 65.55.223.12:40031 <-> 192.168.1.34:50065 [proto: 125/Skype][17 pkts/1401 bytes] + 213 TCP 65.55.223.15:40026 <-> 192.168.1.34:50098 [proto: 125/Skype][17 pkts/1381 bytes] + 214 UDP 192.168.1.1:53 <-> 192.168.1.34:57288 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 215 UDP 192.168.1.1:53 <-> 192.168.1.34:57406 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 216 UDP 192.168.1.1:53 <-> 192.168.1.34:57726 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 217 UDP 192.168.1.34:13021 <-> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes] + 218 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes] + 219 UDP 192.168.1.34:13021 <-> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes] + 220 UDP 192.168.1.34:13021 <-> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes] + 221 UDP 192.168.1.34:13021 <-> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes] + 222 UDP 192.168.1.34:13021 <-> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes] + 223 UDP 192.168.1.1:53 <-> 192.168.1.34:58458 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 224 UDP 192.168.1.1:53 <-> 192.168.1.34:58368 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] + 225 UDP 192.168.1.1:53 <-> 192.168.1.34:60288 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 226 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes] + 227 UDP 192.168.1.1:53 <-> 192.168.1.34:62454 [proto: 5.143/DNS.AppleiCloud][2 pkts/234 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] + 228 UDP 192.168.1.1:53 <-> 192.168.1.34:63108 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] + 229 UDP 192.168.1.92:50084 <-> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes] + 230 UDP 192.168.1.34:51066 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 231 UDP 192.168.1.1:53 <-> 192.168.1.34:65426 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 232 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][17 pkts/1380 bytes] + 233 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][16 pkts/1236 bytes] + 234 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] + 235 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][2 pkts/92 bytes] + 236 IGMP 224.0.0.1:0 <-> 192.168.1.1:0 [proto: 82/IGMP][1 pkts/60 bytes] + 237 IGMP 192.168.1.92:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] + 238 IGMP 192.168.1.34:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes] + 239 UDP 192.168.1.34:56886 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 240 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][17 pkts/1361 bytes] + 241 TCP 157.56.52.28:40009 <-> 192.168.1.34:50108 [proto: 125/Skype][472 pkts/164627 bytes] + 242 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][16 pkts/1278 bytes] + 243 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][17 pkts/1305 bytes] + 244 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][17 pkts/1312 bytes] + 245 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][18 pkts/1442 bytes] + 246 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][17 pkts/1387 bytes] + 247 UDP 192.168.1.34:64560 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 248 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] + 249 TCP 86.31.35.30:59621 <-> 192.168.1.34:50115 [proto: 125/Skype][17 pkts/1386 bytes] + 250 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][12 pkts/1147 bytes] + 251 TCP 65.55.223.33:443 <-> 192.168.1.34:50030 [proto: 91/SSL][15 pkts/1311 bytes] + 252 TCP 65.55.223.12:443 <-> 192.168.1.34:50066 [proto: 91/SSL][15 pkts/1452 bytes] + 253 TCP 65.55.223.15:443 <-> 192.168.1.34:50102 [proto: 91/SSL][14 pkts/1390 bytes] + 254 UDP 239.255.255.250:1900 <-> 192.168.0.254:1025 [proto: 12/SSDP][79 pkts/29479 bytes] + 255 UDP 192.168.1.34:13021 <-> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes] + 256 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes] + 257 UDP 192.168.1.34:13021 <-> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes] + 258 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes] + 259 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes] + 260 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes] + 261 UDP 65.55.223.15:40026 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/66 bytes] + 262 UDP 192.168.1.34:13021 <-> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes] + 263 UDP 65.55.223.17:40022 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] + 264 UDP 65.55.223.25:40028 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/76 bytes] + 265 UDP 65.55.223.24:40032 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/67 bytes] + 266 UDP 65.55.223.28:40026 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes] + 267 UDP 65.55.223.26:40004 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/79 bytes] + 268 UDP 65.55.223.29:40010 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes] + 269 UDP 192.168.1.34:13021 <-> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes] + 270 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][2 pkts/180 bytes] + 271 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][20 pkts/1516 bytes] + 272 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][18 pkts/1506 bytes] + 273 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][15 pkts/1237 bytes] + 274 TCP 192.168.1.34:49445 <-> 108.160.170.46:443 [proto: 91.121/SSL.Dropbox][16 pkts/5980 bytes] + 275 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][14 pkts/1208 bytes] + 276 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][13 pkts/1109 bytes] + 277 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][17 pkts/1304 bytes] + 278 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][19 pkts/1495 bytes] + 279 UDP [fe80::c62c:3ff:fe06:49fe]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][4 pkts/908 bytes] Undetected flows: @@ -301,11 +303,9 @@ Undetected flows: 6 TCP 192.168.1.34:50124 <-> 81.133.19.185:44431 [proto: 0/Unknown][22 pkts/1636 bytes] 7 TCP 192.168.1.34:50131 <-> 212.161.8.36:13392 [proto: 0/Unknown][19 pkts/5111 bytes] 8 TCP 192.168.1.34:50142 <-> 80.14.46.121:4415 [proto: 0/Unknown][18 pkts/1474 bytes] - 9 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 0/Unknown][23 pkts/4119 bytes] - 10 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 0/Unknown][32 pkts/4972 bytes] - 11 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][40 pkts/5609 bytes] - 12 TCP 76.167.161.6:20274 <-> 192.168.1.34:50140 [proto: 0/Unknown][3 pkts/206 bytes] - 13 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][14 pkts/1139 bytes] - 14 TCP 192.168.1.34:50145 <-> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes] - 15 TCP 86.31.35.30:59621 <-> 192.168.1.34:50119 [proto: 0/Unknown][100 pkts/12266 bytes] - 16 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][27 pkts/2098 bytes] + 9 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][40 pkts/5609 bytes] + 10 TCP 76.167.161.6:20274 <-> 192.168.1.34:50140 [proto: 0/Unknown][3 pkts/206 bytes] + 11 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][14 pkts/1139 bytes] + 12 TCP 192.168.1.34:50145 <-> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes] + 13 TCP 86.31.35.30:59621 <-> 192.168.1.34:50119 [proto: 0/Unknown][100 pkts/12266 bytes] + 14 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][27 pkts/2098 bytes] diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index d8b67aab0..6864f2b0c 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -1,5 +1,5 @@ Unknown 236 70600 14 -DNS 6 627 3 +DNS 2 267 1 MDNS 3 400 2 NetBIOS 22 3106 7 SSDP 40 14100 3 @@ -7,7 +7,7 @@ ICMP 4 328 1 IGMP 4 226 4 SSL 79 7742 6 Dropbox 16 7342 5 -Skype 1237 180967 219 +Skype 1241 181327 221 Apple 84 20699 2 MS_OneDrive 348 181687 1 @@ -85,7 +85,7 @@ MS_OneDrive 348 181687 1 72 UDP 192.168.1.1:53 <-> 192.168.1.34:60413 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] 73 UDP 192.168.1.1:53 <-> 192.168.1.34:61095 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] 74 UDP 192.168.1.1:53 <-> 192.168.1.34:62875 [proto: 5.125/DNS.Skype][7 pkts/539 bytes][Host: dsn13.d.skype.net] - 75 UDP 192.168.1.1:53 <-> 192.168.1.34:63661 [proto: 5/DNS][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] + 75 UDP 192.168.1.1:53 <-> 192.168.1.34:63661 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] 76 UDP 192.168.1.1:53 <-> 192.168.1.34:64971 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: a.config.skype.com] 77 TCP 192.168.1.34:51313 <-> 212.161.8.36:13392 [proto: 125/Skype][14 pkts/1142 bytes] 78 TCP 192.168.1.34:51256 <-> 111.221.77.142:40013 [proto: 125/Skype][16 pkts/1238 bytes] @@ -152,7 +152,7 @@ MS_OneDrive 348 181687 1 139 TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 125/Skype][15 pkts/1226 bytes] 140 TCP 76.167.161.6:20274 <-> 192.168.1.34:51288 [proto: 125/Skype][15 pkts/1258 bytes] 141 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][348 pkts/181687 bytes][server: *.gateway.messenger.live.com] - 142 TCP 157.56.52.28:443 <-> 192.168.1.34:51232 [proto: 91.125/SSL.Skype][13 pkts/1157 bytes] + 142 TCP 157.56.52.28:443 <-> 192.168.1.34:51232 [proto: 125/Skype][13 pkts/1157 bytes] 143 TCP 192.168.1.34:51241 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1584 bytes] 144 TCP 192.168.1.34:51261 <-> 157.55.235.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] 145 TCP 192.168.1.34:51281 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][15 pkts/1380 bytes] @@ -210,7 +210,7 @@ MS_OneDrive 348 181687 1 197 UDP 192.168.1.34:13021 <-> 213.199.179.172:40011 [proto: 125/Skype][1 pkts/76 bytes] 198 UDP 192.168.1.34:13021 <-> 213.199.179.174:40025 [proto: 125/Skype][1 pkts/71 bytes] 199 TCP 192.168.1.34:51298 <-> 82.224.110.241:38895 [proto: 125/Skype][14 pkts/1150 bytes] - 200 UDP 192.168.1.1:53 <-> 192.168.1.34:59788 [proto: 5/DNS][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] + 200 UDP 192.168.1.1:53 <-> 192.168.1.34:59788 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] 201 UDP 192.168.1.1:53 <-> 192.168.1.34:60688 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] 202 UDP 192.168.1.1:53 <-> 192.168.1.34:61016 [proto: 5.125/DNS.Skype][1 pkts/80 bytes][Host: apps.skypeassets.com] 203 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][4 pkts/328 bytes] -- cgit v1.2.3 From 3add72c6865e3099de9a78fed1823966a67675d8 Mon Sep 17 00:00:00 2001 From: Campus Date: Wed, 15 Mar 2017 18:42:44 +0100 Subject: deleted useless function - change macro name --- src/include/ndpi_api.h | 16 +---- src/include/ndpi_protocol_ids.h | 126 ++++++++++++++++++++-------------------- src/include/ndpi_typedefs.h | 6 +- src/lib/ndpi_main.c | 4 +- 4 files changed, 69 insertions(+), 83 deletions(-) (limited to 'src') diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 79de7017e..ca295b4e1 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -1,7 +1,7 @@ /* * ndpi_api.h * - * Copyright (C) 2011-16 - ntop.org + * Copyright (C) 2011-17 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -255,20 +255,6 @@ extern "C" { u_int8_t *l4_protocol_return, u_int32_t flags); -#if 0 - /** - * returns true if the protocol history of the flow of the last packet given to the detection - * contains the given protocol. - * - * @param ndpi_struct the detection module - * @return 1 if protocol has been found, 0 otherwise - * - */ - u_int8_t ndpi_detection_flow_protocol_history_contains_protocol(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow, - u_int16_t protocol_id); -#endif - /** * Search and return the protocol based on matched ports * diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 2e453689b..7eada61e2 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -30,17 +30,17 @@ #define __NDPI_PROTOCOLS_DEFAULT_H__ #define NDPI_DETECTION_SUPPORT_IPV6 -#define NDPI_PROTOCOL_HISTORY_SIZE 2 +#define NDPI_PROTOCOL_SIZE 2 -#define NDPI_PROTOCOL_UNKNOWN 0 +#define NDPI_PROTOCOL_UNKNOWN 0 -#define NDPI_PROTOCOL_NO_MASTER_PROTO NDPI_PROTOCOL_UNKNOWN +#define NDPI_PROTOCOL_NO_MASTER_PROTO NDPI_PROTOCOL_UNKNOWN -#define NDPI_PROTOCOL_UNKNOWN 0 -#define NDPI_PROTOCOL_FTP_CONTROL 1 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_MAIL_POP 2 -#define NDPI_PROTOCOL_MAIL_SMTP 3 -#define NDPI_PROTOCOL_MAIL_IMAP 4 +#define NDPI_PROTOCOL_UNKNOWN 0 +#define NDPI_PROTOCOL_FTP_CONTROL 1 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_MAIL_POP 2 +#define NDPI_PROTOCOL_MAIL_SMTP 3 +#define NDPI_PROTOCOL_MAIL_IMAP 4 #define NDPI_PROTOCOL_DNS 5 #define NDPI_PROTOCOL_IPP 6 #define NDPI_PROTOCOL_HTTP 7 @@ -58,61 +58,61 @@ #define NDPI_PROTOCOL_POSTGRES 19 #define NDPI_PROTOCOL_MYSQL 20 #define NDPI_PROTOCOL_HOTMAIL 21 -#define NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK 22 -#define NDPI_PROTOCOL_MAIL_POPS 23 -#define NDPI_PROTOCOL_APPLEJUICE 24 -#define NDPI_PROTOCOL_DIRECTCONNECT 25 -#define NDPI_PROTOCOL_SOCRATES 26 -#define NDPI_PROTOCOL_COAP 27 -#define NDPI_PROTOCOL_VMWARE 28 -#define NDPI_PROTOCOL_MAIL_SMTPS 29 -#define NDPI_PROTOCOL_FILETOPIA 30 -#define NDPI_PROTOCOL_UBNTAC2 31 /* Ubiquity UBNT AirControl 2 - Thomas Fjellstrom */ -#define NDPI_PROTOCOL_KONTIKI 32 -#define NDPI_PROTOCOL_OPENFT 33 -#define NDPI_PROTOCOL_FASTTRACK 34 -#define NDPI_PROTOCOL_GNUTELLA 35 -#define NDPI_PROTOCOL_EDONKEY 36 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_BITTORRENT 37 -#define NDPI_PROTOCOL_EPP 38 -#define NDPI_CONTENT_AVI 39 -#define NDPI_CONTENT_FLASH 40 -#define NDPI_CONTENT_OGG 41 -#define NDPI_CONTENT_MPEG 42 -#define NDPI_CONTENT_QUICKTIME 43 -#define NDPI_CONTENT_REALMEDIA 44 -#define NDPI_CONTENT_WINDOWSMEDIA 45 -#define NDPI_CONTENT_MMS 46 -#define NDPI_PROTOCOL_XBOX 47 -#define NDPI_PROTOCOL_QQ 48 -#define NDPI_PROTOCOL_MOVE 49 -#define NDPI_PROTOCOL_RTSP 50 -#define NDPI_PROTOCOL_MAIL_IMAPS 51 +#define NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK 22 +#define NDPI_PROTOCOL_MAIL_POPS 23 +#define NDPI_PROTOCOL_APPLEJUICE 24 +#define NDPI_PROTOCOL_DIRECTCONNECT 25 +#define NDPI_PROTOCOL_SOCRATES 26 +#define NDPI_PROTOCOL_COAP 27 +#define NDPI_PROTOCOL_VMWARE 28 +#define NDPI_PROTOCOL_MAIL_SMTPS 29 +#define NDPI_PROTOCOL_FILETOPIA 30 +#define NDPI_PROTOCOL_UBNTAC2 31 /* Ubiquity UBNT AirControl 2 - Thomas Fjellstrom */ +#define NDPI_PROTOCOL_KONTIKI 32 +#define NDPI_PROTOCOL_OPENFT 33 +#define NDPI_PROTOCOL_FASTTRACK 34 +#define NDPI_PROTOCOL_GNUTELLA 35 +#define NDPI_PROTOCOL_EDONKEY 36 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_BITTORRENT 37 +#define NDPI_PROTOCOL_EPP 38 +#define NDPI_CONTENT_AVI 39 +#define NDPI_CONTENT_FLASH 40 +#define NDPI_CONTENT_OGG 41 +#define NDPI_CONTENT_MPEG 42 +#define NDPI_CONTENT_QUICKTIME 43 +#define NDPI_CONTENT_REALMEDIA 44 +#define NDPI_CONTENT_WINDOWSMEDIA 45 +#define NDPI_CONTENT_MMS 46 +#define NDPI_PROTOCOL_XBOX 47 +#define NDPI_PROTOCOL_QQ 48 +#define NDPI_PROTOCOL_MOVE 49 +#define NDPI_PROTOCOL_RTSP 50 +#define NDPI_PROTOCOL_MAIL_IMAPS 51 #define NDPI_PROTOCOL_ICECAST 52 #define NDPI_PROTOCOL_PPLIVE 53 /* Tomasz Bujlow */ #define NDPI_PROTOCOL_PPSTREAM 54 #define NDPI_PROTOCOL_ZATTOO 55 -#define NDPI_PROTOCOL_SHOUTCAST 56 +#define NDPI_PROTOCOL_SHOUTCAST 56 #define NDPI_PROTOCOL_SOPCAST 57 #define NDPI_PROTOCOL_TVANTS 58 -#define NDPI_PROTOCOL_TVUPLAYER 59 -#define NDPI_PROTOCOL_HTTP_DOWNLOAD 60 +#define NDPI_PROTOCOL_TVUPLAYER 59 +#define NDPI_PROTOCOL_HTTP_DOWNLOAD 60 #define NDPI_PROTOCOL_QQLIVE 61 #define NDPI_PROTOCOL_THUNDER 62 #define NDPI_PROTOCOL_SOULSEEK 63 -#define NDPI_PROTOCOL_SSL_NO_CERT 64 /* SSL without certificate (Skype Ultrasurf?) - ntop.org */ -#define NDPI_PROTOCOL_IRC 65 -#define NDPI_PROTOCOL_AYIYA 66 -#define NDPI_PROTOCOL_UNENCRYPTED_JABBER 67 +#define NDPI_PROTOCOL_SSL_NO_CERT 64 +#define NDPI_PROTOCOL_IRC 65 +#define NDPI_PROTOCOL_AYIYA 66 +#define NDPI_PROTOCOL_UNENCRYPTED_JABBER 67 #define NDPI_PROTOCOL_MSN 68 #define NDPI_PROTOCOL_OSCAR 69 #define NDPI_PROTOCOL_YAHOO 70 -#define NDPI_PROTOCOL_BATTLEFIELD 71 +#define NDPI_PROTOCOL_BATTLEFIELD 71 #define NDPI_PROTOCOL_QUAKE 72 #define NDPI_PROTOCOL_IP_VRRP 73 #define NDPI_PROTOCOL_STEAM 74 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_HALFLIFE2 75 -#define NDPI_PROTOCOL_WORLDOFWARCRAFT 76 +#define NDPI_PROTOCOL_HALFLIFE2 75 +#define NDPI_PROTOCOL_WORLDOFWARCRAFT 76 #define NDPI_PROTOCOL_TELNET 77 #define NDPI_PROTOCOL_STUN 78 #define NDPI_PROTOCOL_IP_IPSEC 79 @@ -122,11 +122,11 @@ #define NDPI_PROTOCOL_IP_EGP 83 #define NDPI_PROTOCOL_IP_SCTP 84 #define NDPI_PROTOCOL_IP_OSPF 85 -#define NDPI_PROTOCOL_IP_IP_IN_IP 86 +#define NDPI_PROTOCOL_IP_IP_IN_IP 86 #define NDPI_PROTOCOL_RTP 87 #define NDPI_PROTOCOL_RDP 88 #define NDPI_PROTOCOL_VNC 89 -#define NDPI_PROTOCOL_PCANYWHERE 90 +#define NDPI_PROTOCOL_PCANYWHERE 90 #define NDPI_PROTOCOL_SSL 91 #define NDPI_PROTOCOL_SSH 92 #define NDPI_PROTOCOL_USENET 93 @@ -134,40 +134,40 @@ #define NDPI_PROTOCOL_IAX 95 #define NDPI_PROTOCOL_TFTP 96 #define NDPI_PROTOCOL_AFP 97 -#define NDPI_PROTOCOL_STEALTHNET 98 +#define NDPI_PROTOCOL_STEALTHNET 98 #define NDPI_PROTOCOL_AIMINI 99 #define NDPI_PROTOCOL_SIP 100 #define NDPI_PROTOCOL_TRUPHONE 101 -#define NDPI_PROTOCOL_IP_ICMPV6 102 +#define NDPI_PROTOCOL_IP_ICMPV6 102 #define NDPI_PROTOCOL_DHCPV6 103 -#define NDPI_PROTOCOL_ARMAGETRON 104 -#define NDPI_PROTOCOL_CROSSFIRE 105 +#define NDPI_PROTOCOL_ARMAGETRON 104 +#define NDPI_PROTOCOL_CROSSFIRE 105 #define NDPI_PROTOCOL_DOFUS 106 #define NDPI_PROTOCOL_FIESTA 107 -#define NDPI_PROTOCOL_FLORENSIA 108 -#define NDPI_PROTOCOL_GUILDWARS 109 +#define NDPI_PROTOCOL_FLORENSIA 108 +#define NDPI_PROTOCOL_GUILDWARS 109 #define NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC 110 #define NDPI_PROTOCOL_KERBEROS 111 #define NDPI_PROTOCOL_LDAP 112 -#define NDPI_PROTOCOL_MAPLESTORY 113 -#define NDPI_PROTOCOL_MSSQL_TDS 114 +#define NDPI_PROTOCOL_MAPLESTORY 113 +#define NDPI_PROTOCOL_MSSQL_TDS 114 #define NDPI_PROTOCOL_PPTP 115 -#define NDPI_PROTOCOL_WARCRAFT3 116 -#define NDPI_PROTOCOL_WORLD_OF_KUNG_FU 117 +#define NDPI_PROTOCOL_WARCRAFT3 116 +#define NDPI_PROTOCOL_WORLD_OF_KUNG_FU 117 #define NDPI_PROTOCOL_SLACK 118 #define NDPI_PROTOCOL_FACEBOOK 119 #define NDPI_PROTOCOL_TWITTER 120 #define NDPI_PROTOCOL_DROPBOX 121 #define NDPI_PROTOCOL_GMAIL 122 -#define NDPI_PROTOCOL_GOOGLE_MAPS 123 +#define NDPI_PROTOCOL_GOOGLE_MAPS 123 #define NDPI_PROTOCOL_YOUTUBE 124 #define NDPI_PROTOCOL_SKYPE 125 #define NDPI_PROTOCOL_GOOGLE 126 #define NDPI_PROTOCOL_DCERPC 127 #define NDPI_PROTOCOL_NETFLOW 128 #define NDPI_PROTOCOL_SFLOW 129 -#define NDPI_PROTOCOL_HTTP_CONNECT 130 -#define NDPI_PROTOCOL_HTTP_PROXY 131 +#define NDPI_PROTOCOL_HTTP_CONNECT 130 +#define NDPI_PROTOCOL_HTTP_PROXY 131 #define NDPI_PROTOCOL_CITRIX 132 #define NDPI_PROTOCOL_NETFLIX 133 #define NDPI_PROTOCOL_LASTFM 134 diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 96cea5353..490098086 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -654,8 +654,8 @@ struct ndpi_packet_struct { u_int32_t tick_timestamp; u_int64_t tick_timestamp_l; - u_int16_t detected_protocol_stack[NDPI_PROTOCOL_HISTORY_SIZE]; - u_int8_t detected_subprotocol_stack[NDPI_PROTOCOL_HISTORY_SIZE]; + u_int16_t detected_protocol_stack[NDPI_PROTOCOL_SIZE]; + u_int8_t detected_subprotocol_stack[NDPI_PROTOCOL_SIZE]; #ifndef WIN32 @@ -888,7 +888,7 @@ struct ndpi_detection_module_struct { }; struct ndpi_flow_struct { - u_int16_t detected_protocol_stack[NDPI_PROTOCOL_HISTORY_SIZE]; + u_int16_t detected_protocol_stack[NDPI_PROTOCOL_SIZE]; #ifndef WIN32 __attribute__ ((__packed__)) #endif diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index f7346594e..31d2ab435 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -4097,7 +4097,7 @@ void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, void ndpi_int_reset_packet_protocol(struct ndpi_packet_struct *packet) { int a; - for(a = 0; a < NDPI_PROTOCOL_HISTORY_SIZE; a++) + for(a = 0; a < NDPI_PROTOCOL_SIZE; a++) packet->detected_protocol_stack[a] = NDPI_PROTOCOL_UNKNOWN; } @@ -4105,7 +4105,7 @@ void ndpi_int_reset_protocol(struct ndpi_flow_struct *flow) { if(flow) { int a; - for(a = 0; a < NDPI_PROTOCOL_HISTORY_SIZE; a++) { + for(a = 0; a < NDPI_PROTOCOL_SIZE; a++) { flow->detected_protocol_stack[a] = NDPI_PROTOCOL_UNKNOWN; } } -- cgit v1.2.3 From eeb6f9334a89eb6a5755684edb423ba94b66550b Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 15 Mar 2017 20:21:18 +0100 Subject: Warning fix --- src/lib/ndpi_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 31d2ab435..5c8589c3f 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -3254,7 +3254,7 @@ void check_ndpi_tcp_flow_func(struct ndpi_detection_module_struct *ndpi_struct, func = ndpi_struct->proto_defaults[flow->guessed_protocol_id].func; } - if((flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN)) { + if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) { for(a = 0; a < ndpi_struct->callback_buffer_size_tcp_payload; a++) { if((func != ndpi_struct->callback_buffer_tcp_payload[a].func) && (ndpi_struct->callback_buffer_tcp_payload[a].ndpi_selection_bitmask & *ndpi_selection_packet) == ndpi_struct->callback_buffer_tcp_payload[a].ndpi_selection_bitmask -- cgit v1.2.3 From 149818671d0cfcf09e37588aee963adc056f4250 Mon Sep 17 00:00:00 2001 From: Campus Date: Thu, 16 Mar 2017 10:31:36 +0100 Subject: minor fix for http --- src/lib/protocols/http.c | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) (limited to 'src') diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 33b15c689..1bef7f8f5 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -203,7 +203,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_PPSTREAM); } else if(iqiyi_counter > 0) { - NDPI_LOG(NDPI_SERVICE_IQIYI, ndpi_struct, NDPI_LOG_DEBUG, "iQiyi found.\n"); + NDPI_LOG(NDPI_PROTOCOL_IQIYI, ndpi_struct, NDPI_LOG_DEBUG, "iQiyi found.\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_IQIYI); } #endif @@ -378,13 +378,6 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ if(flow->detected_protocol_stack[0] != flow->guessed_host_protocol_id) flow->guessed_host_protocol_id = flow->detected_protocol_stack[0]; } - - /* if((flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) */ - /* && ((ndpi_struct->http_dont_dissect_response) || flow->http_detected)) */ - /* ndpi_match_host_subprotocol(ndpi_struct, flow, */ - /* (char *)flow->host_server_name, */ - /* strlen((const char *)flow->host_server_name), */ - /* NDPI_PROTOCOL_HTTP); */ if((flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) && ((ndpi_struct->http_dont_dissect_response) || flow->http_detected) @@ -545,9 +538,6 @@ void _org_ndpi_search_http_tcp(struct ndpi_detection_module_struct *ndpi_struct, { struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; - u_int16_t filename_start; NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "search http\n"); @@ -902,13 +892,14 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct "HTTP START Found, we will look for sub-protocols (content and host)...\n"); if(packet->host_line.ptr != NULL) { + /** nDPI is pretty scrupulous about HTTP so it waits until the HTTP response is received just to check that it conforms with the HTTP specs. However this might be a waste of time as in 99.99% of the cases is like that. */ - + if(ndpi_struct->http_dont_dissect_response) { if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) /* No subprotocol found */ ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP); @@ -933,7 +924,8 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct /** At first check, if this is for sure a response packet (in another direction. If not, if http is detected do nothing now and return, - otherwise check the second packet for the http request . */ + otherwise check the second packet for the http request + */ if((flow->l4.tcp.http_stage - packet->packet_direction) == 1) { if(flow->http_detected) -- cgit v1.2.3 From 4300208642e0ccd4d945a25e738b65d019b2cc30 Mon Sep 17 00:00:00 2001 From: Vito Piserchia Date: Thu, 16 Mar 2017 17:32:38 +0100 Subject: Added ndpi_flow_ free/malloc and set_ functions: Ideally these two new functions will provide more flexibility in regards of application that want to use specific allocation approaches, for example storage queues for this structures from where the application can pop and release the data it needs. Semantically they can be set up as the other ndpi_malloc and ndpi_free functions, that is via the set_ndpi_flow_malloc and set_ndpi_flow_free. In case a NULL parameter is passed to the above functions the old approach will be used, that means that the ndpi_malloc will be used as the ndpi_flow_malloc function and ndpi_free_flow as the ndpi_flow_free one. Application that use the old functions will be not affected by this change, and the ndpi_free_flow can be deprecated in the future and made private. --- example/ndpi_util.c | 8 +++----- src/include/ndpi_api.h | 8 +++++++- src/lib/ndpi_main.c | 13 +++++++++++-- 3 files changed, 21 insertions(+), 8 deletions(-) (limited to 'src') diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 8fe104b3e..1bb094a1e 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -62,16 +62,13 @@ #define GTP_U_V1_PORT 2152 #define TZSP_PORT 37008 -#define SIZEOF_ID_STRUCT (sizeof(struct ndpi_id_struct)) -#define SIZEOF_FLOW_STRUCT (sizeof(struct ndpi_flow_struct)) - #include "ndpi_main.h" #include "ndpi_util.h" /* ***************************************************** */ void ndpi_free_flow_info_half(struct ndpi_flow_info *flow) { - if(flow->ndpi_flow) { ndpi_free_flow(flow->ndpi_flow); flow->ndpi_flow = NULL; } + if(flow->ndpi_flow) { ndpi_flow_free(flow->ndpi_flow); flow->ndpi_flow = NULL; } if(flow->src_id) { ndpi_free(flow->src_id); flow->src_id = NULL; } if(flow->dst_id) { ndpi_free(flow->dst_id); flow->dst_id = NULL; } } @@ -106,6 +103,7 @@ static void free_wrapper(void *freeable) { struct ndpi_workflow * ndpi_workflow_init(const struct ndpi_workflow_prefs * prefs, pcap_t * pcap_handle) { set_ndpi_malloc(malloc_wrapper), set_ndpi_free(free_wrapper); + set_ndpi_flow_malloc(NULL), set_ndpi_flow_free(NULL); /* TODO: just needed here to init ndpi malloc wrapper */ struct ndpi_detection_module_struct * module = ndpi_init_detection_module(); @@ -356,7 +354,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow patchIPv6Address(newflow->lower_name), patchIPv6Address(newflow->upper_name); } - if((newflow->ndpi_flow = ndpi_malloc(SIZEOF_FLOW_STRUCT)) == NULL) { + if((newflow->ndpi_flow = ndpi_flow_malloc(SIZEOF_FLOW_STRUCT)) == NULL) { NDPI_LOG(0, workflow->ndpi_struct, NDPI_LOG_ERROR, "[NDPI] %s(2): not enough memory\n", __FUNCTION__); free(newflow); return(NULL); diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index ca295b4e1..bcc5fe51f 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -31,6 +31,9 @@ extern "C" { #endif +#define SIZEOF_ID_STRUCT (sizeof(struct ndpi_id_struct)) +#define SIZEOF_FLOW_STRUCT (sizeof(struct ndpi_flow_struct)) + #define NDPI_DETECTION_ONLY_IPV4 ( 1 << 0 ) #define NDPI_DETECTION_ONLY_IPV6 ( 1 << 1 ) @@ -79,8 +82,9 @@ extern "C" { void * ndpi_realloc(void *ptr, size_t old_size, size_t new_size); char * ndpi_strdup(const char *s); void ndpi_free(void *ptr); + void * ndpi_flow_malloc(size_t size); + void ndpi_flow_free(void *ptr); - /** * Search the first occurrence of substring -find- in -s- * The search is limited to the first -slen- characters of the string @@ -591,6 +595,8 @@ extern "C" { /* Utility functions to set ndpi malloc/free/print wrappers */ void set_ndpi_malloc(void* (*__ndpi_malloc)(size_t size)); void set_ndpi_free(void (*__ndpi_free)(void *ptr)); + void set_ndpi_flow_malloc(void* (*__ndpi_flow_malloc)(size_t size)); + void set_ndpi_flow_free(void (*__ndpi_flow_free)(void *ptr)); void set_ndpi_debug_function(struct ndpi_detection_module_struct *ndpi_str, ndpi_debug_function_ptr ndpi_debug_printf); #ifdef __cplusplus diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 5c8589c3f..5e65dbe5f 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -213,6 +213,9 @@ u_int8_t ndpi_ips_match(u_int32_t src, u_int32_t dst, /* ****************************************** */ +static void *(*_ndpi_flow_malloc)(size_t size); +static void (*_ndpi_flow_free)(void *ptr); + static void *(*_ndpi_malloc)(size_t size); static void (*_ndpi_free)(void *ptr); @@ -310,6 +313,7 @@ static int removeDefaultPort(ndpi_port_range *range, /* ****************************************** */ void * ndpi_malloc(size_t size) { return(_ndpi_malloc ? _ndpi_malloc(size) : malloc(size)); } +void * ndpi_flow_malloc(size_t size) { return(_ndpi_flow_malloc ? _ndpi_flow_malloc(size) : ndpi_malloc(size)); } /* ****************************************** */ @@ -327,6 +331,7 @@ void * ndpi_calloc(unsigned long count, size_t size) /* ****************************************** */ void ndpi_free(void *ptr) { if(_ndpi_free) _ndpi_free(ptr); else free(ptr); } +void ndpi_flow_free(void *ptr) { if(_ndpi_flow_free) _ndpi_flow_free(ptr); else ndpi_free_flow((struct ndpi_flow_struct *) ptr); } /* ****************************************** */ @@ -1757,8 +1762,10 @@ static int ndpi_add_host_ip_subprotocol(struct ndpi_detection_module_struct *ndp #endif void set_ndpi_malloc(void* (*__ndpi_malloc)(size_t size)) { _ndpi_malloc = __ndpi_malloc; } +void set_ndpi_flow_malloc(void* (*__ndpi_flow_malloc)(size_t size)) { _ndpi_flow_malloc = __ndpi_flow_malloc; } void set_ndpi_free(void (*__ndpi_free)(void *ptr)) { _ndpi_free = __ndpi_free; } +void set_ndpi_flow_free(void (*__ndpi_flow_free)(void *ptr)) { _ndpi_flow_free = __ndpi_flow_free; } void ndpi_debug_printf(unsigned int proto, struct ndpi_detection_module_struct *ndpi_str, ndpi_log_level_t log_level, const char * format, ...) { @@ -4680,8 +4687,10 @@ int ndpi_match_bigram(struct ndpi_detection_module_struct *ndpi_struct, void ndpi_free_flow(struct ndpi_flow_struct *flow) { if(flow) { - if(flow->http.url) ndpi_free(flow->http.url); - if(flow->http.content_type) ndpi_free(flow->http.content_type); + if(flow->http.url) + ndpi_free(flow->http.url); + if(flow->http.content_type) + ndpi_free(flow->http.content_type); ndpi_free(flow); } } -- cgit v1.2.3 From 689d3e760295f4352c0c850ff86870ebe27a71a0 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sun, 19 Mar 2017 22:38:13 +0100 Subject: Improved netbios dissection --- src/lib/protocols/netbios.c | 152 ++++++++++++++++++++++++-------------------- 1 file changed, 84 insertions(+), 68 deletions(-) (limited to 'src') diff --git a/src/lib/protocols/netbios.c b/src/lib/protocols/netbios.c index ca649782b..55ba8f5e4 100644 --- a/src/lib/protocols/netbios.c +++ b/src/lib/protocols/netbios.c @@ -2,7 +2,7 @@ * netbios.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-17 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -27,6 +27,10 @@ #ifdef NDPI_PROTOCOL_NETBIOS +struct netbios_header { + u_int16_t transaction_id, flags, questions, answer_rrs, authority_rrs, additional_rrs; +}; + /* The function below has been inherited by tcpdump */ static int netbios_name_interpret(char *in, char *out, u_int out_len) { int ret = 0, len; @@ -63,6 +67,7 @@ static int netbios_name_interpret(char *in, char *out, u_int out_len) { static void ndpi_int_netbios_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_NETBIOS, NDPI_PROTOCOL_UNKNOWN); } @@ -70,28 +75,30 @@ static void ndpi_int_netbios_add_connection(struct ndpi_detection_module_struct void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; - - u_int16_t dport; - - if (packet->udp != NULL) { + char name[64]; + + if(packet->udp != NULL) { dport = ntohs(packet->udp->dest); NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "netbios udp start\n"); /*check standard NETBIOS over udp to port 137 */ - if ((dport == 137 || 0) && packet->payload_packet_len >= 50) { - + if((dport == 137 || 0) && packet->payload_packet_len >= 50) { + struct netbios_header h; + + memcpy(&h, packet->payload, sizeof(struct netbios_header)); + h.transaction_id = ntohs(h.transaction_id), h.flags = ntohs(h.flags), + h.questions = ntohs(h.questions), h.answer_rrs = ntohs(h.answer_rrs), + h.authority_rrs = ntohs(h.authority_rrs), h.additional_rrs = ntohs(h.additional_rrs); + NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "found netbios port 137 and payload_packet_len 50\n"); - if (ntohs(get_u_int16_t(packet->payload, 2)) == 0 && - ntohs(get_u_int16_t(packet->payload, 4)) == 1 && - ntohs(get_u_int16_t(packet->payload, 6)) == 0 && - ntohs(get_u_int16_t(packet->payload, 8)) == 0 && ntohs(get_u_int16_t(packet->payload, 10)) == 0) { + if(h.flags == 0 && + h.questions == 1 && + h.answer_rrs == 0 && + h.authority_rrs == 0 && h.additional_rrs == 0) { NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "found netbios with questions = 1 and answers = 0, authority = 0 \n"); @@ -99,10 +106,24 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc ndpi_int_netbios_add_connection(ndpi_struct, flow); return; } - if (packet->payload[2] == 0x80 && - ntohs(get_u_int16_t(packet->payload, 4)) == 1 && - ntohs(get_u_int16_t(packet->payload, 6)) == 0 && - ntohs(get_u_int16_t(packet->payload, 8)) == 0 && ntohs(get_u_int16_t(packet->payload, 10)) == 1) { + if(((h.flags & 0x8710) == 0x10) && + h.questions == 1 && + h.answer_rrs == 0 && + h.authority_rrs == 0) { + + NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, + NDPI_LOG_DEBUG, "found netbios with questions = 1 and answers = 0, authority = 0 and broadcast \n"); + + if(netbios_name_interpret((char*)&packet->payload[12], name, sizeof(name)) > 0) + snprintf((char*)flow->host_server_name, sizeof(flow->host_server_name)-1, "%s", name); + + ndpi_int_netbios_add_connection(ndpi_struct, flow); + return; + } + if(packet->payload[2] == 0x80 && + h.questions == 1 && + h.answer_rrs == 0 && + h.authority_rrs == 0 && h.additional_rrs == 1) { NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "found netbios with questions = 1 and answers, authority, additional = 0 \n"); @@ -110,10 +131,10 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc ndpi_int_netbios_add_connection(ndpi_struct, flow); return; } - if (ntohs(get_u_int16_t(packet->payload, 2)) == 0x4000 && - ntohs(get_u_int16_t(packet->payload, 4)) == 1 && - ntohs(get_u_int16_t(packet->payload, 6)) == 0 && - ntohs(get_u_int16_t(packet->payload, 8)) == 0 && ntohs(get_u_int16_t(packet->payload, 10)) == 1) { + if(h.flags == 0x4000 && + h.questions == 1 && + h.answer_rrs == 0 && + h.authority_rrs == 0 && h.additional_rrs == 1) { NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "found netbios with questions = 1 and answers = 0, authority = 0 \n"); @@ -121,10 +142,10 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc ndpi_int_netbios_add_connection(ndpi_struct, flow); return; } - if (ntohs(get_u_int16_t(packet->payload, 2)) == 0x8400 && - ntohs(get_u_int16_t(packet->payload, 4)) == 0 && - ntohs(get_u_int16_t(packet->payload, 6)) == 1 && - ntohs(get_u_int16_t(packet->payload, 8)) == 0 && ntohs(get_u_int16_t(packet->payload, 10)) == 0) { + if(h.flags == 0x8400 && + h.questions == 0 && + h.answer_rrs == 1 && + h.authority_rrs == 0 && h.additional_rrs == 0) { NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, @@ -133,10 +154,10 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc ndpi_int_netbios_add_connection(ndpi_struct, flow); return; } - if (ntohs(get_u_int16_t(packet->payload, 2)) == 0x8500 && - ntohs(get_u_int16_t(packet->payload, 4)) == 0 && - ntohs(get_u_int16_t(packet->payload, 6)) == 1 && - ntohs(get_u_int16_t(packet->payload, 8)) == 0 && ntohs(get_u_int16_t(packet->payload, 10)) == 0) { + if(h.flags == 0x8500 && + h.questions == 0 && + h.answer_rrs == 1 && + h.authority_rrs == 0 && h.additional_rrs == 0) { NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, @@ -145,10 +166,10 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc ndpi_int_netbios_add_connection(ndpi_struct, flow); return; } - if (ntohs(get_u_int16_t(packet->payload, 2)) == 0x2910 && - ntohs(get_u_int16_t(packet->payload, 4)) == 1 && - ntohs(get_u_int16_t(packet->payload, 6)) == 0 && - ntohs(get_u_int16_t(packet->payload, 8)) == 0 && ntohs(get_u_int16_t(packet->payload, 10)) == 1) { + if(h.flags == 0x2910 && + h.questions == 1 && + h.answer_rrs == 0 && + h.authority_rrs == 0 && h.additional_rrs == 1) { NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, @@ -157,10 +178,10 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc ndpi_int_netbios_add_connection(ndpi_struct, flow); return; } - if (ntohs(get_u_int16_t(packet->payload, 2)) == 0xAD86 && - ntohs(get_u_int16_t(packet->payload, 4)) == 0 && - ntohs(get_u_int16_t(packet->payload, 6)) == 1 && - ntohs(get_u_int16_t(packet->payload, 8)) == 0 && ntohs(get_u_int16_t(packet->payload, 10)) == 0) { + if(h.flags == 0xAD86 && + h.questions == 0 && + h.answer_rrs == 1 && + h.authority_rrs == 0 && h.additional_rrs == 0) { NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, @@ -169,10 +190,10 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc ndpi_int_netbios_add_connection(ndpi_struct, flow); return; } - if (ntohs(get_u_int16_t(packet->payload, 2)) == 0x0110 && - ntohs(get_u_int16_t(packet->payload, 4)) == 1 && - ntohs(get_u_int16_t(packet->payload, 6)) == 0 && - ntohs(get_u_int16_t(packet->payload, 8)) == 0 && ntohs(get_u_int16_t(packet->payload, 10)) == 0) { + if(h.flags == 0x0110 && + h.questions == 1 && + h.answer_rrs == 0 && + h.authority_rrs == 0 && h.additional_rrs == 0) { NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, @@ -182,11 +203,11 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc return; } - if ((ntohs(get_u_int16_t(packet->payload, 2)) & 0xf800) == 0) { + if((h.flags & 0xf800) == 0) { NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "possible netbios name query request\n"); - if (get_u_int16_t(packet->payload, 4) == htons(1) && + if(get_u_int16_t(packet->payload, 4) == htons(1) && get_u_int16_t(packet->payload, 6) == 0 && get_u_int16_t(packet->payload, 8) == 0 && get_u_int16_t(packet->payload, 10) == 0) { @@ -196,13 +217,13 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "possible netbios name query request, one question\n"); - if (packet->payload_packet_len == 12 + 1 + name_length + 1 + 2 + 2) { + if(packet->payload_packet_len == 12 + 1 + name_length + 1 + 2 + 2) { NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "possible netbios name query request, length matches\n"); /* null terminated? */ - if (packet->payload[12 + name_length + 1] == 0 && + if(packet->payload[12 + name_length + 1] == 0 && get_u_int16_t(packet->payload, 12 + name_length + 2) == htons(0x0020) && get_u_int16_t(packet->payload, 12 + name_length + 4) == htons(0x0001)) { @@ -213,12 +234,11 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc } } } - } else if ((ntohs(get_u_int16_t(packet->payload, 2)) & 0xf800) == 0x8000) { - + } else if((h.flags & 0xf800) == 0x8000) { NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "possible netbios name query response\n"); - if (get_u_int16_t(packet->payload, 4) == 0 && + if(get_u_int16_t(packet->payload, 4) == 0 && get_u_int16_t(packet->payload, 6) == htons(1) && get_u_int16_t(packet->payload, 8) == 0 && get_u_int16_t(packet->payload, 10) == 0) { @@ -228,13 +248,13 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "possible netbios positive name query response, one answer\n"); - if (packet->payload_packet_len >= 12 + 1 + name_length + 1 + 2 + 2) { + if(packet->payload_packet_len >= 12 + 1 + name_length + 1 + 2 + 2) { NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "possible netbios name query response, length matches\n"); /* null terminated? */ - if (packet->payload[12 + name_length + 1] == 0 && + if(packet->payload[12 + name_length + 1] == 0 && get_u_int16_t(packet->payload, 12 + name_length + 2) == htons(0x0020) && get_u_int16_t(packet->payload, 12 + name_length + 4) == htons(0x0001)) { @@ -244,7 +264,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc return; } } - } else if (get_u_int16_t(packet->payload, 4) == 0 && + } else if(get_u_int16_t(packet->payload, 4) == 0 && get_u_int16_t(packet->payload, 6) == 0 && get_u_int16_t(packet->payload, 8) == 0 && get_u_int16_t(packet->payload, 10) == 0) { @@ -254,13 +274,13 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "possible netbios negative name query response, one answer\n"); - if (packet->payload_packet_len >= 12 + 1 + name_length + 1 + 2 + 2) { + if(packet->payload_packet_len >= 12 + 1 + name_length + 1 + 2 + 2) { NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "possible netbios name query response, length matches\n"); /* null terminated? */ - if (packet->payload[12 + name_length + 1] == 0 && + if(packet->payload[12 + name_length + 1] == 0 && get_u_int16_t(packet->payload, 12 + name_length + 2) == htons(0x000A) && get_u_int16_t(packet->payload, 12 + name_length + 4) == htons(0x0001)) { @@ -270,7 +290,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc return; } } - } else if (get_u_int16_t(packet->payload, 4) == 0 && + } else if(get_u_int16_t(packet->payload, 4) == 0 && get_u_int16_t(packet->payload, 6) == 0 && get_u_int16_t(packet->payload, 8) == htons(1) && get_u_int16_t(packet->payload, 10) == htons(1)) { @@ -280,13 +300,13 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "possible netbios redirect name query response, one answer\n"); - if (packet->payload_packet_len >= 12 + 1 + name_length + 1 + 2 + 2) { + if(packet->payload_packet_len >= 12 + 1 + name_length + 1 + 2 + 2) { NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "possible netbios name query response, length matches\n"); /* null terminated? */ - if (packet->payload[12 + name_length + 1] == 0 && + if(packet->payload[12 + name_length + 1] == 0 && get_u_int16_t(packet->payload, 12 + name_length + 2) == htons(0x0002) && get_u_int16_t(packet->payload, 12 + name_length + 4) == htons(0x0001)) { @@ -305,21 +325,19 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc /*netbios header token from http://www.protocolbase.net/protocols/protocol_NBDGM.php */ - if ((dport == 138) && + if((dport == 138) && packet->payload_packet_len >= 14 && ntohs(get_u_int16_t(packet->payload, 10)) == packet->payload_packet_len - 14) { NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "found netbios port 138 and payload length >= 112 \n"); - if (packet->payload[0] >= 0x11 && packet->payload[0] <= 0x16) { + if(packet->payload[0] >= 0x11 && packet->payload[0] <= 0x16) { NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "found netbios with MSG-type 0x11,0x12,0x13,0x14,0x15 or 0x16\n"); - if (ntohl(get_u_int32_t(packet->payload, 4)) == ntohl(packet->iph->saddr)) { - char name[64]; - + if(ntohl(get_u_int32_t(packet->payload, 4)) == ntohl(packet->iph->saddr)) { NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "found netbios with checked ip-address.\n"); @@ -333,22 +351,22 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc } } - if (packet->tcp != NULL) { + if(packet->tcp != NULL) { dport = ntohs(packet->tcp->dest); NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "netbios tcp start\n"); /* destination port must be 139 */ - if (dport == 139) { + if(dport == 139) { NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "found netbios with destination port 139\n"); /* payload_packet_len must be 72 */ - if (packet->payload_packet_len == 72) { + if(packet->payload_packet_len == 72) { NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "found netbios with payload_packen_len = 72. \n"); - if (packet->payload[0] == 0x81 && packet->payload[1] == 0 && ntohs(get_u_int16_t(packet->payload, 2)) == 68) { + if(packet->payload[0] == 0x81 && packet->payload[1] == 0 && ntohs(get_u_int16_t(packet->payload, 2)) == 68) { NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "found netbios with session request = 81, flags=0 and length od following bytes = 68. \n"); @@ -363,10 +381,8 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "exclude netbios\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_NETBIOS); - } - void init_netbios_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { ndpi_set_bitmask_protocol_detection("NETBIOS", ndpi_struct, detection_bitmask, *id, -- cgit v1.2.3 From 6a5b380bc7495d91aaee189c52b6f9c300665027 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sun, 19 Mar 2017 22:51:13 +0100 Subject: Exported ndpi_netbios_name_interpret() to all nDPI apps --- libndpi.sym | 1 + src/include/ndpi_main.h | 5 ++++- src/lib/protocols/netbios.c | 6 +++--- 3 files changed, 8 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/libndpi.sym b/libndpi.sym index d7dc633fc..3fb3d9c33 100644 --- a/libndpi.sym +++ b/libndpi.sym @@ -49,3 +49,4 @@ set_ndpi_free set_ndpi_debug_function ndpi_category_str ndpi_get_proto_category +ndpi_netbios_name_interpret \ No newline at end of file diff --git a/src/include/ndpi_main.h b/src/include/ndpi_main.h index cd96af5d8..24bdcb171 100644 --- a/src/include/ndpi_main.h +++ b/src/include/ndpi_main.h @@ -106,7 +106,10 @@ extern "C" { extern int ndpi_get_protocol_id_master_proto(struct ndpi_detection_module_struct *ndpi_struct, u_int16_t protocol_id, u_int16_t** tcp_master_proto, u_int16_t** udp_master_proto); - +#ifdef NDPI_PROTOCOL_NETBIOS + int ndpi_netbios_name_interpret(char *in, char *out, u_int out_len); +#endif + #ifdef NDPI_ENABLE_DEBUG_MESSAGES void ndpi_debug_get_last_log_function_line(struct ndpi_detection_module_struct *ndpi_struct, const char **file, const char **func, u_int32_t * line); diff --git a/src/lib/protocols/netbios.c b/src/lib/protocols/netbios.c index 55ba8f5e4..752da6c10 100644 --- a/src/lib/protocols/netbios.c +++ b/src/lib/protocols/netbios.c @@ -32,7 +32,7 @@ struct netbios_header { }; /* The function below has been inherited by tcpdump */ -static int netbios_name_interpret(char *in, char *out, u_int out_len) { +int ndpi_netbios_name_interpret(char *in, char *out, u_int out_len) { int ret = 0, len; char *b; @@ -114,7 +114,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "found netbios with questions = 1 and answers = 0, authority = 0 and broadcast \n"); - if(netbios_name_interpret((char*)&packet->payload[12], name, sizeof(name)) > 0) + if(ndpi_netbios_name_interpret((char*)&packet->payload[12], name, sizeof(name)) > 0) snprintf((char*)flow->host_server_name, sizeof(flow->host_server_name)-1, "%s", name); ndpi_int_netbios_add_connection(ndpi_struct, flow); @@ -341,7 +341,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "found netbios with checked ip-address.\n"); - if(netbios_name_interpret((char*)&packet->payload[12], name, sizeof(name)) > 0) + if(ndpi_netbios_name_interpret((char*)&packet->payload[12], name, sizeof(name)) > 0) snprintf((char*)flow->host_server_name, sizeof(flow->host_server_name)-1, "%s", name); ndpi_int_netbios_add_connection(ndpi_struct, flow); -- cgit v1.2.3 From 760d468aca5e75123b594319701a43e808961a5d Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sun, 19 Mar 2017 23:42:36 +0100 Subject: Improved netbios name decoding --- src/lib/protocols/netbios.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/lib/protocols/netbios.c b/src/lib/protocols/netbios.c index 752da6c10..c899086eb 100644 --- a/src/lib/protocols/netbios.c +++ b/src/lib/protocols/netbios.c @@ -50,8 +50,11 @@ int ndpi_netbios_name_interpret(char *in, char *out, u_int out_len) { } *out = ((in[0]-'A')<<4) + (in[1]-'A'); + in += 2; - out++, ret++; + + if(isprint(*out)) + out++, ret++; } *out = 0; -- cgit v1.2.3 From 92b1b46fa67e9de42a028ef9ec0d618cd8e701c5 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 21 Mar 2017 00:48:16 +0100 Subject: SSL server certificate is now detected --- example/ndpiReader.c | 1 + example/ndpi_util.c | 112 ++++++------ example/ndpi_util.h | 1 + src/lib/ndpi_main.c | 52 +++--- src/lib/protocols/ssl.c | 6 +- tests/result/6in4tunnel.pcap.out | 2 +- tests/result/KakaoTalk_chat.pcap.out | 47 ----- tests/result/KakaoTalk_talk.pcap.out | 31 ---- tests/result/quickplay.pcap.out | 26 --- tests/result/skype.pcap.out | 312 ++++++++++++++++----------------- tests/result/skype_no_unknown.pcap.out | 290 +++++++++++++++--------------- tests/result/viber_mobile.pcap.out | 4 +- tests/result/webex.pcap.out | 2 +- 13 files changed, 398 insertions(+), 488 deletions(-) (limited to 'src') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index aa5db8821..dda137df9 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -517,6 +517,7 @@ static void node_proto_guess_walker(const void *node, ndpi_VISIT which, int dept } } + process_ndpi_collected_info(ndpi_thread_info[thread_id].workflow, flow); ndpi_thread_info[thread_id].workflow->stats.protocol_counter[flow->detected_protocol.app_protocol] += flow->packets; ndpi_thread_info[thread_id].workflow->stats.protocol_counter_bytes[flow->detected_protocol.app_protocol] += flow->bytes; ndpi_thread_info[thread_id].workflow->stats.protocol_flows[flow->detected_protocol.app_protocol]++; diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 8fe104b3e..b1ea6a3de 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -435,6 +435,64 @@ static struct ndpi_flow_info *get_ndpi_flow_info6(struct ndpi_workflow * workflo /* ****************************************************** */ +void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_flow_info *flow) { + if(!flow->ndpi_flow) return; + + snprintf(flow->host_server_name, sizeof(flow->host_server_name), "%s", + flow->ndpi_flow->host_server_name); + + /* BITTORRENT */ + if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_BITTORRENT) { + int i, j, n = 0; + + for(i=0, j = 0; j < sizeof(flow->bittorent_hash)-1; i++) { + sprintf(&flow->bittorent_hash[j], "%02x", flow->ndpi_flow->bittorent_hash[i]); + j += 2, n += flow->ndpi_flow->bittorent_hash[i]; + } + + if(n == 0) flow->bittorent_hash[0] = '\0'; + } + /* MDNS */ + else if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_MDNS) { + snprintf(flow->info, sizeof(flow->info), "%s", flow->ndpi_flow->protos.mdns.answer); + } + /* UBNTAC2 */ + else if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UBNTAC2) { + snprintf(flow->info, sizeof(flow->info), "%s", flow->ndpi_flow->protos.ubntac2.version); + } + if(flow->detected_protocol.app_protocol != NDPI_PROTOCOL_DNS) { + /* SSH */ + if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_SSH) { + snprintf(flow->ssh_ssl.client_info, sizeof(flow->ssh_ssl.client_info), "%s", + flow->ndpi_flow->protos.ssh.client_signature); + snprintf(flow->ssh_ssl.server_info, sizeof(flow->ssh_ssl.server_info), "%s", + flow->ndpi_flow->protos.ssh.server_signature); + } + /* SSL */ + else if((flow->detected_protocol.app_protocol == NDPI_PROTOCOL_SSL) + || (flow->detected_protocol.master_protocol == NDPI_PROTOCOL_SSL)) { + snprintf(flow->ssh_ssl.client_info, sizeof(flow->ssh_ssl.client_info), "%s", + flow->ndpi_flow->protos.ssl.client_certificate); + snprintf(flow->ssh_ssl.server_info, sizeof(flow->ssh_ssl.server_info), "%s", + flow->ndpi_flow->protos.ssl.server_certificate); + } + } + + if(flow->detection_completed) { + if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) { + if (workflow->__flow_giveup_callback != NULL) + workflow->__flow_giveup_callback(workflow, flow, workflow->__flow_giveup_udata); + } else { + if (workflow->__flow_detected_callback != NULL) + workflow->__flow_detected_callback(workflow, flow, workflow->__flow_detected_udata); + } + + ndpi_free_flow_info_half(flow); + } +} + +/* ****************************************************** */ + /** Function to process the packet: determine the flow of a packet and try to decode it @@ -494,6 +552,7 @@ static unsigned int packet_processing(struct ndpi_workflow * workflow, || ((proto == IPPROTO_UDP) && (flow->packets > 8)) || ((proto == IPPROTO_TCP) && (flow->packets > 10))) { /* New protocol detected or give up */ + flow->detection_completed = 1; } @@ -503,58 +562,7 @@ static unsigned int packet_processing(struct ndpi_workflow * workflow, flow->ndpi_flow); } - snprintf(flow->host_server_name, sizeof(flow->host_server_name), "%s", - flow->ndpi_flow->host_server_name); - - /* BITTORRENT */ - if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_BITTORRENT) { - int i, j, n = 0; - - for(i=0, j = 0; j < sizeof(flow->bittorent_hash)-1; i++) { - sprintf(&flow->bittorent_hash[j], "%02x", flow->ndpi_flow->bittorent_hash[i]); - j += 2, n += flow->ndpi_flow->bittorent_hash[i]; - } - - if(n == 0) flow->bittorent_hash[0] = '\0'; - } - /* MDNS */ - else if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_MDNS) { - snprintf(flow->info, sizeof(flow->info), "%s", flow->ndpi_flow->protos.mdns.answer); - } - /* UBNTAC2 */ - else if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UBNTAC2) { - snprintf(flow->info, sizeof(flow->info), "%s", flow->ndpi_flow->protos.ubntac2.version); - } - if((proto == IPPROTO_TCP) && (flow->detected_protocol.app_protocol != NDPI_PROTOCOL_DNS)) { - /* SSH */ - if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_SSH) { - snprintf(flow->ssh_ssl.client_info, sizeof(flow->ssh_ssl.client_info), "%s", - flow->ndpi_flow->protos.ssh.client_signature); - snprintf(flow->ssh_ssl.server_info, sizeof(flow->ssh_ssl.server_info), "%s", - flow->ndpi_flow->protos.ssh.server_signature); - } - /* SSL */ - else if((flow->detected_protocol.app_protocol == NDPI_PROTOCOL_SSL) - || (flow->detected_protocol.master_protocol == NDPI_PROTOCOL_SSL)) { - snprintf(flow->ssh_ssl.client_info, sizeof(flow->ssh_ssl.client_info), "%s", - flow->ndpi_flow->protos.ssl.client_certificate); - snprintf(flow->ssh_ssl.server_info, sizeof(flow->ssh_ssl.server_info), "%s", - flow->ndpi_flow->protos.ssl.server_certificate); - } - } - - if(flow->detection_completed) { - if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) { - if (workflow->__flow_giveup_callback != NULL) - workflow->__flow_giveup_callback(workflow, flow, workflow->__flow_giveup_udata); - } else { - if (workflow->__flow_detected_callback != NULL) - workflow->__flow_detected_callback(workflow, flow, workflow->__flow_detected_udata); - } - - ndpi_free_flow_info_half(flow); - } - + process_ndpi_collected_info(workflow, flow); return 0; } diff --git a/example/ndpi_util.h b/example/ndpi_util.h index 6ff17bac2..1c092cbfa 100644 --- a/example/ndpi_util.h +++ b/example/ndpi_util.h @@ -159,5 +159,6 @@ static inline void ndpi_workflow_set_flow_giveup_callback(struct ndpi_workflow * /* compare two nodes in workflow */ int ndpi_workflow_node_cmp(const void *a, const void *b); +void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_flow_info *flow); #endif diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 5c8589c3f..a2abca7b8 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -3327,30 +3327,34 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) { u_int16_t guessed_protocol_id, guessed_host_protocol_id; - if((flow->guessed_protocol_id == NDPI_PROTOCOL_UNKNOWN) - && (flow->packet.l4_protocol == IPPROTO_TCP) - && (flow->l4.tcp.ssl_stage > 1)) - flow->guessed_protocol_id = NDPI_PROTOCOL_SSL; - - guessed_protocol_id = flow->guessed_protocol_id, - guessed_host_protocol_id = flow->guessed_host_protocol_id; - - if((guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN) - && (NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_host_protocol_id))) - guessed_host_protocol_id = NDPI_PROTOCOL_UNKNOWN; - - - /* Ignore guessed protocol if they have been discarded */ - if((guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) - && (guessed_host_protocol_id == NDPI_PROTOCOL_UNKNOWN) - && (NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_protocol_id))) - guessed_protocol_id = NDPI_PROTOCOL_UNKNOWN; - - if((guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) - || (guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN)) { - ndpi_int_change_protocol(ndpi_struct, flow, - guessed_host_protocol_id, - guessed_protocol_id); + if(flow->protos.ssl.client_certificate[0] != '\0') { + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SSL, NDPI_PROTOCOL_UNKNOWN); + } else { + if((flow->guessed_protocol_id == NDPI_PROTOCOL_UNKNOWN) + && (flow->packet.l4_protocol == IPPROTO_TCP) + && (flow->l4.tcp.ssl_stage > 1)) + flow->guessed_protocol_id = NDPI_PROTOCOL_SSL; + + guessed_protocol_id = flow->guessed_protocol_id, + guessed_host_protocol_id = flow->guessed_host_protocol_id; + + if((guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN) + && (NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_host_protocol_id))) + guessed_host_protocol_id = NDPI_PROTOCOL_UNKNOWN; + + + /* Ignore guessed protocol if they have been discarded */ + if((guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) + && (guessed_host_protocol_id == NDPI_PROTOCOL_UNKNOWN) + && (NDPI_ISSET(&flow->excluded_protocol_bitmask, guessed_protocol_id))) + guessed_protocol_id = NDPI_PROTOCOL_UNKNOWN; + + if((guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) + || (guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN)) { + ndpi_int_change_protocol(ndpi_struct, flow, + guessed_host_protocol_id, + guessed_protocol_id); + } } } else { flow->detected_protocol_stack[1] = flow->guessed_protocol_id, diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c index 8915b0e99..69f06e714 100644 --- a/src/lib/protocols/ssl.c +++ b/src/lib/protocols/ssl.c @@ -24,10 +24,9 @@ #include "ndpi_api.h" -/* #define CERTIFICATE_DEBUG 1 */ - #ifdef NDPI_PROTOCOL_SSL +/* #define CERTIFICATE_DEBUG 1 */ #define NDPI_MAX_SSL_REQUEST_SIZE 10000 /* Skype.c */ @@ -184,6 +183,7 @@ int getSSLcertificate(struct ndpi_detection_module_struct *ndpi_struct, /* Check after handshake protocol header (5 bytes) and message header (4 bytes) */ for(i = 9; i < packet->payload_packet_len-3; i++) { if(((packet->payload[i] == 0x04) && (packet->payload[i+1] == 0x03) && (packet->payload[i+2] == 0x0c)) + || ((packet->payload[i] == 0x04) && (packet->payload[i+1] == 0x03) && (packet->payload[i+2] == 0x13)) || ((packet->payload[i] == 0x55) && (packet->payload[i+1] == 0x04) && (packet->payload[i+2] == 0x03))) { u_int8_t server_len = packet->payload[i+3]; @@ -345,7 +345,7 @@ int sslDetectProtocolFromCertificate(struct ndpi_detection_module_struct *ndpi_s && flow->l4.tcp.seen_syn_ack && flow->l4.tcp.seen_ack /* We have seen the 3-way handshake */) || (flow->protos.ssl.server_certificate[0] != '\0') - || (flow->protos.ssl.client_certificate[0] != '\0') + /* || (flow->protos.ssl.client_certificate[0] != '\0') */ ) ndpi_int_ssl_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_SSL); } diff --git a/tests/result/6in4tunnel.pcap.out b/tests/result/6in4tunnel.pcap.out index 520173ab5..bc6b7973b 100644 --- a/tests/result/6in4tunnel.pcap.out +++ b/tests/result/6in4tunnel.pcap.out @@ -6,7 +6,7 @@ Facebook 37 14726 3 1 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:443 <-> [2a03:2880:1010:6f03:face:b00c::2]:53234 [proto: 91.119/SSL.Facebook][33 pkts/13926 bytes][client: www.facebook.com] 2 UDP [2001:470:1f16:13f::2]:6404 <-> [2a03:2880:fffe:b:face:b00c::99]:53 [proto: 5.119/DNS.Facebook][2 pkts/394 bytes][Host: star.c10r.facebook.com] - 3 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:443 <-> [2604:a880:1:20::224:b001]:60205 [proto: 91/SSL][28 pkts/15397 bytes][client: mail.tomasu.net] + 3 TCP [2001:470:1f17:13f:3e97:eff:fe73:4dec]:443 <-> [2604:a880:1:20::224:b001]:60205 [proto: 91/SSL][28 pkts/15397 bytes][client: mail.tomasu.net][server: mail.tomasu.net] 4 ICMPV6 [2001:470:1f16:13f::2]:0 <-> [2604:a880:1:20::224:b001]:0 [proto: 102/ICMPV6][1 pkts/200 bytes] 5 ICMPV6 [2a03:2880:1010:6f03:face:b00c::2]:0 <-> [2001:470:1f17:13f:3e97:eff:fe73:4dec]:0 [proto: 102/ICMPV6][1 pkts/1314 bytes] 6 TCP [2604:a880:1:20::224:b001]:993 <-> [2001:470:1f17:13f:6d69:c72:7313:616f]:35610 [proto: 51/IMAPS][2 pkts/258 bytes] diff --git a/tests/result/KakaoTalk_chat.pcap.out b/tests/result/KakaoTalk_chat.pcap.out index fa510f8ba..8b1378917 100644 --- a/tests/result/KakaoTalk_chat.pcap.out +++ b/tests/result/KakaoTalk_chat.pcap.out @@ -1,48 +1 @@ -DNS 2 217 1 -HTTP 1 56 1 -ICMP 1 147 1 -SSL 29 4579 3 -Facebook 215 51809 12 -Google 16 1031 3 -HTTP_Proxy 26 3926 1 -Amazon 2 181 1 -KakaoTalk 55 9990 15 - 1 UDP 10.188.1.1:53 <-> 10.24.82.188:56820 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-c.talk.kakao.com] - 2 UDP 10.188.1.1:53 <-> 10.24.82.188:57816 [proto: 5.193/DNS.KakaoTalk][2 pkts/244 bytes][Host: katalk.kakao.com] - 3 UDP 10.188.1.1:53 <-> 10.24.82.188:58810 [proto: 5.193/DNS.KakaoTalk][2 pkts/190 bytes][Host: item.kakao.com] - 4 TCP 10.24.82.188:34503 <-> 120.28.26.242:80 [proto: 7/HTTP][1 pkts/56 bytes] - 5 ICMP 10.188.191.1:0 <-> 10.24.82.188:0 [proto: 81/ICMP][1 pkts/147 bytes] - 6 UDP 10.188.1.1:53 <-> 10.24.82.188:4017 [proto: 5.119/DNS.Facebook][2 pkts/229 bytes][Host: developers.facebook.com] - 7 UDP 10.188.1.1:53 <-> 10.24.82.188:5929 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-p.talk.kakao.com] - 8 TCP 10.24.82.188:58927 <-> 54.255.253.199:5223 [proto: 178/Amazon][2 pkts/181 bytes] - 9 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][26 pkts/3926 bytes] - 10 TCP 210.103.240.15:443 <-> 10.24.82.188:37821 [proto: 91.193/SSL.KakaoTalk][27 pkts/7126 bytes][server: *.kakao.com] - 11 UDP 10.188.1.1:53 <-> 10.24.82.188:25117 [proto: 5.193/DNS.KakaoTalk][2 pkts/208 bytes][Host: up-gp.talk.kakao.com] - 12 UDP 10.188.1.1:53 <-> 10.24.82.188:29029 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-a.talk.kakao.com] - 13 UDP 10.188.1.1:53 <-> 10.24.82.188:35603 [proto: 5.193/DNS.KakaoTalk][2 pkts/215 bytes][Host: ac-talk.kakao.com] - 14 TCP 31.13.68.84:80 <-> 10.24.82.188:37553 [proto: 7.119/HTTP.Facebook][10 pkts/1058 bytes][Host: www.facebook.com] - 15 TCP 31.13.68.84:80 <-> 10.24.82.188:37557 [proto: 7.119/HTTP.Facebook][11 pkts/1114 bytes][Host: www.facebook.com] - 16 UDP 10.188.1.1:53 <-> 10.24.82.188:41909 [proto: 5.193/DNS.KakaoTalk][2 pkts/214 bytes][Host: booking.loco.kakao.com] - 17 UDP 10.188.1.1:53 <-> 10.24.82.188:43077 [proto: 5.193/DNS.KakaoTalk][2 pkts/178 bytes][Host: dn-l.talk.kakao.com] - 18 UDP 10.188.1.1:53 <-> 10.24.82.188:61011 [proto: 5.193/DNS.KakaoTalk][2 pkts/200 bytes][Host: plus-talk.kakao.com] - 19 UDP 10.188.191.1:53 <-> 10.24.82.188:61011 [proto: 5.193/DNS.KakaoTalk][2 pkts/200 bytes][Host: plus-talk.kakao.com] - 20 TCP 10.24.82.188:58964 <-> 54.255.253.199:5223 [proto: 91/SSL][6 pkts/1890 bytes][server: *.push.samsungosp.com] - 21 UDP 10.188.1.1:53 <-> 10.24.82.188:9094 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-v.talk.kakao.com] - 22 TCP 173.252.97.2:443 <-> 10.24.82.188:35503 [proto: 91.119/SSL.Facebook][38 pkts/7591 bytes][server: *.facebook.com] - 23 TCP 173.252.97.2:443 <-> 10.24.82.188:35511 [proto: 91.119/SSL.Facebook][36 pkts/7152 bytes][server: *.facebook.com] - 24 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/SSL][18 pkts/2409 bytes] - 25 UDP 10.188.1.1:53 <-> 10.24.82.188:12908 [proto: 5.193/DNS.KakaoTalk][2 pkts/205 bytes][Host: up-m.talk.kakao.com] - 26 TCP 173.194.72.188:5228 <-> 10.24.82.188:34686 [proto: 126/Google][1 pkts/164 bytes] - 27 UDP 10.188.1.1:53 <-> 10.24.82.188:14650 [proto: 5/DNS][2 pkts/217 bytes][Host: 2.97.252.173.in-addr.arpa] - 28 UDP 10.188.1.1:53 <-> 10.24.82.188:19582 [proto: 5.119/DNS.Facebook][2 pkts/218 bytes][Host: graph.facebook.com] - 29 TCP 216.58.221.10:80 <-> 10.24.82.188:35922 [proto: 7.126/HTTP.Google][14 pkts/784 bytes] - 30 UDP 10.188.1.1:53 <-> 10.24.82.188:24596 [proto: 5.119/DNS.Facebook][2 pkts/196 bytes][Host: api.facebook.com] - 31 TCP 210.103.240.15:443 <-> 10.24.82.188:42332 [proto: 91/SSL][5 pkts/280 bytes] - 32 TCP 216.58.220.174:443 <-> 10.24.82.188:49217 [proto: 91.126/SSL.Google][1 pkts/83 bytes] - 33 UDP 10.188.1.1:53 <-> 10.24.82.188:38448 [proto: 5.193/DNS.KakaoTalk][2 pkts/190 bytes][Host: auth.kakao.com] - 34 TCP 31.13.68.70:443 <-> 10.24.82.188:43581 [proto: 91.119/SSL.Facebook][34 pkts/9655 bytes][client: graph.facebook.com] - 35 TCP 31.13.68.84:443 <-> 10.24.82.188:45209 [proto: 91.119/SSL.Facebook][19 pkts/7707 bytes][client: api.facebook.com] - 36 TCP 31.13.68.84:443 <-> 10.24.82.188:45211 [proto: 91.119/SSL.Facebook][29 pkts/9077 bytes][client: developers.facebook.com] - 37 TCP 31.13.68.84:443 <-> 10.24.82.188:45213 [proto: 91.119/SSL.Facebook][28 pkts/7561 bytes][server: *.facebook.com] - 38 TCP 31.13.68.73:443 <-> 10.24.82.188:47007 [proto: 91.119/SSL.Facebook][4 pkts/251 bytes] diff --git a/tests/result/KakaoTalk_talk.pcap.out b/tests/result/KakaoTalk_talk.pcap.out index 97b69377c..8b1378917 100644 --- a/tests/result/KakaoTalk_talk.pcap.out +++ b/tests/result/KakaoTalk_talk.pcap.out @@ -1,32 +1 @@ -HTTP 5 280 1 -QQ 15 1727 1 -SSL_No_Cert 74 14132 2 -RTP 2991 398751 2 -SSL 5 1198 1 -Facebook 5 377 3 -Google 4 359 4 -HTTP_Proxy 16 1838 2 -Tor 40 10538 1 -Amazon 4 396 1 -KakaoTalk_Voice 44 6196 2 - 1 TCP 10.24.82.188:34533 <-> 120.28.26.242:80 [proto: 7/HTTP][5 pkts/280 bytes] - 2 TCP 10.24.82.188:58916 <-> 54.255.185.236:5222 [proto: 178/Amazon][4 pkts/396 bytes] - 3 TCP 10.24.82.188:38380 <-> 173.194.117.229:443 [proto: 91.126/SSL.Google][1 pkts/56 bytes] - 4 TCP 10.24.82.188:51021 <-> 103.246.57.251:8080 [proto: 131/HTTP_Proxy][11 pkts/1488 bytes] - 5 UDP 10.188.1.1:53 <-> 10.24.82.188:25223 [proto: 5.119/DNS.Facebook][2 pkts/197 bytes][Host: mqtt.facebook.com] - 6 TCP 173.252.88.128:443 <-> 10.24.82.188:59912 [proto: 91.119/SSL.Facebook][2 pkts/124 bytes] - 7 TCP 173.252.88.128:443 <-> 10.24.82.188:59954 [proto: 64/SSL_No_Cert][29 pkts/4024 bytes] - 8 TCP 10.24.82.188:53974 <-> 203.205.151.233:8080 [proto: 131/HTTP_Proxy][5 pkts/350 bytes] - 9 TCP 110.76.143.50:8080 <-> 10.24.82.188:32968 [proto: 64/SSL_No_Cert][45 pkts/10108 bytes] - 10 TCP 139.150.0.125:443 <-> 10.24.82.188:46947 [proto: 91/SSL][5 pkts/1198 bytes] - 11 TCP 173.194.72.188:5228 <-> 10.24.82.188:34686 [proto: 126/Google][1 pkts/164 bytes] - 12 TCP 110.76.143.50:9001 <-> 10.24.82.188:58857 [proto: 163/Tor][40 pkts/10538 bytes] - 13 TCP 173.252.122.1:443 <-> 10.24.82.188:52123 [proto: 91.119/SSL.Facebook][1 pkts/56 bytes] - 14 TCP 10.24.82.188:48489 <-> 203.205.147.215:80 [proto: 7.48/HTTP.QQ][15 pkts/1727 bytes][Host: hkminorshort.weixin.qq.com] - 15 UDP 1.201.1.174:23047 <-> 10.24.82.188:10269 [proto: 194/KakaoTalk_Voice][22 pkts/3112 bytes] - 16 UDP 1.201.1.174:23046 <-> 10.24.82.188:10268 [proto: 87/RTP][1488 pkts/198510 bytes] - 17 UDP 1.201.1.174:23045 <-> 10.24.82.188:11321 [proto: 194/KakaoTalk_Voice][22 pkts/3084 bytes] - 18 UDP 1.201.1.174:23044 <-> 10.24.82.188:11320 [proto: 87/RTP][1503 pkts/200241 bytes] - 19 TCP 216.58.220.174:443 <-> 10.24.82.188:49217 [proto: 91.126/SSL.Google][1 pkts/83 bytes] - 20 TCP 216.58.220.161:443 <-> 10.24.82.188:56697 [proto: 91.126/SSL.Google][1 pkts/56 bytes] diff --git a/tests/result/quickplay.pcap.out b/tests/result/quickplay.pcap.out index 277e25fc8..8b1378917 100644 --- a/tests/result/quickplay.pcap.out +++ b/tests/result/quickplay.pcap.out @@ -1,27 +1 @@ -QQ 12 4781 5 -Facebook 6 1740 3 -Google 2 378 1 -Amazon 2 1469 1 -QuickPlay 133 96179 11 - 1 TCP 120.28.26.231:80 <-> 10.54.169.250:33277 [proto: 7.126/HTTP.Google][2 pkts/378 bytes][Host: clients3.google.com] - 2 TCP 120.28.35.41:80 <-> 10.54.169.250:50669 [proto: 7.196/HTTP.QuickPlay][4 pkts/3680 bytes][Host: api-singtelhawk.quickplay.com] - 3 TCP 120.28.35.40:80 <-> 10.54.169.250:52007 [proto: 7.196/HTTP.QuickPlay][4 pkts/2735 bytes][Host: vod-singtelhawk.quickplay.com] - 4 TCP 120.28.35.40:80 <-> 10.54.169.250:52009 [proto: 7.196/HTTP.QuickPlay][65 pkts/45902 bytes][Host: vod-singtelhawk.quickplay.com] - 5 TCP 120.28.35.40:80 <-> 10.54.169.250:52017 [proto: 7.196/HTTP.QuickPlay][8 pkts/6032 bytes][Host: vod-singtelhawk.quickplay.com] - 6 TCP 120.28.35.40:80 <-> 10.54.169.250:52019 [proto: 7.196/HTTP.QuickPlay][25 pkts/19606 bytes][Host: vod-singtelhawk.quickplay.com] - 7 TCP 120.28.35.40:80 <-> 10.54.169.250:52021 [proto: 7.196/HTTP.QuickPlay][4 pkts/2754 bytes][Host: vod-singtelhawk.quickplay.com] - 8 TCP 203.205.147.215:80 <-> 10.54.169.250:35670 [proto: 7.48/HTTP.QQ][2 pkts/943 bytes][Host: hkminorshort.weixin.qq.com] - 9 TCP 203.205.129.101:80 <-> 10.54.169.250:42762 [proto: 7.48/HTTP.QQ][2 pkts/877 bytes][Host: hkextshort.weixin.qq.com] - 10 TCP 173.252.74.22:80 <-> 10.54.169.250:52285 [proto: 7.119/HTTP.Facebook][2 pkts/582 bytes][Host: www.facebook.com] - 11 TCP 31.13.68.49:80 <-> 10.54.169.250:44793 [proto: 7.119/HTTP.Facebook][2 pkts/576 bytes][Host: www.facebook.com] - 12 TCP 120.28.5.18:80 <-> 10.54.169.250:33064 [proto: 7.196/HTTP.QuickPlay][2 pkts/467 bytes][Host: api-singtelhawk.quickplay.com] - 13 TCP 54.179.140.65:80 <-> 10.54.169.250:56381 [proto: 7.178/HTTP.Amazon][2 pkts/1469 bytes][Host: api.account.xiaomi.com] - 14 TCP 120.28.5.41:80 <-> 10.54.169.250:44256 [proto: 7.196/HTTP.QuickPlay][3 pkts/2311 bytes][Host: play-singtelhawk.quickplay.com] - 15 TCP 120.28.35.41:80 <-> 10.54.169.250:50668 [proto: 7.196/HTTP.QuickPlay][4 pkts/3360 bytes][Host: api-singtelhawk.quickplay.com] - 16 TCP 120.28.35.40:80 <-> 10.54.169.250:52018 [proto: 7.196/HTTP.QuickPlay][7 pkts/5048 bytes][Host: vod-singtelhawk.quickplay.com] - 17 TCP 120.28.35.40:80 <-> 10.54.169.250:52022 [proto: 7.196/HTTP.QuickPlay][7 pkts/4284 bytes][Host: vod-singtelhawk.quickplay.com] - 18 TCP 203.205.129.101:80 <-> 10.54.169.250:42761 [proto: 7.48/HTTP.QQ][2 pkts/641 bytes][Host: hkextshort.weixin.qq.com] - 19 TCP 173.252.74.22:80 <-> 10.54.169.250:52288 [proto: 7.119/HTTP.Facebook][2 pkts/582 bytes][Host: www.facebook.com] - 20 TCP 203.205.151.160:80 <-> 10.54.169.250:54883 [proto: 7.48/HTTP.QQ][3 pkts/1337 bytes][Host: hkextshort.weixin.qq.com] - 21 TCP 203.205.151.160:80 <-> 10.54.169.250:54885 [proto: 7.48/HTTP.QQ][3 pkts/983 bytes][Host: hkextshort.weixin.qq.com] diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index 3cc919310..e781f27df 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -1,4 +1,4 @@ -Unknown 404 52712 16 +Unknown 381 48593 15 DNS 2 267 1 MDNS 8 1736 2 NTP 2 180 1 @@ -7,7 +7,7 @@ ICMP 8 656 1 IGMP 5 258 4 SSL 96 8876 7 Dropbox 38 17948 5 -Skype 1910 292610 244 +Skype 1933 296729 245 Apple 15 2045 2 AppleiCloud 88 20520 2 Spotify 5 430 1 @@ -144,152 +144,153 @@ MS_OneDrive 387 198090 1 129 TCP 192.168.1.34:50087 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][12 pkts/1107 bytes] 130 UDP 76.185.207.12:45493 <-> 192.168.1.34:13021 [proto: 125/Skype][5 pkts/300 bytes] 131 TCP 192.168.1.34:50137 <-> 5.248.186.221:31010 [proto: 125/Skype][18 pkts/1445 bytes] - 132 UDP 192.168.1.34:13021 <-> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes] - 133 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes] - 134 UDP 111.221.74.24:40001 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/64 bytes] - 135 UDP 111.221.74.19:40001 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/68 bytes] - 136 UDP 111.221.74.12:40031 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/75 bytes] - 137 UDP 192.168.1.34:13021 <-> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes] - 138 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes] - 139 UDP 111.221.74.32:40009 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] - 140 UDP 111.221.74.31:40021 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/73 bytes] - 141 UDP 192.168.1.34:13021 <-> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes] - 142 UDP 192.168.1.34:13021 <-> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes] - 143 UDP 192.168.1.34:13021 <-> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes] - 144 UDP 192.168.1.34:13021 <-> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes] - 145 UDP 192.168.1.34:13021 <-> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes] - 146 UDP 192.168.1.34:13021 <-> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes] - 147 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes] - 148 UDP 192.168.1.34:13021 <-> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes] - 149 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/483 bytes] - 150 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/769 bytes] - 151 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/599 bytes] - 152 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][14 pkts/1101 bytes] - 153 UDP 192.168.1.34:13021 <-> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes] - 154 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes] - 155 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] - 156 UDP 192.168.1.34:13021 <-> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes] - 157 TCP 76.167.161.6:20274 <-> 192.168.1.34:50112 [proto: 125/Skype][15 pkts/1254 bytes] - 158 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][387 pkts/198090 bytes][server: *.gateway.messenger.live.com] - 159 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][14 pkts/1328 bytes] - 160 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] - 161 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][15 pkts/1411 bytes] - 162 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][15 pkts/1351 bytes] - 163 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][15 pkts/1349 bytes] - 164 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][15 pkts/1401 bytes] - 165 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1513 bytes] - 166 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][16 pkts/1754 bytes] - 167 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][15 pkts/1590 bytes] - 168 TCP 192.168.1.34:50146 <-> 157.56.53.51:443 [proto: 91/SSL][8 pkts/608 bytes] - 169 UDP 192.168.1.34:13021 <-> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes] - 170 UDP 192.168.1.34:13021 <-> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes] - 171 UDP 192.168.1.34:13021 <-> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes] - 172 UDP 157.56.52.21:40004 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/64 bytes] - 173 UDP 157.56.52.26:40026 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes] - 174 UDP 192.168.1.34:13021 <-> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes] - 175 UDP 192.168.1.34:13021 <-> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes] - 176 UDP 192.168.1.34:13021 <-> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes] - 177 UDP 192.168.1.34:13021 <-> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes] - 178 UDP 192.168.1.34:13021 <-> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes] - 179 UDP 192.168.1.34:13021 <-> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes] - 180 UDP 192.168.1.34:13021 <-> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes] - 181 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes] - 182 UDP 192.168.1.34:13021 <-> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes] - 183 UDP 192.168.1.34:13021 <-> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes] - 184 UDP 192.168.1.34:13021 <-> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes] - 185 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes] - 186 UDP 192.168.1.34:13021 <-> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes] - 187 UDP 192.168.1.34:13021 <-> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes] - 188 UDP 192.168.1.34:13021 <-> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes] - 189 UDP 192.168.1.34:13021 <-> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes] - 190 UDP 192.168.1.34:13021 <-> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes] - 191 UDP 192.168.1.34:13021 <-> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes] - 192 UDP 192.168.1.34:13021 <-> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes] - 193 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes] - 194 UDP 192.168.1.1:53 <-> 192.168.1.34:49360 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 195 TCP 149.13.32.15:13392 <-> 192.168.1.34:50132 [proto: 125/Skype][18 pkts/1412 bytes] - 196 UDP 192.168.1.92:57621 <-> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes] - 197 UDP 192.168.1.1:53 <-> 192.168.1.34:49990 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 198 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes] - 199 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes] - 200 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes] - 201 UDP 192.168.1.1:53 <-> 192.168.1.34:51802 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 202 UDP 192.168.1.1:53 <-> 192.168.1.34:52714 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 203 UDP 192.168.1.1:53 <-> 192.168.1.34:52850 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] - 204 UDP 192.168.1.1:53 <-> 192.168.1.34:52742 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] - 205 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][16 pkts/1592 bytes] - 206 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][16 pkts/1376 bytes] - 207 UDP 192.168.1.1:53 <-> 192.168.1.34:54396 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 208 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][16 pkts/1355 bytes] - 209 TCP 65.55.223.33:40002 <-> 192.168.1.34:50026 [proto: 125/Skype][17 pkts/1370 bytes] - 210 TCP 65.55.223.12:40031 <-> 192.168.1.34:50065 [proto: 125/Skype][17 pkts/1401 bytes] - 211 TCP 65.55.223.15:40026 <-> 192.168.1.34:50098 [proto: 125/Skype][17 pkts/1381 bytes] - 212 UDP 192.168.1.1:53 <-> 192.168.1.34:57288 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 213 UDP 192.168.1.1:53 <-> 192.168.1.34:57406 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 214 UDP 192.168.1.1:53 <-> 192.168.1.34:57726 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 215 UDP 192.168.1.34:13021 <-> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes] - 216 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes] - 217 UDP 192.168.1.34:13021 <-> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes] - 218 UDP 192.168.1.34:13021 <-> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes] - 219 UDP 192.168.1.34:13021 <-> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes] - 220 UDP 192.168.1.34:13021 <-> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes] - 221 UDP 192.168.1.1:53 <-> 192.168.1.34:58458 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 222 UDP 192.168.1.1:53 <-> 192.168.1.34:58368 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] - 223 UDP 192.168.1.1:53 <-> 192.168.1.34:60288 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 224 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes] - 225 UDP 192.168.1.1:53 <-> 192.168.1.34:62454 [proto: 5.143/DNS.AppleiCloud][2 pkts/234 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] - 226 UDP 192.168.1.1:53 <-> 192.168.1.34:63108 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] - 227 UDP 192.168.1.92:50084 <-> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes] - 228 UDP 192.168.1.34:51066 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 229 UDP 192.168.1.1:53 <-> 192.168.1.34:65426 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 230 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][17 pkts/1380 bytes] - 231 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][16 pkts/1236 bytes] - 232 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] - 233 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][2 pkts/92 bytes] - 234 IGMP 224.0.0.1:0 <-> 192.168.1.1:0 [proto: 82/IGMP][1 pkts/60 bytes] - 235 IGMP 192.168.1.92:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] - 236 IGMP 192.168.1.34:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes] - 237 UDP 192.168.1.34:56886 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 238 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][17 pkts/1361 bytes] - 239 TCP 157.56.52.28:40009 <-> 192.168.1.34:50108 [proto: 125/Skype][472 pkts/164627 bytes] - 240 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][16 pkts/1278 bytes] - 241 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][17 pkts/1305 bytes] - 242 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][17 pkts/1312 bytes] - 243 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][18 pkts/1442 bytes] - 244 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][17 pkts/1387 bytes] - 245 UDP 192.168.1.34:64560 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] - 246 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] - 247 TCP 86.31.35.30:59621 <-> 192.168.1.34:50115 [proto: 125/Skype][17 pkts/1386 bytes] - 248 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][12 pkts/1147 bytes] - 249 TCP 65.55.223.33:443 <-> 192.168.1.34:50030 [proto: 91/SSL][15 pkts/1311 bytes] - 250 TCP 65.55.223.12:443 <-> 192.168.1.34:50066 [proto: 91/SSL][15 pkts/1452 bytes] - 251 TCP 65.55.223.15:443 <-> 192.168.1.34:50102 [proto: 91/SSL][14 pkts/1390 bytes] - 252 UDP 239.255.255.250:1900 <-> 192.168.0.254:1025 [proto: 12/SSDP][79 pkts/29479 bytes] - 253 UDP 192.168.1.34:13021 <-> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes] - 254 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes] - 255 UDP 192.168.1.34:13021 <-> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes] - 256 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes] - 257 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes] - 258 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes] - 259 UDP 65.55.223.15:40026 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/66 bytes] - 260 UDP 192.168.1.34:13021 <-> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes] - 261 UDP 65.55.223.17:40022 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] - 262 UDP 65.55.223.25:40028 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/76 bytes] - 263 UDP 65.55.223.24:40032 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/67 bytes] - 264 UDP 65.55.223.28:40026 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes] - 265 UDP 65.55.223.26:40004 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/79 bytes] - 266 UDP 65.55.223.29:40010 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes] - 267 UDP 192.168.1.34:13021 <-> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes] - 268 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][2 pkts/180 bytes] - 269 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][20 pkts/1516 bytes] - 270 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][18 pkts/1506 bytes] - 271 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][15 pkts/1237 bytes] - 272 TCP 192.168.1.34:49445 <-> 108.160.170.46:443 [proto: 91.121/SSL.Dropbox][16 pkts/5980 bytes] - 273 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][14 pkts/1208 bytes] - 274 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][13 pkts/1109 bytes] - 275 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][17 pkts/1304 bytes] - 276 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][19 pkts/1495 bytes] - 277 UDP [fe80::c62c:3ff:fe06:49fe]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][4 pkts/908 bytes] + 132 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 125/Skype][23 pkts/4119 bytes] + 133 UDP 192.168.1.34:13021 <-> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes] + 134 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes] + 135 UDP 111.221.74.24:40001 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/64 bytes] + 136 UDP 111.221.74.19:40001 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/68 bytes] + 137 UDP 111.221.74.12:40031 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/75 bytes] + 138 UDP 192.168.1.34:13021 <-> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes] + 139 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes] + 140 UDP 111.221.74.32:40009 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] + 141 UDP 111.221.74.31:40021 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/73 bytes] + 142 UDP 192.168.1.34:13021 <-> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes] + 143 UDP 192.168.1.34:13021 <-> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes] + 144 UDP 192.168.1.34:13021 <-> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes] + 145 UDP 192.168.1.34:13021 <-> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes] + 146 UDP 192.168.1.34:13021 <-> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes] + 147 UDP 192.168.1.34:13021 <-> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes] + 148 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes] + 149 UDP 192.168.1.34:13021 <-> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes] + 150 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/483 bytes] + 151 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/769 bytes] + 152 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][10 pkts/599 bytes] + 153 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][14 pkts/1101 bytes] + 154 UDP 192.168.1.34:13021 <-> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes] + 155 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes] + 156 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] + 157 UDP 192.168.1.34:13021 <-> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes] + 158 TCP 76.167.161.6:20274 <-> 192.168.1.34:50112 [proto: 125/Skype][15 pkts/1254 bytes] + 159 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][387 pkts/198090 bytes][server: *.gateway.messenger.live.com] + 160 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][14 pkts/1328 bytes] + 161 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] + 162 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][15 pkts/1411 bytes] + 163 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][15 pkts/1351 bytes] + 164 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][15 pkts/1349 bytes] + 165 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][15 pkts/1401 bytes] + 166 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1513 bytes] + 167 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][16 pkts/1754 bytes] + 168 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][15 pkts/1590 bytes] + 169 TCP 192.168.1.34:50146 <-> 157.56.53.51:443 [proto: 91/SSL][8 pkts/608 bytes] + 170 UDP 192.168.1.34:13021 <-> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes] + 171 UDP 192.168.1.34:13021 <-> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes] + 172 UDP 192.168.1.34:13021 <-> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes] + 173 UDP 157.56.52.21:40004 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/64 bytes] + 174 UDP 157.56.52.26:40026 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes] + 175 UDP 192.168.1.34:13021 <-> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes] + 176 UDP 192.168.1.34:13021 <-> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes] + 177 UDP 192.168.1.34:13021 <-> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes] + 178 UDP 192.168.1.34:13021 <-> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes] + 179 UDP 192.168.1.34:13021 <-> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes] + 180 UDP 192.168.1.34:13021 <-> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes] + 181 UDP 192.168.1.34:13021 <-> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes] + 182 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes] + 183 UDP 192.168.1.34:13021 <-> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes] + 184 UDP 192.168.1.34:13021 <-> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes] + 185 UDP 192.168.1.34:13021 <-> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes] + 186 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes] + 187 UDP 192.168.1.34:13021 <-> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes] + 188 UDP 192.168.1.34:13021 <-> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes] + 189 UDP 192.168.1.34:13021 <-> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes] + 190 UDP 192.168.1.34:13021 <-> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes] + 191 UDP 192.168.1.34:13021 <-> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes] + 192 UDP 192.168.1.34:13021 <-> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes] + 193 UDP 192.168.1.34:13021 <-> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes] + 194 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes] + 195 UDP 192.168.1.1:53 <-> 192.168.1.34:49360 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 196 TCP 149.13.32.15:13392 <-> 192.168.1.34:50132 [proto: 125/Skype][18 pkts/1412 bytes] + 197 UDP 192.168.1.92:57621 <-> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes] + 198 UDP 192.168.1.1:53 <-> 192.168.1.34:49990 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 199 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes] + 200 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes] + 201 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes] + 202 UDP 192.168.1.1:53 <-> 192.168.1.34:51802 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 203 UDP 192.168.1.1:53 <-> 192.168.1.34:52714 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 204 UDP 192.168.1.1:53 <-> 192.168.1.34:52850 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] + 205 UDP 192.168.1.1:53 <-> 192.168.1.34:52742 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] + 206 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][16 pkts/1592 bytes] + 207 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][16 pkts/1376 bytes] + 208 UDP 192.168.1.1:53 <-> 192.168.1.34:54396 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 209 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][16 pkts/1355 bytes] + 210 TCP 65.55.223.33:40002 <-> 192.168.1.34:50026 [proto: 125/Skype][17 pkts/1370 bytes] + 211 TCP 65.55.223.12:40031 <-> 192.168.1.34:50065 [proto: 125/Skype][17 pkts/1401 bytes] + 212 TCP 65.55.223.15:40026 <-> 192.168.1.34:50098 [proto: 125/Skype][17 pkts/1381 bytes] + 213 UDP 192.168.1.1:53 <-> 192.168.1.34:57288 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 214 UDP 192.168.1.1:53 <-> 192.168.1.34:57406 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 215 UDP 192.168.1.1:53 <-> 192.168.1.34:57726 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 216 UDP 192.168.1.34:13021 <-> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes] + 217 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes] + 218 UDP 192.168.1.34:13021 <-> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes] + 219 UDP 192.168.1.34:13021 <-> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes] + 220 UDP 192.168.1.34:13021 <-> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes] + 221 UDP 192.168.1.34:13021 <-> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes] + 222 UDP 192.168.1.1:53 <-> 192.168.1.34:58458 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 223 UDP 192.168.1.1:53 <-> 192.168.1.34:58368 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] + 224 UDP 192.168.1.1:53 <-> 192.168.1.34:60288 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 225 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes] + 226 UDP 192.168.1.1:53 <-> 192.168.1.34:62454 [proto: 5.143/DNS.AppleiCloud][2 pkts/234 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] + 227 UDP 192.168.1.1:53 <-> 192.168.1.34:63108 [proto: 5.125/DNS.Skype][7 pkts/651 bytes][Host: a.config.skype.trafficmanager.net] + 228 UDP 192.168.1.92:50084 <-> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes] + 229 UDP 192.168.1.34:51066 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 230 UDP 192.168.1.1:53 <-> 192.168.1.34:65426 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 231 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][17 pkts/1380 bytes] + 232 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][16 pkts/1236 bytes] + 233 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] + 234 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][2 pkts/92 bytes] + 235 IGMP 224.0.0.1:0 <-> 192.168.1.1:0 [proto: 82/IGMP][1 pkts/60 bytes] + 236 IGMP 192.168.1.92:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] + 237 IGMP 192.168.1.34:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes] + 238 UDP 192.168.1.34:56886 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 239 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][17 pkts/1361 bytes] + 240 TCP 157.56.52.28:40009 <-> 192.168.1.34:50108 [proto: 125/Skype][472 pkts/164627 bytes] + 241 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][16 pkts/1278 bytes] + 242 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][17 pkts/1305 bytes] + 243 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][17 pkts/1312 bytes] + 244 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][18 pkts/1442 bytes] + 245 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][17 pkts/1387 bytes] + 246 UDP 192.168.1.34:64560 <-> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes] + 247 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] + 248 TCP 86.31.35.30:59621 <-> 192.168.1.34:50115 [proto: 125/Skype][17 pkts/1386 bytes] + 249 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][12 pkts/1147 bytes] + 250 TCP 65.55.223.33:443 <-> 192.168.1.34:50030 [proto: 91/SSL][15 pkts/1311 bytes] + 251 TCP 65.55.223.12:443 <-> 192.168.1.34:50066 [proto: 91/SSL][15 pkts/1452 bytes] + 252 TCP 65.55.223.15:443 <-> 192.168.1.34:50102 [proto: 91/SSL][14 pkts/1390 bytes] + 253 UDP 239.255.255.250:1900 <-> 192.168.0.254:1025 [proto: 12/SSDP][79 pkts/29479 bytes] + 254 UDP 192.168.1.34:13021 <-> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes] + 255 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes] + 256 UDP 192.168.1.34:13021 <-> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes] + 257 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes] + 258 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes] + 259 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes] + 260 UDP 65.55.223.15:40026 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/66 bytes] + 261 UDP 192.168.1.34:13021 <-> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes] + 262 UDP 65.55.223.17:40022 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] + 263 UDP 65.55.223.25:40028 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/76 bytes] + 264 UDP 65.55.223.24:40032 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/67 bytes] + 265 UDP 65.55.223.28:40026 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes] + 266 UDP 65.55.223.26:40004 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/79 bytes] + 267 UDP 65.55.223.29:40010 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes] + 268 UDP 192.168.1.34:13021 <-> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes] + 269 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][2 pkts/180 bytes] + 270 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][20 pkts/1516 bytes] + 271 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][18 pkts/1506 bytes] + 272 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][15 pkts/1237 bytes] + 273 TCP 192.168.1.34:49445 <-> 108.160.170.46:443 [proto: 91.121/SSL.Dropbox][16 pkts/5980 bytes] + 274 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][14 pkts/1208 bytes] + 275 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][13 pkts/1109 bytes] + 276 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][17 pkts/1304 bytes] + 277 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][19 pkts/1495 bytes] + 278 UDP [fe80::c62c:3ff:fe06:49fe]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][4 pkts/908 bytes] Undetected flows: @@ -301,11 +302,10 @@ Undetected flows: 6 TCP 192.168.1.34:50124 <-> 81.133.19.185:44431 [proto: 0/Unknown][22 pkts/1636 bytes] 7 TCP 192.168.1.34:50131 <-> 212.161.8.36:13392 [proto: 0/Unknown][19 pkts/5111 bytes] 8 TCP 192.168.1.34:50142 <-> 80.14.46.121:4415 [proto: 0/Unknown][18 pkts/1474 bytes] - 9 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 0/Unknown][23 pkts/4119 bytes] - 10 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 0/Unknown][32 pkts/4972 bytes] - 11 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][40 pkts/5609 bytes] - 12 TCP 76.167.161.6:20274 <-> 192.168.1.34:50140 [proto: 0/Unknown][3 pkts/206 bytes] - 13 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][14 pkts/1139 bytes] - 14 TCP 192.168.1.34:50145 <-> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes] - 15 TCP 86.31.35.30:59621 <-> 192.168.1.34:50119 [proto: 0/Unknown][100 pkts/12266 bytes] - 16 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][27 pkts/2098 bytes] + 9 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 0/Unknown][32 pkts/4972 bytes] + 10 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][40 pkts/5609 bytes] + 11 TCP 76.167.161.6:20274 <-> 192.168.1.34:50140 [proto: 0/Unknown][3 pkts/206 bytes] + 12 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][14 pkts/1139 bytes] + 13 TCP 192.168.1.34:50145 <-> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes] + 14 TCP 86.31.35.30:59621 <-> 192.168.1.34:50119 [proto: 0/Unknown][100 pkts/12266 bytes] + 15 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][27 pkts/2098 bytes] diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index a1e14bdea..e7cbd2a82 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -1,4 +1,4 @@ -Unknown 236 70600 14 +Unknown 216 66695 13 DNS 2 267 1 MDNS 3 400 2 NetBIOS 22 3106 7 @@ -7,7 +7,7 @@ ICMP 4 328 1 IGMP 4 226 4 SSL 79 7742 6 Dropbox 16 7342 5 -Skype 1241 181327 221 +Skype 1261 185232 222 Apple 84 20699 2 MS_OneDrive 348 181687 1 @@ -128,142 +128,143 @@ MS_OneDrive 348 181687 1 115 TCP 192.168.1.34:51259 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][14 pkts/1253 bytes] 116 TCP 192.168.1.34:51283 <-> 111.221.74.48:443 [proto: 91.125/SSL.Skype][3 pkts/206 bytes] 117 TCP 192.168.1.34:51258 <-> 213.199.179.176:40021 [proto: 125/Skype][19 pkts/1496 bytes] - 118 UDP 192.168.1.34:13021 <-> 111.221.74.34:40027 [proto: 125/Skype][1 pkts/73 bytes] - 119 UDP 111.221.74.33:40011 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/76 bytes] - 120 UDP 111.221.74.13:40009 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/64 bytes] - 121 UDP 111.221.74.27:40027 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] - 122 UDP 111.221.74.20:40033 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes] - 123 UDP 111.221.74.19:40001 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/73 bytes] - 124 UDP 192.168.1.34:13021 <-> 111.221.74.44:40019 [proto: 125/Skype][1 pkts/70 bytes] - 125 UDP 192.168.1.34:13021 <-> 111.221.74.38:40015 [proto: 125/Skype][1 pkts/64 bytes] - 126 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/67 bytes] - 127 UDP 192.168.1.34:13021 <-> 111.221.74.40:40025 [proto: 125/Skype][1 pkts/79 bytes] - 128 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/67 bytes] - 129 UDP 192.168.1.34:13021 <-> 111.221.77.159:40031 [proto: 125/Skype][1 pkts/72 bytes] - 130 UDP 192.168.1.34:13021 <-> 111.221.77.151:40029 [proto: 125/Skype][1 pkts/79 bytes] - 131 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/77 bytes] - 132 UDP 192.168.1.34:13021 <-> 111.221.77.170:40021 [proto: 125/Skype][1 pkts/78 bytes] - 133 UDP 192.168.1.34:13021 <-> 189.188.134.174:22436 [proto: 125/Skype][1 pkts/60 bytes] - 134 TCP 192.168.1.34:51285 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/377 bytes] - 135 TCP 91.190.216.24:12350 <-> 192.168.1.34:51297 [proto: 125/Skype][15 pkts/3532 bytes] - 136 TCP 192.168.1.34:51299 <-> 91.190.216.125:12350 [proto: 125/Skype][11 pkts/659 bytes] - 137 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/76 bytes] - 138 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] - 139 TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 125/Skype][15 pkts/1226 bytes] - 140 TCP 76.167.161.6:20274 <-> 192.168.1.34:51288 [proto: 125/Skype][15 pkts/1258 bytes] - 141 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][348 pkts/181687 bytes][server: *.gateway.messenger.live.com] - 142 TCP 157.56.52.28:443 <-> 192.168.1.34:51232 [proto: 125/Skype][13 pkts/1157 bytes] - 143 TCP 192.168.1.34:51241 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1584 bytes] - 144 TCP 192.168.1.34:51261 <-> 157.55.235.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] - 145 TCP 192.168.1.34:51281 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][15 pkts/1380 bytes] - 146 UDP 192.168.1.34:13021 <-> 174.49.171.224:32011 [proto: 125/Skype][5 pkts/300 bytes] - 147 UDP 192.168.1.34:13021 <-> 157.55.56.170:40015 [proto: 125/Skype][1 pkts/76 bytes] - 148 UDP 157.56.52.19:40020 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/68 bytes] - 149 UDP 157.56.52.16:40032 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/66 bytes] - 150 UDP 157.56.52.25:40010 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/76 bytes] - 151 UDP 157.56.52.24:40032 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] - 152 UDP 192.168.1.34:13021 <-> 157.55.130.154:40013 [proto: 125/Skype][1 pkts/66 bytes] - 153 UDP 192.168.1.34:13021 <-> 157.55.130.150:40007 [proto: 125/Skype][1 pkts/71 bytes] - 154 UDP 192.168.1.34:13021 <-> 157.55.130.149:40011 [proto: 125/Skype][1 pkts/77 bytes] - 155 UDP 192.168.1.34:13021 <-> 157.55.56.142:40013 [proto: 125/Skype][1 pkts/72 bytes] - 156 UDP 157.56.52.33:40002 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/71 bytes] - 157 UDP 157.56.52.29:40010 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/67 bytes] - 158 UDP 192.168.1.34:13021 <-> 157.55.56.140:40003 [proto: 125/Skype][1 pkts/76 bytes] - 159 UDP 192.168.1.34:13021 <-> 157.56.52.43:40006 [proto: 125/Skype][1 pkts/78 bytes] - 160 UDP 192.168.1.34:13021 <-> 157.55.130.140:40011 [proto: 125/Skype][1 pkts/72 bytes] - 161 UDP 192.168.1.34:13021 <-> 157.55.130.146:40033 [proto: 125/Skype][1 pkts/73 bytes] - 162 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/72 bytes] - 163 UDP 192.168.1.34:13021 <-> 157.55.235.148:40033 [proto: 125/Skype][1 pkts/75 bytes] - 164 UDP 192.168.1.34:13021 <-> 157.55.235.162:40033 [proto: 125/Skype][1 pkts/66 bytes] - 165 UDP 192.168.1.34:13021 <-> 157.55.130.156:40019 [proto: 125/Skype][1 pkts/64 bytes] - 166 UDP 192.168.1.34:13021 <-> 157.55.235.155:40027 [proto: 125/Skype][1 pkts/74 bytes] - 167 UDP 192.168.1.34:13021 <-> 157.55.56.161:40031 [proto: 125/Skype][1 pkts/67 bytes] - 168 UDP 192.168.1.34:13021 <-> 157.55.235.158:40027 [proto: 125/Skype][1 pkts/73 bytes] - 169 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/64 bytes] - 170 UDP 192.168.1.34:13021 <-> 157.55.235.167:40029 [proto: 125/Skype][1 pkts/64 bytes] - 171 UDP 192.168.1.34:13021 <-> 157.55.130.167:40031 [proto: 125/Skype][1 pkts/79 bytes] - 172 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/67 bytes] - 173 UDP 192.168.1.34:13021 <-> 157.55.235.174:40019 [proto: 125/Skype][1 pkts/72 bytes] - 174 UDP 192.168.1.34:13021 <-> 157.55.130.173:40003 [proto: 125/Skype][1 pkts/72 bytes] - 175 UDP 192.168.1.34:13021 <-> 157.55.235.176:40031 [proto: 125/Skype][1 pkts/73 bytes] - 176 UDP 192.168.1.34:13021 <-> 157.55.235.175:40023 [proto: 125/Skype][1 pkts/74 bytes] - 177 UDP 192.168.1.1:53 <-> 192.168.1.34:49864 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 178 TCP 149.13.32.15:13392 <-> 192.168.1.34:51316 [proto: 125/Skype][14 pkts/1176 bytes] - 179 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] - 180 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] - 181 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/75 bytes] - 182 UDP 192.168.1.1:53 <-> 192.168.1.34:53372 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] - 183 UDP 192.168.1.92:53826 <-> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] - 184 TCP 192.168.1.34:51271 <-> 213.199.179.175:443 [proto: 91/SSL][15 pkts/1415 bytes] - 185 UDP 192.168.1.1:53 <-> 192.168.1.34:55028 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: a.config.skype.com] - 186 TCP 192.168.1.34:51278 <-> 64.4.23.159:40009 [proto: 125/Skype][15 pkts/1219 bytes] - 187 TCP 192.168.1.34:51235 <-> 65.55.223.45:40009 [proto: 125/Skype][17 pkts/1341 bytes] - 188 UDP 192.168.1.1:53 <-> 192.168.1.34:55866 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] - 189 UDP 192.168.1.1:53 <-> 192.168.1.34:57592 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] - 190 UDP 192.168.1.1:53 <-> 192.168.1.34:57694 [proto: 5/DNS][2 pkts/267 bytes][Host: db3msgr5011709.gateway.messenger.live.com] - 191 UDP 192.168.1.34:13021 <-> 213.199.179.173:40013 [proto: 125/Skype][1 pkts/72 bytes] - 192 UDP 192.168.1.34:13021 <-> 213.199.179.140:40003 [proto: 125/Skype][1 pkts/70 bytes] - 193 UDP 192.168.1.34:13021 <-> 213.199.179.154:40017 [proto: 125/Skype][1 pkts/78 bytes] - 194 UDP 192.168.1.34:13021 <-> 213.199.179.144:40009 [proto: 125/Skype][1 pkts/69 bytes] - 195 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/79 bytes] - 196 UDP 192.168.1.34:13021 <-> 213.199.179.156:40031 [proto: 125/Skype][1 pkts/79 bytes] - 197 UDP 192.168.1.34:13021 <-> 213.199.179.172:40011 [proto: 125/Skype][1 pkts/76 bytes] - 198 UDP 192.168.1.34:13021 <-> 213.199.179.174:40025 [proto: 125/Skype][1 pkts/71 bytes] - 199 TCP 192.168.1.34:51298 <-> 82.224.110.241:38895 [proto: 125/Skype][14 pkts/1150 bytes] - 200 UDP 192.168.1.1:53 <-> 192.168.1.34:59788 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] - 201 UDP 192.168.1.1:53 <-> 192.168.1.34:60688 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] - 202 UDP 192.168.1.1:53 <-> 192.168.1.34:61016 [proto: 5.125/DNS.Skype][1 pkts/80 bytes][Host: apps.skypeassets.com] - 203 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][4 pkts/328 bytes] - 204 UDP 192.168.1.1:53 <-> 192.168.1.34:63342 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 205 UDP 192.168.1.1:53 <-> 192.168.1.34:63514 [proto: 5.125/DNS.Skype][8 pkts/576 bytes][Host: ui.skype.com] - 206 UDP 192.168.1.1:53 <-> 192.168.1.34:64240 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] - 207 UDP 192.168.1.1:53 <-> 192.168.1.34:64258 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] - 208 UDP 192.168.1.1:53 <-> 192.168.1.34:64364 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] - 209 UDP 192.168.1.34:137 <-> 192.168.1.255:137 [proto: 10/NetBIOS][7 pkts/680 bytes] - 210 UDP 192.168.1.1:137 <-> 192.168.1.34:137 [proto: 10/NetBIOS][8 pkts/1142 bytes] - 211 UDP 192.168.1.1:138 <-> 192.168.1.34:138 [proto: 10/NetBIOS][2 pkts/452 bytes] - 212 UDP 192.168.1.34:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][2 pkts/432 bytes] - 213 UDP 192.168.1.92:137 <-> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] - 214 UDP 192.168.1.92:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][1 pkts/216 bytes] - 215 TCP 192.168.1.34:51318 <-> 212.161.8.36:13392 [proto: 125/Skype][10 pkts/857 bytes] - 216 TCP 192.168.1.34:51236 <-> 111.221.74.45:40008 [proto: 125/Skype][16 pkts/1257 bytes] - 217 TCP 111.221.74.18:40025 <-> 192.168.1.34:51267 [proto: 125/Skype][14 pkts/1163 bytes] - 218 TCP 192.168.1.34:51248 <-> 111.221.77.175:40030 [proto: 125/Skype][16 pkts/1284 bytes] - 219 TCP 192.168.1.34:51227 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][76 pkts/19581 bytes] - 220 IGMP 224.0.0.22:0 <-> 192.168.1.219:0 [proto: 82/IGMP][1 pkts/60 bytes] - 221 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][1 pkts/46 bytes] - 222 IGMP 192.168.1.229:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] - 223 TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] - 224 TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][12 pkts/2148 bytes][client: apps.skype.com] - 225 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] - 226 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125/Skype][17 pkts/1322 bytes] - 227 UDP 239.255.255.250:1900 <-> 192.168.0.254:1025 [proto: 12/SSDP][36 pkts/13402 bytes] - 228 TCP 192.168.1.34:51253 <-> 64.4.23.166:443 [proto: 91/SSL][14 pkts/1432 bytes] - 229 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/142 bytes][Lucas-iMac.local] - 230 UDP 192.168.1.34:13021 <-> 64.4.23.145:40027 [proto: 125/Skype][1 pkts/73 bytes] - 231 UDP 192.168.1.34:13021 <-> 64.4.23.142:40023 [proto: 125/Skype][1 pkts/72 bytes] - 232 UDP 192.168.1.34:13021 <-> 64.4.23.140:40003 [proto: 125/Skype][1 pkts/67 bytes] - 233 TCP 192.168.1.34:51308 <-> 80.121.84.93:443 [proto: 91/SSL][6 pkts/468 bytes] - 234 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/76 bytes] - 235 UDP 192.168.1.34:13021 <-> 64.4.23.148:40029 [proto: 125/Skype][1 pkts/79 bytes] - 236 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/69 bytes] - 237 UDP 192.168.1.34:13021 <-> 64.4.23.171:40031 [proto: 125/Skype][1 pkts/79 bytes] - 238 UDP 192.168.1.34:13021 <-> 64.4.23.158:40021 [proto: 125/Skype][1 pkts/76 bytes] - 239 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/66 bytes] - 240 UDP 192.168.1.34:13021 <-> 64.4.23.176:40001 [proto: 125/Skype][1 pkts/69 bytes] - 241 UDP 65.55.223.33:40002 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes] - 242 UDP 65.55.223.32:40022 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes] - 243 UDP 65.55.223.28:40014 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes] - 244 UDP 65.55.223.16:40032 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] - 245 UDP 65.55.223.15:40030 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes] - 246 UDP 192.168.1.34:13021 <-> 65.55.223.44:40020 [proto: 125/Skype][1 pkts/76 bytes] - 247 UDP 192.168.1.34:13021 <-> 65.55.223.42:40024 [proto: 125/Skype][1 pkts/76 bytes] - 248 UDP 192.168.1.34:13021 <-> 65.55.223.43:40006 [proto: 125/Skype][1 pkts/77 bytes] - 249 UDP [fe80::c62c:3ff:fe06:49fe]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes] - 250 TCP 192.168.1.34:51240 <-> 111.221.74.45:443 [proto: 91.125/SSL.Skype][14 pkts/1373 bytes] - 251 TCP 111.221.74.18:443 <-> 192.168.1.34:51268 [proto: 125/Skype][14 pkts/1203 bytes] - 252 TCP 192.168.1.34:51250 <-> 111.221.77.175:443 [proto: 91.125/SSL.Skype][14 pkts/1363 bytes] - 253 TCP 192.168.1.34:51269 <-> 213.199.179.175:40029 [proto: 125/Skype][19 pkts/1491 bytes] + 118 TCP 192.168.1.34:51293 <-> 5.248.186.221:31010 [proto: 125/Skype][20 pkts/3905 bytes] + 119 UDP 192.168.1.34:13021 <-> 111.221.74.34:40027 [proto: 125/Skype][1 pkts/73 bytes] + 120 UDP 111.221.74.33:40011 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/76 bytes] + 121 UDP 111.221.74.13:40009 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/64 bytes] + 122 UDP 111.221.74.27:40027 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] + 123 UDP 111.221.74.20:40033 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes] + 124 UDP 111.221.74.19:40001 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/73 bytes] + 125 UDP 192.168.1.34:13021 <-> 111.221.74.44:40019 [proto: 125/Skype][1 pkts/70 bytes] + 126 UDP 192.168.1.34:13021 <-> 111.221.74.38:40015 [proto: 125/Skype][1 pkts/64 bytes] + 127 UDP 192.168.1.34:13021 <-> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/67 bytes] + 128 UDP 192.168.1.34:13021 <-> 111.221.74.40:40025 [proto: 125/Skype][1 pkts/79 bytes] + 129 UDP 192.168.1.34:13021 <-> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/67 bytes] + 130 UDP 192.168.1.34:13021 <-> 111.221.77.159:40031 [proto: 125/Skype][1 pkts/72 bytes] + 131 UDP 192.168.1.34:13021 <-> 111.221.77.151:40029 [proto: 125/Skype][1 pkts/79 bytes] + 132 UDP 192.168.1.34:13021 <-> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/77 bytes] + 133 UDP 192.168.1.34:13021 <-> 111.221.77.170:40021 [proto: 125/Skype][1 pkts/78 bytes] + 134 UDP 192.168.1.34:13021 <-> 189.188.134.174:22436 [proto: 125/Skype][1 pkts/60 bytes] + 135 TCP 192.168.1.34:51285 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/377 bytes] + 136 TCP 91.190.216.24:12350 <-> 192.168.1.34:51297 [proto: 125/Skype][15 pkts/3532 bytes] + 137 TCP 192.168.1.34:51299 <-> 91.190.216.125:12350 [proto: 125/Skype][11 pkts/659 bytes] + 138 UDP 192.168.1.34:13021 <-> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/76 bytes] + 139 UDP 192.168.1.34:13021 <-> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes] + 140 TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 125/Skype][15 pkts/1226 bytes] + 141 TCP 76.167.161.6:20274 <-> 192.168.1.34:51288 [proto: 125/Skype][15 pkts/1258 bytes] + 142 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][348 pkts/181687 bytes][server: *.gateway.messenger.live.com] + 143 TCP 157.56.52.28:443 <-> 192.168.1.34:51232 [proto: 125/Skype][13 pkts/1157 bytes] + 144 TCP 192.168.1.34:51241 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][15 pkts/1584 bytes] + 145 TCP 192.168.1.34:51261 <-> 157.55.235.170:443 [proto: 91.125/SSL.Skype][15 pkts/1569 bytes] + 146 TCP 192.168.1.34:51281 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][15 pkts/1380 bytes] + 147 UDP 192.168.1.34:13021 <-> 174.49.171.224:32011 [proto: 125/Skype][5 pkts/300 bytes] + 148 UDP 192.168.1.34:13021 <-> 157.55.56.170:40015 [proto: 125/Skype][1 pkts/76 bytes] + 149 UDP 157.56.52.19:40020 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/68 bytes] + 150 UDP 157.56.52.16:40032 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/66 bytes] + 151 UDP 157.56.52.25:40010 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/76 bytes] + 152 UDP 157.56.52.24:40032 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] + 153 UDP 192.168.1.34:13021 <-> 157.55.130.154:40013 [proto: 125/Skype][1 pkts/66 bytes] + 154 UDP 192.168.1.34:13021 <-> 157.55.130.150:40007 [proto: 125/Skype][1 pkts/71 bytes] + 155 UDP 192.168.1.34:13021 <-> 157.55.130.149:40011 [proto: 125/Skype][1 pkts/77 bytes] + 156 UDP 192.168.1.34:13021 <-> 157.55.56.142:40013 [proto: 125/Skype][1 pkts/72 bytes] + 157 UDP 157.56.52.33:40002 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/71 bytes] + 158 UDP 157.56.52.29:40010 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/67 bytes] + 159 UDP 192.168.1.34:13021 <-> 157.55.56.140:40003 [proto: 125/Skype][1 pkts/76 bytes] + 160 UDP 192.168.1.34:13021 <-> 157.56.52.43:40006 [proto: 125/Skype][1 pkts/78 bytes] + 161 UDP 192.168.1.34:13021 <-> 157.55.130.140:40011 [proto: 125/Skype][1 pkts/72 bytes] + 162 UDP 192.168.1.34:13021 <-> 157.55.130.146:40033 [proto: 125/Skype][1 pkts/73 bytes] + 163 UDP 192.168.1.34:13021 <-> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/72 bytes] + 164 UDP 192.168.1.34:13021 <-> 157.55.235.148:40033 [proto: 125/Skype][1 pkts/75 bytes] + 165 UDP 192.168.1.34:13021 <-> 157.55.235.162:40033 [proto: 125/Skype][1 pkts/66 bytes] + 166 UDP 192.168.1.34:13021 <-> 157.55.130.156:40019 [proto: 125/Skype][1 pkts/64 bytes] + 167 UDP 192.168.1.34:13021 <-> 157.55.235.155:40027 [proto: 125/Skype][1 pkts/74 bytes] + 168 UDP 192.168.1.34:13021 <-> 157.55.56.161:40031 [proto: 125/Skype][1 pkts/67 bytes] + 169 UDP 192.168.1.34:13021 <-> 157.55.235.158:40027 [proto: 125/Skype][1 pkts/73 bytes] + 170 UDP 192.168.1.34:13021 <-> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/64 bytes] + 171 UDP 192.168.1.34:13021 <-> 157.55.235.167:40029 [proto: 125/Skype][1 pkts/64 bytes] + 172 UDP 192.168.1.34:13021 <-> 157.55.130.167:40031 [proto: 125/Skype][1 pkts/79 bytes] + 173 UDP 192.168.1.34:13021 <-> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/67 bytes] + 174 UDP 192.168.1.34:13021 <-> 157.55.235.174:40019 [proto: 125/Skype][1 pkts/72 bytes] + 175 UDP 192.168.1.34:13021 <-> 157.55.130.173:40003 [proto: 125/Skype][1 pkts/72 bytes] + 176 UDP 192.168.1.34:13021 <-> 157.55.235.176:40031 [proto: 125/Skype][1 pkts/73 bytes] + 177 UDP 192.168.1.34:13021 <-> 157.55.235.175:40023 [proto: 125/Skype][1 pkts/74 bytes] + 178 UDP 192.168.1.1:53 <-> 192.168.1.34:49864 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 179 TCP 149.13.32.15:13392 <-> 192.168.1.34:51316 [proto: 125/Skype][14 pkts/1176 bytes] + 180 UDP 192.168.1.34:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] + 181 UDP 192.168.1.92:17500 <-> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes] + 182 UDP 192.168.1.34:13021 <-> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/75 bytes] + 183 UDP 192.168.1.1:53 <-> 192.168.1.34:53372 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] + 184 UDP 192.168.1.92:53826 <-> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] + 185 TCP 192.168.1.34:51271 <-> 213.199.179.175:443 [proto: 91/SSL][15 pkts/1415 bytes] + 186 UDP 192.168.1.1:53 <-> 192.168.1.34:55028 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: a.config.skype.com] + 187 TCP 192.168.1.34:51278 <-> 64.4.23.159:40009 [proto: 125/Skype][15 pkts/1219 bytes] + 188 TCP 192.168.1.34:51235 <-> 65.55.223.45:40009 [proto: 125/Skype][17 pkts/1341 bytes] + 189 UDP 192.168.1.1:53 <-> 192.168.1.34:55866 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: pipe.prd.skypedata.akadns.net] + 190 UDP 192.168.1.1:53 <-> 192.168.1.34:57592 [proto: 5.125/DNS.Skype][7 pkts/623 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] + 191 UDP 192.168.1.1:53 <-> 192.168.1.34:57694 [proto: 5/DNS][2 pkts/267 bytes][Host: db3msgr5011709.gateway.messenger.live.com] + 192 UDP 192.168.1.34:13021 <-> 213.199.179.173:40013 [proto: 125/Skype][1 pkts/72 bytes] + 193 UDP 192.168.1.34:13021 <-> 213.199.179.140:40003 [proto: 125/Skype][1 pkts/70 bytes] + 194 UDP 192.168.1.34:13021 <-> 213.199.179.154:40017 [proto: 125/Skype][1 pkts/78 bytes] + 195 UDP 192.168.1.34:13021 <-> 213.199.179.144:40009 [proto: 125/Skype][1 pkts/69 bytes] + 196 UDP 192.168.1.34:13021 <-> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/79 bytes] + 197 UDP 192.168.1.34:13021 <-> 213.199.179.156:40031 [proto: 125/Skype][1 pkts/79 bytes] + 198 UDP 192.168.1.34:13021 <-> 213.199.179.172:40011 [proto: 125/Skype][1 pkts/76 bytes] + 199 UDP 192.168.1.34:13021 <-> 213.199.179.174:40025 [proto: 125/Skype][1 pkts/71 bytes] + 200 TCP 192.168.1.34:51298 <-> 82.224.110.241:38895 [proto: 125/Skype][14 pkts/1150 bytes] + 201 UDP 192.168.1.1:53 <-> 192.168.1.34:59788 [proto: 5.125/DNS.Skype][2 pkts/180 bytes][Host: e4593.g.akamaiedge.net] + 202 UDP 192.168.1.1:53 <-> 192.168.1.34:60688 [proto: 5.125/DNS.Skype][8 pkts/648 bytes][Host: conn.skype.akadns.net] + 203 UDP 192.168.1.1:53 <-> 192.168.1.34:61016 [proto: 5.125/DNS.Skype][1 pkts/80 bytes][Host: apps.skypeassets.com] + 204 ICMP 192.168.1.1:0 <-> 192.168.1.34:0 [proto: 81/ICMP][4 pkts/328 bytes] + 205 UDP 192.168.1.1:53 <-> 192.168.1.34:63342 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 206 UDP 192.168.1.1:53 <-> 192.168.1.34:63514 [proto: 5.125/DNS.Skype][8 pkts/576 bytes][Host: ui.skype.com] + 207 UDP 192.168.1.1:53 <-> 192.168.1.34:64240 [proto: 5.125/DNS.Skype][7 pkts/511 bytes][Host: api.skype.com] + 208 UDP 192.168.1.1:53 <-> 192.168.1.34:64258 [proto: 5.125/DNS.Skype][7 pkts/546 bytes][Host: b.config.skype.com] + 209 UDP 192.168.1.1:53 <-> 192.168.1.34:64364 [proto: 5.125/DNS.Skype][7 pkts/616 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] + 210 UDP 192.168.1.34:137 <-> 192.168.1.255:137 [proto: 10/NetBIOS][7 pkts/680 bytes] + 211 UDP 192.168.1.1:137 <-> 192.168.1.34:137 [proto: 10/NetBIOS][8 pkts/1142 bytes] + 212 UDP 192.168.1.1:138 <-> 192.168.1.34:138 [proto: 10/NetBIOS][2 pkts/452 bytes] + 213 UDP 192.168.1.34:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][2 pkts/432 bytes] + 214 UDP 192.168.1.92:137 <-> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes] + 215 UDP 192.168.1.92:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][1 pkts/216 bytes] + 216 TCP 192.168.1.34:51318 <-> 212.161.8.36:13392 [proto: 125/Skype][10 pkts/857 bytes] + 217 TCP 192.168.1.34:51236 <-> 111.221.74.45:40008 [proto: 125/Skype][16 pkts/1257 bytes] + 218 TCP 111.221.74.18:40025 <-> 192.168.1.34:51267 [proto: 125/Skype][14 pkts/1163 bytes] + 219 TCP 192.168.1.34:51248 <-> 111.221.77.175:40030 [proto: 125/Skype][16 pkts/1284 bytes] + 220 TCP 192.168.1.34:51227 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][76 pkts/19581 bytes] + 221 IGMP 224.0.0.22:0 <-> 192.168.1.219:0 [proto: 82/IGMP][1 pkts/60 bytes] + 222 IGMP 224.0.0.1:0 <-> 192.168.0.254:0 [proto: 82/IGMP][1 pkts/46 bytes] + 223 IGMP 192.168.1.229:0 <-> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes] + 224 TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][17 pkts/3535 bytes][client: apps.skype.com] + 225 TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][12 pkts/2148 bytes][client: apps.skype.com] + 226 UDP 192.168.1.34:13021 <-> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes] + 227 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125/Skype][17 pkts/1322 bytes] + 228 UDP 239.255.255.250:1900 <-> 192.168.0.254:1025 [proto: 12/SSDP][36 pkts/13402 bytes] + 229 TCP 192.168.1.34:51253 <-> 64.4.23.166:443 [proto: 91/SSL][14 pkts/1432 bytes] + 230 UDP 192.168.1.92:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/142 bytes][Lucas-iMac.local] + 231 UDP 192.168.1.34:13021 <-> 64.4.23.145:40027 [proto: 125/Skype][1 pkts/73 bytes] + 232 UDP 192.168.1.34:13021 <-> 64.4.23.142:40023 [proto: 125/Skype][1 pkts/72 bytes] + 233 UDP 192.168.1.34:13021 <-> 64.4.23.140:40003 [proto: 125/Skype][1 pkts/67 bytes] + 234 TCP 192.168.1.34:51308 <-> 80.121.84.93:443 [proto: 91/SSL][6 pkts/468 bytes] + 235 UDP 192.168.1.34:13021 <-> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/76 bytes] + 236 UDP 192.168.1.34:13021 <-> 64.4.23.148:40029 [proto: 125/Skype][1 pkts/79 bytes] + 237 UDP 192.168.1.34:13021 <-> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/69 bytes] + 238 UDP 192.168.1.34:13021 <-> 64.4.23.171:40031 [proto: 125/Skype][1 pkts/79 bytes] + 239 UDP 192.168.1.34:13021 <-> 64.4.23.158:40021 [proto: 125/Skype][1 pkts/76 bytes] + 240 UDP 192.168.1.34:13021 <-> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/66 bytes] + 241 UDP 192.168.1.34:13021 <-> 64.4.23.176:40001 [proto: 125/Skype][1 pkts/69 bytes] + 242 UDP 65.55.223.33:40002 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes] + 243 UDP 65.55.223.32:40022 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes] + 244 UDP 65.55.223.28:40014 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/74 bytes] + 245 UDP 65.55.223.16:40032 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/70 bytes] + 246 UDP 65.55.223.15:40030 <-> 192.168.1.34:13021 [proto: 125/Skype][1 pkts/77 bytes] + 247 UDP 192.168.1.34:13021 <-> 65.55.223.44:40020 [proto: 125/Skype][1 pkts/76 bytes] + 248 UDP 192.168.1.34:13021 <-> 65.55.223.42:40024 [proto: 125/Skype][1 pkts/76 bytes] + 249 UDP 192.168.1.34:13021 <-> 65.55.223.43:40006 [proto: 125/Skype][1 pkts/77 bytes] + 250 UDP [fe80::c62c:3ff:fe06:49fe]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes] + 251 TCP 192.168.1.34:51240 <-> 111.221.74.45:443 [proto: 91.125/SSL.Skype][14 pkts/1373 bytes] + 252 TCP 111.221.74.18:443 <-> 192.168.1.34:51268 [proto: 125/Skype][14 pkts/1203 bytes] + 253 TCP 192.168.1.34:51250 <-> 111.221.77.175:443 [proto: 91.125/SSL.Skype][14 pkts/1363 bytes] + 254 TCP 192.168.1.34:51269 <-> 213.199.179.175:40029 [proto: 125/Skype][19 pkts/1491 bytes] Undetected flows: @@ -274,10 +275,9 @@ Undetected flows: 5 TCP 192.168.1.34:51315 <-> 212.161.8.36:13392 [proto: 0/Unknown][23 pkts/12290 bytes] 6 TCP 192.168.1.34:51319 <-> 212.161.8.36:13392 [proto: 0/Unknown][1 pkts/78 bytes] 7 TCP 192.168.1.34:51306 <-> 80.121.84.93:62381 [proto: 0/Unknown][6 pkts/468 bytes] - 8 TCP 192.168.1.34:51293 <-> 5.248.186.221:31010 [proto: 0/Unknown][20 pkts/3905 bytes] - 9 TCP 192.168.1.34:51292 <-> 71.238.7.203:18767 [proto: 0/Unknown][30 pkts/4904 bytes] - 10 TCP 192.168.1.34:51314 <-> 93.79.224.176:14506 [proto: 0/Unknown][20 pkts/2059 bytes] - 11 TCP 76.167.161.6:20274 <-> 192.168.1.34:51300 [proto: 0/Unknown][3 pkts/206 bytes] - 12 TCP 149.13.32.15:13392 <-> 192.168.1.34:51312 [proto: 0/Unknown][25 pkts/15642 bytes] - 13 UDP 192.168.1.1:5351 <-> 192.168.1.34:59052 [proto: 0/Unknown][4 pkts/216 bytes] - 14 TCP 192.168.1.34:51303 <-> 80.121.84.93:62381 [proto: 0/Unknown][7 pkts/546 bytes] + 8 TCP 192.168.1.34:51292 <-> 71.238.7.203:18767 [proto: 0/Unknown][30 pkts/4904 bytes] + 9 TCP 192.168.1.34:51314 <-> 93.79.224.176:14506 [proto: 0/Unknown][20 pkts/2059 bytes] + 10 TCP 76.167.161.6:20274 <-> 192.168.1.34:51300 [proto: 0/Unknown][3 pkts/206 bytes] + 11 TCP 149.13.32.15:13392 <-> 192.168.1.34:51312 [proto: 0/Unknown][25 pkts/15642 bytes] + 12 UDP 192.168.1.1:5351 <-> 192.168.1.34:59052 [proto: 0/Unknown][4 pkts/216 bytes] + 13 TCP 192.168.1.34:51303 <-> 80.121.84.93:62381 [proto: 0/Unknown][7 pkts/546 bytes] diff --git a/tests/result/viber_mobile.pcap.out b/tests/result/viber_mobile.pcap.out index 6ae99d378..51b426378 100644 --- a/tests/result/viber_mobile.pcap.out +++ b/tests/result/viber_mobile.pcap.out @@ -70,7 +70,7 @@ Amazon 8 528 1 55 TCP 192.168.200.222:37376 <-> 74.125.68.239:443 [proto: 91.126/SSL.Google][7 pkts/532 bytes] 56 TCP 52.0.253.46:443 <-> 192.168.200.222:43287 [proto: 64/SSL_No_Cert][36 pkts/5874 bytes] 57 UDP 8.8.8.8:53 <-> 192.168.200.222:52263 [proto: 5.142/DNS.WhatsApp][2 pkts/278 bytes][Host: e9.whatsapp.net] - 58 TCP 23.21.254.189:443 <-> 192.168.200.222:51146 [proto: 91/SSL][22 pkts/9241 bytes][client: e.crashlytics.com] + 58 TCP 23.21.254.189:443 <-> 192.168.200.222:51146 [proto: 91/SSL][22 pkts/9241 bytes][client: e.crashlytics.com][server: *.crashlytics.com] 59 TCP 52.0.253.46:4244 <-> 192.168.200.222:43454 [proto: 144/Viber][16 pkts/2043 bytes] 60 TCP 74.125.200.18:443 <-> 192.168.200.222:42040 [proto: 91.122/SSL.GMail][33 pkts/14532 bytes][client: mail.google.com] 61 UDP 37.214.167.82:11905 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][1 pkts/146 bytes] @@ -84,7 +84,7 @@ Amazon 8 528 1 69 UDP 192.168.200.222:39413 <-> 81.192.42.247:15057 [proto: 37/BitTorrent][1 pkts/146 bytes] 70 UDP 92.245.59.202:12998 <-> 192.168.200.222:39413 [proto: 37/BitTorrent][2 pkts/505 bytes] 71 TCP 108.160.172.205:443 <-> 192.168.200.222:51765 [proto: 91.121/SSL.Dropbox][2 pkts/163 bytes] - 72 TCP 107.22.192.179:443 <-> 192.168.200.222:52269 [proto: 91/SSL][26 pkts/10057 bytes][client: settings.crashlytics.com] + 72 TCP 107.22.192.179:443 <-> 192.168.200.222:52269 [proto: 91/SSL][26 pkts/10057 bytes][client: settings.crashlytics.com][server: *.crashlytics.com] Undetected flows: diff --git a/tests/result/webex.pcap.out b/tests/result/webex.pcap.out index 889f7d4f9..2bca4171c 100644 --- a/tests/result/webex.pcap.out +++ b/tests/result/webex.pcap.out @@ -61,5 +61,5 @@ Amazon 3 174 1 53 TCP 10.8.0.1:41358 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][38 pkts/42482 bytes][server: *.webex.com] 54 TCP 10.8.0.1:41386 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][17 pkts/8401 bytes][server: *.webex.com] 55 TCP 10.8.0.1:41394 <-> 64.68.105.103:443 [proto: 91.141/SSL.Webex][11 pkts/697 bytes] - 56 TCP 10.8.0.1:46211 <-> 54.241.32.14:443 [proto: 91/SSL][30 pkts/9568 bytes][client: api.crittercism.com] + 56 TCP 10.8.0.1:46211 <-> 54.241.32.14:443 [proto: 91/SSL][30 pkts/9568 bytes][client: api.crittercism.com][server: *.crittercism.com] 57 TCP 10.8.0.1:44492 <-> 64.68.104.140:443 [proto: 91.141/SSL.Webex][17 pkts/7969 bytes][server: *.webex.com] -- cgit v1.2.3 From 281ba768ec76a5e2823d20a8264a4e0537548fc2 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sat, 1 Apr 2017 21:33:15 +0200 Subject: Added Ookla (SpeedTest) protocol detection --- example/ndpi_util.c | 14 +- src/include/ndpi_protocol_ids.h | 4 +- src/lib/ndpi_main.c | 6 +- src/lib/protocols/http.c | 277 +++++++--------------------------------- 4 files changed, 60 insertions(+), 241 deletions(-) (limited to 'src') diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 3ab6d8da4..d2f002270 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -62,6 +62,10 @@ #define GTP_U_V1_PORT 2152 #define TZSP_PORT 37008 +#ifndef DLT_LINUX_SLL +#define DLT_LINUX_SLL 113 +#endif + #include "ndpi_main.h" #include "ndpi_util.h" @@ -629,7 +633,7 @@ void ndpi_workflow_process_packet (struct ndpi_workflow * workflow, datalink_check: switch(datalink_type) { - case DLT_NULL : + case DLT_NULL: if(ntohl(*((u_int32_t*)&packet[eth_offset])) == 2) type = ETH_P_IP; else @@ -653,7 +657,7 @@ void ndpi_workflow_process_packet (struct ndpi_workflow * workflow, break; /* IEEE 802.3 Ethernet - 1 */ - case DLT_EN10MB : + case DLT_EN10MB: ethernet = (struct ndpi_ethhdr *) &packet[eth_offset]; ip_offset = sizeof(struct ndpi_ethhdr) + eth_offset; check = ntohs(ethernet->h_proto); @@ -674,15 +678,13 @@ void ndpi_workflow_process_packet (struct ndpi_workflow * workflow, break; /* Linux Cooked Capture - 113 */ -#ifdef __linux__ - case DLT_LINUX_SLL : + case DLT_LINUX_SLL: type = (packet[eth_offset+14] << 8) + packet[eth_offset+15]; ip_offset = 16 + eth_offset; break; -#endif /* Radiotap link-layer - 127 */ - case DLT_IEEE802_11_RADIO : + case DLT_IEEE802_11_RADIO: radiotap = (struct ndpi_radiotap_header *) &packet[eth_offset]; radio_len = radiotap->len; diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 7eada61e2..5afa63c92 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -227,9 +227,9 @@ #define NDPI_PROTOCOL_QUIC 188 /* Andrea Buscarinu - Michele Campus */ #define NDPI_PROTOCOL_WHATSAPP_VOICE 189 #define NDPI_PROTOCOL_EAQ 190 +#define NDPI_PROTOCOL_OOKLA 191 -/* 191, 192 are free */ -#define NDPI_PROTOCOL_FREE_191 191 +/* 192 is free */ #define NDPI_PROTOCOL_FREE_192 192 #define NDPI_PROTOCOL_KAKAOTALK 193 /* KakaoTalk Chat (no voice call) */ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 0c5c0f0ff..2250928c4 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1606,9 +1606,13 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "SMPP", NDPI_PROTOCOL_CATEGORY_P2P, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_OOKLA, + no_master, + no_master, "Ookla", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ /* To be removed as soon as we define new protocols */ - ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_191); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_192); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_197); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_208); diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 1bef7f8f5..61d59f856 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -63,7 +63,6 @@ static void flash_check_http_payload(struct ndpi_detection_module_struct pos = &packet->payload[packet->empty_line_position] + 2; - if(memcmp(pos, "FLV", 3) == 0 && pos[3] == 0x01 && (pos[4] == 0x01 || pos[4] == 0x04 || pos[4] == 0x05) && pos[5] == 0x00 && pos[6] == 0x00 && pos[7] == 0x00 && pos[8] == 0x09) { @@ -330,7 +329,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ return; } } - + NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "User Agent Type Line found %.*s\n", packet->user_agent_line.len, packet->user_agent_line.ptr); } @@ -341,7 +340,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HOST Line found %.*s\n", packet->host_line.len, packet->host_line.ptr); - + /* call ndpi_match_host_subprotocol to see if there is a match with known-host http subprotocol */ if((ndpi_struct->http_dont_dissect_response) || flow->http_detected) ndpi_match_host_subprotocol(ndpi_struct, flow, @@ -357,13 +356,13 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ len = ndpi_min(packet->forwarded_line.len, sizeof(flow->nat_ip)-1); strncpy((char*)flow->nat_ip, (char*)packet->forwarded_line.ptr, len); flow->nat_ip[len] = '\0'; - + if(ndpi_struct->http_dont_dissect_response) parseHttpSubprotocol(ndpi_struct, flow); /** check result of host subprotocol detection - + if "detected" in flow == 0 then "detected" = "guess" else "guess" = "detected" **/ @@ -386,7 +385,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ (char *)packet->http_origin.ptr, packet->http_origin.len, NDPI_PROTOCOL_HTTP); - + if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) { if(packet->detected_protocol_stack[0] != NDPI_PROTOCOL_HTTP) { ndpi_int_http_add_connection(ndpi_struct, flow, packet->detected_protocol_stack[0]); @@ -534,225 +533,6 @@ static void http_bitmask_exclude(struct ndpi_flow_struct *flow) #endif } -void _org_ndpi_search_http_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) -{ - struct ndpi_packet_struct *packet = &flow->packet; - - u_int16_t filename_start; - - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "search http\n"); - - /* set client-server_direction */ - if(flow->l4.tcp.http_setup_dir == 0) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "initializes http to stage: 1 \n"); - flow->l4.tcp.http_setup_dir = 1 + packet->packet_direction; - } - - if(NDPI_COMPARE_PROTOCOL_TO_BITMASK - (ndpi_struct->generic_http_packet_bitmask, packet->detected_protocol_stack[0]) != 0) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, - "protocol might be detected earlier as http jump to payload type detection\n"); - goto http_parse_detection; - } - - if(flow->l4.tcp.http_setup_dir == 1 + packet->packet_direction) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "http stage: 1\n"); - - if(flow->l4.tcp.http_wait_for_retransmission) { - if(!packet->tcp_retransmission) { - if(flow->packet_counter <= 5) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "still waiting for retransmission\n"); - return; - } else { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "retransmission not found, exclude\n"); - http_bitmask_exclude(flow); - return; - } - } - } - - if(flow->l4.tcp.http_stage == 0) { - filename_start = http_request_url_offset(ndpi_struct, flow); - if(filename_start == 0) { - if(packet->payload_packet_len >= 7 && memcmp(packet->payload, "HTTP/1.", 7) == 0) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP response found (truncated flow ?)\n"); - ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP); - return; - } - - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "filename not found, exclude\n"); - http_bitmask_exclude(flow); - return; - } - // parse packet - ndpi_parse_packet_line_info(ndpi_struct, flow); - - if(packet->parsed_lines <= 1) { - /* parse one more packet .. */ - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "just one line, search next packet\n"); - - packet->http_method.ptr = packet->line[0].ptr; - packet->http_method.len = filename_start - 1; - flow->l4.tcp.http_stage = 1; - return; - } - // parsed_lines > 1 here - if(packet->line[0].len >= (9 + filename_start) - && memcmp(&packet->line[0].ptr[packet->line[0].len - 9], " HTTP/1.", 8) == 0) { - u_int16_t proto_id; - - packet->http_url_name.ptr = &packet->payload[filename_start]; - packet->http_url_name.len = packet->line[0].len - (filename_start + 9); - - packet->http_method.ptr = packet->line[0].ptr; - packet->http_method.len = filename_start - 1; - - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "http structure detected, adding\n"); - - if(filename_start == 8 && (memcmp(packet->payload, "CONNECT ", 8) == 0)) /* nathan@getoffmalawn.com */ - proto_id = NDPI_PROTOCOL_HTTP_CONNECT; - else { - if((packet->http_url_name.len > 7) && (!strncmp((const char*)packet->http_url_name.ptr, "http://", 7))) - proto_id = NDPI_PROTOCOL_HTTP_PROXY; - else { - proto_id = NDPI_PROTOCOL_HTTP; - } - } - - ndpi_int_http_add_connection(ndpi_struct, flow, proto_id); - check_content_type_and_change_protocol(ndpi_struct, flow); - /* HTTP found, look for host... */ - if(packet->host_line.ptr != NULL) { - /* aaahh, skip this direction and wait for a server reply here */ - flow->l4.tcp.http_stage = 2; - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP START HOST found\n"); - return; - } - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP START HOST found\n"); - - /* host not found, check in next packet after */ - flow->l4.tcp.http_stage = 1; - return; - } - } else if(flow->l4.tcp.http_stage == 1) { - /* SECOND PAYLOAD TRAFFIC FROM CLIENT, FIRST PACKET MIGHT HAVE BEEN HTTP... */ - /* UNKNOWN TRAFFIC, HERE FOR HTTP again.. */ - // parse packet - ndpi_parse_packet_line_info(ndpi_struct, flow); - - if(packet->parsed_lines <= 1) { - /* wait some packets in case request is split over more than 2 packets */ - if(flow->packet_counter < 5) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, - "line still not finished, search next packet\n"); - return; - } else { - /* stop parsing here */ - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, - "HTTP: PACKET DOES NOT HAVE A LINE STRUCTURE\n"); - http_bitmask_exclude(flow); - return; - } - } - // http://www.slideshare.net/DSPIP/rtsp-analysis-wireshark - if(packet->line[0].len >= 9 && memcmp(&packet->line[0].ptr[packet->line[0].len - 9], " HTTP/1.", 8) == 0) { - ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP); - check_content_type_and_change_protocol(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, - "HTTP START HTTP found in 2. packet, check host here...\n"); - /* HTTP found, look for host... */ - flow->l4.tcp.http_stage = 2; - - return; - } - } - } else { - /* We have received a response for a previously identified partial HTTP request */ - - if((packet->parsed_lines == 1) && (packet->packet_direction == 1 /* server -> client */)) { - /* - In apache if you do "GET /\n\n" the response comes without any header so we can assume that - this can be the case - */ - ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP); - return; - } - - } - - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP: REQUEST NOT HTTP CONFORM\n"); - http_bitmask_exclude(flow); - return; - - http_parse_detection: - if(flow->l4.tcp.http_setup_dir == 1 + packet->packet_direction) { - /* we have something like http here, so check for host and content type if possible */ - if(flow->l4.tcp.http_stage == 0 || flow->l4.tcp.http_stage == 3) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP RUN MAYBE NEXT GET/POST...\n"); - // parse packet - ndpi_parse_packet_line_info(ndpi_struct, flow); - /* check for url here */ - filename_start = http_request_url_offset(ndpi_struct, flow); - if(filename_start != 0 && packet->parsed_lines > 1 && packet->line[0].len >= (9 + filename_start) - && memcmp(&packet->line[0].ptr[packet->line[0].len - 9], " HTTP/1.", 8) == 0) { - packet->http_url_name.ptr = &packet->payload[filename_start]; - packet->http_url_name.len = packet->line[0].len - (filename_start + 9); - - packet->http_method.ptr = packet->line[0].ptr; - packet->http_method.len = filename_start - 1; - - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "next http action, " - "resetting to http and search for other protocols later.\n"); - ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP); - } - check_content_type_and_change_protocol(ndpi_struct, flow); - /* HTTP found, look for host... */ - if(packet->host_line.ptr != NULL) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, - "HTTP RUN MAYBE NEXT HOST found, skipping all packets from this direction\n"); - /* aaahh, skip this direction and wait for a server reply here */ - flow->l4.tcp.http_stage = 2; - return; - } - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, - "HTTP RUN MAYBE NEXT HOST NOT found, scanning one more packet from this direction\n"); - flow->l4.tcp.http_stage = 1; - } else if(flow->l4.tcp.http_stage == 1) { - // parse packet and maybe find a packet info with host ptr,... - ndpi_parse_packet_line_info(ndpi_struct, flow); - check_content_type_and_change_protocol(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP RUN second packet scanned\n"); - /* HTTP found, look for host... */ - flow->l4.tcp.http_stage = 2; - } - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, - "HTTP skipping client packets after second packet\n"); - return; - } - /* server response */ - if(flow->l4.tcp.http_stage > 0) { - /* first packet from server direction, might have a content line */ - ndpi_parse_packet_line_info(ndpi_struct, flow); - check_content_type_and_change_protocol(ndpi_struct, flow); - - if(packet->empty_line_position_set != 0 || flow->l4.tcp.http_empty_line_seen == 1) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "empty line. check_http_payload.\n"); - check_http_payload(ndpi_struct, flow); - } - - if(flow->l4.tcp.http_stage == 2) { - flow->l4.tcp.http_stage = 3; - } else { - flow->l4.tcp.http_stage = 0; - } - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, - "HTTP response first or second packet scanned,new stage is: %u\n", flow->l4.tcp.http_stage); - return; - } else { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP response next packet skipped\n"); - } -} - /*************************************************************************************************/ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct, @@ -771,10 +551,10 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct filename_start = http_request_url_offset(ndpi_struct, flow); - if(filename_start == 0) { NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "Filename HTTP not found, we look for possible truncate flow...\n"); + if(packet->payload_packet_len >= 7 && memcmp(packet->payload, "HTTP/1.", 7) == 0) { NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP response found (truncated flow ?)\n"); @@ -783,6 +563,24 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct return; } + if((packet->payload_packet_len == 3) && memcmp(packet->payload, "HI\n", 3) == 0) { + /* This looks like Ookla: we don't give up with HTTP yet */ + flow->l4.tcp.http_stage = 1; + return; + } + + if((packet->payload_packet_len == 23) && (memcmp(packet->payload, "", 23) == 0)) { + /* + + + + + + */ + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_UNKNOWN); + return; + } + NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "Exclude HTTP\n"); http_bitmask_exclude(flow); return; @@ -817,6 +615,13 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct packet->http_method.ptr = packet->line[0].ptr; packet->http_method.len = filename_start - 1; + /* Check for Ookla */ + if((packet->referer_line.len > 0) + && strnstr((const char *)packet->referer_line.ptr, "www.speedtest.net", packet->referer_line.len)) { + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_HTTP); + return; + } + /* Check for additional field introduced by Steam */ int x = 1; if((memcmp(packet->line[x].ptr, "x-steam-sid", 11)) == 0) { @@ -824,7 +629,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct check_content_type_and_change_protocol(ndpi_struct, flow); return; } - + /* Check for additional field introduced by Facebook */ x = 1; while(packet->line[x].len != 0) { @@ -881,8 +686,8 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct check_content_type_and_change_protocol(ndpi_struct, flow); } - if(filename_start == 8 && (memcmp(packet->payload, "CONNECT ", 8) == 0)) /* nathan@getoffmalawn.com */ - { + if(filename_start == 8 && (memcmp(packet->payload, "CONNECT ", 8) == 0)) { + /* nathan@getoffmalawn.com */ NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP_CONNECT Found.\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP_CONNECT); check_content_type_and_change_protocol(ndpi_struct, flow); @@ -892,14 +697,13 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct "HTTP START Found, we will look for sub-protocols (content and host)...\n"); if(packet->host_line.ptr != NULL) { - /** nDPI is pretty scrupulous about HTTP so it waits until the HTTP response is received just to check that it conforms with the HTTP specs. However this might be a waste of time as in 99.99% of the cases is like that. */ - + if(ndpi_struct->http_dont_dissect_response) { if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) /* No subprotocol found */ ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP); @@ -911,7 +715,6 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct } check_content_type_and_change_protocol(ndpi_struct, flow); - return; } } @@ -922,6 +725,16 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP stage %u: \n", flow->l4.tcp.http_stage); + + if(flow->l4.tcp.http_stage == 1) { + if((packet->payload_packet_len > 6) && memcmp(packet->payload, "HELLO ", 6) == 0) { + /* This looks like Ookla */ + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_UNKNOWN); + return; + } else + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_OOKLA); + } + /** At first check, if this is for sure a response packet (in another direction. If not, if http is detected do nothing now and return, otherwise check the second packet for the http request -- cgit v1.2.3 From 0659f9b592cff1718ae1b74060a573f4cbe9a6d5 Mon Sep 17 00:00:00 2001 From: emanuele-f Date: Sun, 2 Apr 2017 11:17:57 +0200 Subject: Replace BSD dependent strnstr with ndpi portable one --- src/lib/protocols/http.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 61d59f856..0b734fa84 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -617,7 +617,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct /* Check for Ookla */ if((packet->referer_line.len > 0) - && strnstr((const char *)packet->referer_line.ptr, "www.speedtest.net", packet->referer_line.len)) { + && ndpi_strnstr((const char *)packet->referer_line.ptr, "www.speedtest.net", packet->referer_line.len)) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_HTTP); return; } -- cgit v1.2.3 From e4ef2d81401bb45b88e4021bcf5bf13e280ba57e Mon Sep 17 00:00:00 2001 From: Luca Date: Tue, 4 Apr 2017 14:42:45 +0200 Subject: Improved Ookla protocol --- src/lib/ndpi_content_match.c.inc | 1 + 1 file changed, 1 insertion(+) (limited to 'src') diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 1ad13fbd2..2b7164932 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -7961,6 +7961,7 @@ ndpi_protocol_match host_match[] = { { ".fbcdn.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { "fbcdn-", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, /* fbcdn-video-a-akamaihd.net */ { ".facebook.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".speedtest.net", "Ookla", NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_ACCEPTABLE }, { ".google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".gstatic.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".googlesyndication.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, -- cgit v1.2.3 From bc68949c769150c8a708505398168afa394ba27a Mon Sep 17 00:00:00 2001 From: Luca Date: Fri, 7 Apr 2017 08:05:39 +0200 Subject: Added AMQP (Advanced Message Queueing Protocol) --- src/include/ndpi_protocol_ids.h | 7 +--- src/include/ndpi_protocols.h | 1 + src/lib/Makefile.am | 1 + src/lib/ndpi_main.c | 9 ++++- src/lib/protocols/amqp.c | 83 ++++++++++++++++++++++++++++++++++++++++ tests/pcap/amqp.pcap | Bin 0 -> 26098 bytes tests/result/amqp.pcap.out | 5 +++ 7 files changed, 100 insertions(+), 6 deletions(-) create mode 100644 src/lib/protocols/amqp.c create mode 100644 tests/pcap/amqp.pcap create mode 100644 tests/result/amqp.pcap.out (limited to 'src') diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 5afa63c92..dfb39af8d 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -1,7 +1,7 @@ /* * ndpi_protocol_ids.h * - * Copyright (C) 2016 - ntop.org + * Copyright (C) 2011-17 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -228,10 +228,7 @@ #define NDPI_PROTOCOL_WHATSAPP_VOICE 189 #define NDPI_PROTOCOL_EAQ 190 #define NDPI_PROTOCOL_OOKLA 191 - -/* 192 is free */ -#define NDPI_PROTOCOL_FREE_192 192 - +#define NDPI_PROTOCOL_AMQP 192 #define NDPI_PROTOCOL_KAKAOTALK 193 /* KakaoTalk Chat (no voice call) */ #define NDPI_PROTOCOL_KAKAOTALK_VOICE 194 /* KakaoTalk Voice */ #define NDPI_PROTOCOL_TWITCH 195 /* Edoardo Dominici */ diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index edf4ca3dc..b3b4092b4 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -202,6 +202,7 @@ void init_aimini_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_i void init_applejuice_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_armagetron_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_ayiya_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); +void init_amqp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_battlefield_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_bgp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_bittorrent_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index 987975c47..3770c9cfc 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -21,6 +21,7 @@ libndpi_la_SOURCES = ndpi_content_match.c.inc \ protocols/applejuice.c \ protocols/armagetron.c \ protocols/ayiya.c \ + protocols/amqp.c \ protocols/battlefield.c \ protocols/bgp.c \ protocols/bittorrent.c \ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 2250928c4..9a2c5d7a5 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1611,9 +1611,13 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "Ookla", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_AMQP, + no_master, + no_master, "AMQP", NDPI_PROTOCOL_CATEGORY_RPC, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ /* To be removed as soon as we define new protocols */ - ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_192); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_197); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_208); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_209); @@ -2687,6 +2691,9 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* BITTORRENT */ init_bittorrent_dissector(ndpi_struct, &a, detection_bitmask); + /* AMQP */ + init_amqp_dissector(ndpi_struct, &a, detection_bitmask); + /* ----------------------------------------------------------------- */ diff --git a/src/lib/protocols/amqp.c b/src/lib/protocols/amqp.c new file mode 100644 index 000000000..72bbc0a38 --- /dev/null +++ b/src/lib/protocols/amqp.c @@ -0,0 +1,83 @@ +/* + * amqp.c + * + * Copyright (C) 2011-17 - ntop.org + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ + + +#include "ndpi_protocols.h" +#ifdef NDPI_PROTOCOL_AMQP + +PACK_ON +struct amqp_header { + u_int8_t ptype; + u_int16_t channel; + u_int32_t length; + u_int16_t class_id, method; +} PACK_OFF; + +static void ndpi_int_amqp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow/* , */ + /* ndpi_protocol_type_t protocol_type */) { + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_AMQP, NDPI_PROTOCOL_UNKNOWN); +} + +void ndpi_search_amqp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { + struct ndpi_packet_struct *packet = &flow->packet; + + NDPI_LOG(NDPI_PROTOCOL_AMQP, ndpi_struct, NDPI_LOG_DEBUG, "search amqp. \n"); + + if (packet->tcp != NULL) { + if(packet->payload_packet_len > sizeof(struct amqp_header)) { + struct amqp_header *h = (struct amqp_header*)packet->payload; + + if(h->ptype <= 3) { + u_int32_t length = htonl(h->length); + + if(((length+8) >= packet->payload_packet_len) + && (length < 32768) /* Upper bound */) { + u_int16_t class_id = htons(h->class_id); + + if((class_id >= 10) /* Connection */ + && (class_id <= 110) /* Tunnel */) { + u_int16_t method = htons(h->method); + + if(method <= 120 /* Method basic NACK */) { + NDPI_LOG(NDPI_PROTOCOL_AMQP, ndpi_struct, NDPI_LOG_DEBUG, "found amqp over tcp. \n"); + ndpi_int_amqp_add_connection(ndpi_struct, flow); + return; + } + } + } + } + } + } +} + + +void init_amqp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { + ndpi_set_bitmask_protocol_detection("AMQP", ndpi_struct, detection_bitmask, *id, + NDPI_PROTOCOL_AMQP, + ndpi_search_amqp, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, + ADD_TO_DETECTION_BITMASK); + + *id += 1; +} + +#endif diff --git a/tests/pcap/amqp.pcap b/tests/pcap/amqp.pcap new file mode 100644 index 000000000..30633f1ed Binary files /dev/null and b/tests/pcap/amqp.pcap differ diff --git a/tests/result/amqp.pcap.out b/tests/result/amqp.pcap.out new file mode 100644 index 000000000..200394193 --- /dev/null +++ b/tests/result/amqp.pcap.out @@ -0,0 +1,5 @@ +AMQP 160 23514 3 + + 1 TCP 127.0.0.1:44205 <-> 127.0.1.1:5672 [proto: 192/AMQP][108 pkts/14423 bytes] + 2 TCP 127.0.0.1:44204 <-> 127.0.1.1:5672 [proto: 192/AMQP][22 pkts/5026 bytes] + 3 TCP 127.0.0.1:44206 <-> 127.0.1.1:5672 [proto: 192/AMQP][30 pkts/4065 bytes] -- cgit v1.2.3 From eed3ba5d1e81680414dd8e28ccdad1567500ec2a Mon Sep 17 00:00:00 2001 From: Jasper van den Berg Date: Fri, 7 Apr 2017 11:47:44 +0200 Subject: unified HTTPDownload name with other HTTP protocols (as HTTP_Download) for consistency --- src/lib/ndpi_main.c | 30 +++++++++++++++--------------- tests/result/starcraft_battle.pcap.out | 4 ++-- tests/result/waze.pcap.out | 4 ++-- 3 files changed, 19 insertions(+), 19 deletions(-) (limited to 'src') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 9a2c5d7a5..e2685908a 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -187,7 +187,7 @@ static void ndpi_tdestroy_recurse(ndpi_node* root, void (*free_action)(void *)) void ndpi_tdestroy(void *vrootp, void (*freefct)(void *)) { ndpi_node *root = (ndpi_node *) vrootp; - + if(root != NULL) ndpi_tdestroy_recurse(root, freefct); } @@ -338,7 +338,7 @@ void ndpi_flow_free(void *ptr) { if(_ndpi_flow_free) _ndpi_flow_free(ptr); else void * ndpi_realloc(void *ptr, size_t old_size, size_t new_size) { void *ret = ndpi_malloc(new_size); - + if(!ret) return(ret); else { @@ -477,9 +477,9 @@ static int ndpi_default_ports_tree_node_t_cmp(const void *a, const void *b) { ndpi_default_ports_tree_node_t *fa = (ndpi_default_ports_tree_node_t*)a; ndpi_default_ports_tree_node_t *fb = (ndpi_default_ports_tree_node_t*)b; - + //printf("[NDPI] %s(%d, %d)\n", __FUNCTION__, fa->default_port, fb->default_port); - + return((fa->default_port == fb->default_port) ? 0 : ((fa->default_port < fb->default_port) ? -1 : 1)); } @@ -488,7 +488,7 @@ static int ndpi_default_ports_tree_node_t_cmp(const void *a, const void *b) void ndpi_default_ports_tree_node_t_walker(const void *node, const ndpi_VISIT which, const int depth) { ndpi_default_ports_tree_node_t *f = *(ndpi_default_ports_tree_node_t **)node; - + printf("<%d>Walk on node %s (%u)\n", depth, @@ -1016,7 +1016,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_HTTP_DOWNLOAD, no_master, - no_master, "HTTPDownload", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, + no_master, "HTTP_Download", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_QQLIVE, @@ -3281,8 +3281,8 @@ void check_ndpi_tcp_flow_func(struct ndpi_detection_module_struct *ndpi_struct, && NDPI_BITMASK_COMPARE(ndpi_struct->callback_buffer_tcp_payload[a].detection_bitmask, detection_bitmask) != 0) { ndpi_struct->callback_buffer_tcp_payload[a].func(ndpi_struct, flow); - - + + if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) break; /* Stop after detecting the first protocol */ } @@ -3347,7 +3347,7 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st if(flow->protos.ssl.client_certificate[0] != '\0') { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SSL, NDPI_PROTOCOL_UNKNOWN); - } else { + } else { if((flow->guessed_protocol_id == NDPI_PROTOCOL_UNKNOWN) && (flow->packet.l4_protocol == IPPROTO_TCP) && (flow->l4.tcp.ssl_stage > 1)) @@ -3485,9 +3485,9 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct /* guess protocol */ flow->guessed_protocol_id = (int16_t) ndpi_guess_protocol_id(ndpi_struct, protocol, sport, dport, &user_defined_proto); - + if(user_defined_proto && flow->guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) { - + if(flow->packet.iph) { /* guess host protocol */ flow->guessed_host_protocol_id = ndpi_network_ptree_match(ndpi_struct, (struct in_addr *)&flow->packet.iph->saddr); @@ -3496,7 +3496,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct if(flow->guessed_host_protocol_id != NDPI_PROTOCOL_UNKNOWN) /* ret.master_protocol = flow->guessed_protocol_id , ret.app_protocol = flow->guessed_host_protocol_id; /\* ****** *\/ */ ret = ndpi_detection_giveup(ndpi_struct, flow); - + return(ret); } } else { @@ -3508,7 +3508,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct } } } - + check_ndpi_flow_func(ndpi_struct, flow, &ndpi_selection_packet); a = flow->packet.detected_protocol_stack[0]; @@ -4111,7 +4111,7 @@ void ndpi_int_change_protocol(struct ndpi_detection_module_struct *ndpi_struct, /* flow->packet.detected_protocol_stack[0] = flow->guessed_host_protocol_id; */ /* /\* master proto for packet *\/ */ /* flow->packet.detected_protocol_stack[1] = flow->guessed_protocol_id; */ - + /* } */ /* } */ @@ -4346,7 +4346,7 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct if(rc != NDPI_PROTOCOL_UNKNOWN) { ret.app_protocol = rc, ret.master_protocol = ndpi_guess_protocol_id(ndpi_struct, proto, sport, dport, &user_defined_proto); - + if(ret.app_protocol == ret.master_protocol) ret.master_protocol = NDPI_PROTOCOL_UNKNOWN; diff --git a/tests/result/starcraft_battle.pcap.out b/tests/result/starcraft_battle.pcap.out index 2056ea4f4..97c178b41 100644 --- a/tests/result/starcraft_battle.pcap.out +++ b/tests/result/starcraft_battle.pcap.out @@ -1,7 +1,7 @@ DNS 26 2848 7 HTTP 271 160676 18 SSDP 11 4984 1 -HTTPDownload 179 134204 1 +HTTP_Download 179 134204 1 WorldOfWarcraft 9 880 1 IGMP 2 120 1 SSL 38 2548 11 @@ -40,7 +40,7 @@ Starcraft 236 51494 6 28 TCP 80.239.186.26:443 <-> 192.168.1.100:3476 [proto: 91/SSL][1 pkts/60 bytes] 29 TCP 80.239.186.40:443 <-> 192.168.1.100:3478 [proto: 91/SSL][1 pkts/60 bytes] 30 TCP 192.168.1.100:2759 <-> 64.233.184.188:5228 [proto: 126/Google][2 pkts/121 bytes] - 31 TCP 192.168.1.100:3508 <-> 87.248.221.254:80 [proto: 7.60/HTTP.HTTPDownload][179 pkts/134204 bytes][Host: llnw.blizzard.com] + 31 TCP 192.168.1.100:3508 <-> 87.248.221.254:80 [proto: 7.60/HTTP.HTTP_Download][179 pkts/134204 bytes][Host: llnw.blizzard.com] 32 UDP 173.194.40.22:443 <-> 192.168.1.100:53568 [proto: 188/QUIC][6 pkts/475 bytes] 33 UDP 192.168.1.100:55468 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/556 bytes][Host: bnetcmsus-a.akamaihd.net] 34 UDP 192.168.1.100:58818 <-> 192.168.1.254:53 [proto: 5/DNS][4 pkts/432 bytes][Host: 91.252.30.192.in-addr.arpa] diff --git a/tests/result/waze.pcap.out b/tests/result/waze.pcap.out index b74ec7a15..2d0d2f207 100644 --- a/tests/result/waze.pcap.out +++ b/tests/result/waze.pcap.out @@ -1,7 +1,7 @@ Unknown 10 786 1 HTTP 28 1572 7 NTP 2 180 1 -HTTPDownload 37 63205 1 +HTTP_Download 37 63205 1 SSL_No_Cert 13 2142 1 SSL 8 432 2 Waze 484 289335 19 @@ -27,7 +27,7 @@ WhatsApp 15 1341 1 18 TCP 10.8.0.1:45546 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][14 pkts/1328 bytes][Host: cres.waze.com] 19 TCP 10.8.0.1:45552 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][14 pkts/1323 bytes][Host: cres.waze.com] 20 TCP 10.8.0.1:45554 <-> 54.230.227.172:80 [proto: 7.135/HTTP.Waze][14 pkts/1319 bytes][Host: cres.waze.com] - 21 TCP 10.8.0.1:54915 <-> 65.39.128.135:80 [proto: 7.60/HTTP.HTTPDownload][37 pkts/63205 bytes][Host: xtra1.gpsonextra.net] + 21 TCP 10.8.0.1:54915 <-> 65.39.128.135:80 [proto: 7.60/HTTP.HTTP_Download][37 pkts/63205 bytes][Host: xtra1.gpsonextra.net] 22 TCP 10.8.0.1:36585 <-> 173.194.118.48:443 [proto: 64/SSL_No_Cert][13 pkts/2142 bytes] 23 TCP 10.8.0.1:43089 <-> 200.160.4.198:443 [proto: 91/SSL][4 pkts/216 bytes] 24 TCP 10.8.0.1:51049 <-> 176.34.103.105:443 [proto: 91.135/SSL.Waze][23 pkts/7823 bytes][server: *.waze.com] -- cgit v1.2.3 From 2b0809f3dc297289f9413db4dde2eaa109a3603e Mon Sep 17 00:00:00 2001 From: Campus Date: Sat, 15 Apr 2017 00:40:01 +0200 Subject: name correction for llc_snap header and minor fix --- example/ndpiReader.c | 2 +- example/ndpi_util.c | 10 +++++----- src/include/ndpi_typedefs.h | 4 +--- 3 files changed, 7 insertions(+), 9 deletions(-) (limited to 'src') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 3df43a9fe..b32650871 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1331,7 +1331,7 @@ static void pcap_packet_callback_checked(u_char *args, u_int16_t thread_id = *((u_int16_t*)args); /* allocate an exact size buffer to check overflows */ - uint8_t *packet_checked = malloc(header->caplen); /* HEAP OVERFLOW !!! */ + uint8_t *packet_checked = malloc(header->caplen); memcpy(packet_checked, packet, header->caplen); p = ndpi_workflow_process_packet(ndpi_thread_info[thread_id].workflow, header, packet_checked); diff --git a/example/ndpi_util.c b/example/ndpi_util.c index a5d9d300d..8fe80111a 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -582,7 +582,7 @@ struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow, /* --- Ethernet header --- */ const struct ndpi_ethhdr *ethernet; /* --- LLC header --- */ - const struct ndpi_llc_header *llc; + const struct ndpi_llc_header_snap *llc; /* --- Cisco HDLC header --- */ const struct ndpi_chdlc *chdlc; @@ -673,13 +673,13 @@ struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow, type = check; if(pyld_eth_len != 0) { - llc = (struct ndpi_llc_header *)(&packet[ip_offset]); + llc = (struct ndpi_llc_header_snap *)(&packet[ip_offset]); /* check for LLC layer with SNAP extension */ if(llc->dsap == SNAP || llc->ssap == SNAP) { -#define SNAP_EXT type = llc->snap.proto_ID; ip_offset += + 8; } + /* No SNAP extension - Spanning Tree pkt must be discarted */ else if(llc->dsap == BSTP || llc->ssap == BSTP) { goto v4_warning; } @@ -716,12 +716,12 @@ struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow, break; /* Check ether_type from LLC */ - llc = (struct ndpi_llc_header*)(packet + eth_offset + wifi_len + radio_len); + llc = (struct ndpi_llc_header_snap*)(packet + eth_offset + wifi_len + radio_len); if(llc->dsap == SNAP) type = ntohs(llc->snap.proto_ID); /* Set IP header offset */ - ip_offset = wifi_len + radio_len + sizeof(struct ndpi_llc_header) + eth_offset; + ip_offset = wifi_len + radio_len + sizeof(struct ndpi_llc_header_snap) + eth_offset; break; case DLT_RAW: diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 490098086..e1fbeb71c 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -138,14 +138,12 @@ struct ndpi_snap_extension } PACK_OFF; PACK_ON -struct ndpi_llc_header +struct ndpi_llc_header_snap { u_int8_t dsap; u_int8_t ssap; u_int8_t ctrl; -#ifdef SNAP_EXT struct ndpi_snap_extension snap; -#endif } PACK_OFF; /* ++++++++++ RADIO TAP header (for IEEE 802.11) +++++++++++++ */ -- cgit v1.2.3 From b97e3ee51a9a17b837a2ed8c30e5ddabbf2d7140 Mon Sep 17 00:00:00 2001 From: Campus Date: Sat, 15 Apr 2017 11:23:03 +0200 Subject: add initial detection for WeChat --- src/include/ndpi_protocol_ids.h | 54 ++++++++++++++++++++-------------------- src/lib/ndpi_content_match.c.inc | 18 +++++--------- src/lib/ndpi_main.c | 1 - 3 files changed, 33 insertions(+), 40 deletions(-) (limited to 'src') diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index dfb39af8d..2c318b341 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -224,46 +224,46 @@ #define NDPI_PROTOCOL_TELEGRAM 185 /* Gianluca Costa */ #define NDPI_PROTOCOL_VEVO 186 #define NDPI_PROTOCOL_PANDORA 187 -#define NDPI_PROTOCOL_QUIC 188 /* Andrea Buscarinu - Michele Campus */ +#define NDPI_PROTOCOL_QUIC 188 /* Andrea Buscarinu - Michele Campus */ #define NDPI_PROTOCOL_WHATSAPP_VOICE 189 -#define NDPI_PROTOCOL_EAQ 190 -#define NDPI_PROTOCOL_OOKLA 191 -#define NDPI_PROTOCOL_AMQP 192 +#define NDPI_PROTOCOL_EAQ 190 +#define NDPI_PROTOCOL_OOKLA 191 +#define NDPI_PROTOCOL_AMQP 192 #define NDPI_PROTOCOL_KAKAOTALK 193 /* KakaoTalk Chat (no voice call) */ #define NDPI_PROTOCOL_KAKAOTALK_VOICE 194 /* KakaoTalk Voice */ -#define NDPI_PROTOCOL_TWITCH 195 /* Edoardo Dominici */ +#define NDPI_PROTOCOL_TWITCH 195 /* Edoardo Dominici */ #define NDPI_PROTOCOL_QUICKPLAY 196 /* Streaming service used by various services such as hooq.tv */ /* 197 is free */ -#define NDPI_PROTOCOL_FREE_197 197 +#define NDPI_PROTOCOL_WECHAT 197 -#define NDPI_PROTOCOL_MPEGTS 198 -#define NDPI_PROTOCOL_SNAPCHAT 199 -#define NDPI_PROTOCOL_SINA 200 -#define NDPI_PROTOCOL_HANGOUT 201 -#define NDPI_PROTOCOL_IFLIX 202 /* www.vizuamatix.com R&D team & M.Mallawaarachchie */ -#define NDPI_PROTOCOL_GITHUB 203 -#define NDPI_PROTOCOL_BJNP 204 -#define NDPI_PROTOCOL_1KXUN 205 -#define NDPI_PROTOCOL_IQIYI 206 -#define NDPI_PROTOCOL_SMPP 207 /* Damir Franusic */ +#define NDPI_PROTOCOL_MPEGTS 198 +#define NDPI_PROTOCOL_SNAPCHAT 199 +#define NDPI_PROTOCOL_SINA 200 +#define NDPI_PROTOCOL_HANGOUT 201 +#define NDPI_PROTOCOL_IFLIX 202 /* www.vizuamatix.com R&D team & M.Mallawaarachchie */ +#define NDPI_PROTOCOL_GITHUB 203 +#define NDPI_PROTOCOL_BJNP 204 +#define NDPI_PROTOCOL_1KXUN 205 +#define NDPI_PROTOCOL_IQIYI 206 +#define NDPI_PROTOCOL_SMPP 207 /* Damir Franusic */ /* 208 - 209 free */ -#define NDPI_PROTOCOL_FREE_208 208 -#define NDPI_PROTOCOL_FREE_209 209 +#define NDPI_PROTOCOL_FREE_208 208 +#define NDPI_PROTOCOL_FREE_209 209 -#define NDPI_PROTOCOL_DEEZER 210 +#define NDPI_PROTOCOL_DEEZER 210 #define NDPI_PROTOCOL_INSTAGRAM 211 /* Andrea Buscarinu */ #define NDPI_PROTOCOL_MICROSOFT 212 #define NDPI_PROTOCOL_STARCRAFT 213 /* Matteo Bracci */ -#define NDPI_PROTOCOL_TEREDO 214 +#define NDPI_PROTOCOL_TEREDO 214 #define NDPI_PROTOCOL_HOTSPOT_SHIELD 215 -#define NDPI_PROTOCOL_HEP 216 /* sipcapture.org QXIP BV */ +#define NDPI_PROTOCOL_HEP 216 /* sipcapture.org QXIP BV */ /* 217 is free */ -#define NDPI_PROTOCOL_FREE_217 217 +#define NDPI_PROTOCOL_FREE_217 217 -#define NDPI_PROTOCOL_OCS 218 +#define NDPI_PROTOCOL_OCS 218 #define NDPI_PROTOCOL_OFFICE_365 219 #define NDPI_PROTOCOL_CLOUDFLARE 220 #define NDPI_PROTOCOL_MS_ONE_DRIVE 221 @@ -271,11 +271,11 @@ #define NDPI_PROTOCOL_RX 223 /* 224 is free */ -#define NDPI_PROTOCOL_FREE_224 224 +#define NDPI_PROTOCOL_FREE_224 224 -#define NDPI_PROTOCOL_OPENDNS 225 -#define NDPI_PROTOCOL_GIT 226 -#define NDPI_PROTOCOL_DRDA 227 +#define NDPI_PROTOCOL_OPENDNS 225 +#define NDPI_PROTOCOL_GIT 226 +#define NDPI_PROTOCOL_DRDA 227 /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ #define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_DRDA diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 2b7164932..df3426129 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8083,16 +8083,6 @@ ndpi_protocol_match host_match[] = { { "evsecure-crl.verisign.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, { ".omniroot.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, -#if 0 - /* The lines below are not just for Office 365 so they cannot be used for this purpose */ - { ".verisign.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".symcb.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".symcd.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".verisign.net", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".geotrust.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".entrust.net", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".public-trust.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, -#endif /* http://www.urlquery.net/report.php?id=1453233646161 */ { "lifedom.top", "Cloudflare", NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "coby.ns.cloudflare.com", "Cloudflare", NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, @@ -8123,16 +8113,20 @@ ndpi_protocol_match host_match[] = { { ".qiyi.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { ".71.am", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { ".qiyipic.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".ppstream.com", "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { ".pps.tv", "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".1kxun.", "1kxun", NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "tcad.wedolook.com", "1kxun", NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { ".steampowered.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, { "steamcommunity.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, { ".steamcontent.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".steamstatic.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { "steamcommunity-a.akamaihd.net", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".steamstatic.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { "steamcommunity-a.akamaihd.net", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + + { ".wechat.com", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, { NULL, 0 } }; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index e2685908a..b07557b5a 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1618,7 +1618,6 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ /* To be removed as soon as we define new protocols */ - ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_197); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_208); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_209); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_217); -- cgit v1.2.3 From 3a21152f4c7b1783a0cd6671af405d0014cf9b4b Mon Sep 17 00:00:00 2001 From: Campus Date: Sat, 15 Apr 2017 21:18:50 +0200 Subject: improved wechat detection --- src/lib/ndpi_content_match.c.inc | 21 +++++- tests/pcap/wechat.pcap | Bin 0 -> 694086 bytes tests/result/KakaoTalk_talk.pcap.out | 4 +- tests/result/quickplay.pcap.out | 12 ++-- tests/result/wechat.pcap.out | 120 +++++++++++++++++++++++++++++++++++ 5 files changed, 147 insertions(+), 10 deletions(-) create mode 100644 tests/pcap/wechat.pcap create mode 100644 tests/result/wechat.pcap.out (limited to 'src') diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index df3426129..d9ceb77a4 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -79,6 +79,17 @@ static ndpi_network host_protocol_list[] = { { 0xA92F2320 /* 169.47.35.32/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, + /* + WeChat + 203.205.147.171 + 203.205.147.173 + 203.205.151.162 + */ + + { 0xCBCD93AB /* 203.205.147.171/32 */, 32, NDPI_PROTOCOL_WECHAT }, + { 0xCBCD93AD /* 203.205.147.173/32 */, 32, NDPI_PROTOCOL_WECHAT }, + { 0xCBCD97A2 /* 203.205.151.162/32 */, 32, NDPI_PROTOCOL_WECHAT }, + /* OpenDNS, LLC origin AS36692, AS30607 @@ -8126,8 +8137,14 @@ ndpi_protocol_match host_match[] = { { ".steamstatic.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, { "steamcommunity-a.akamaihd.net", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".wechat.com", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - + { ".wechat.com", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".wechat.org", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".wechatapp.com", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".we.chat", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".wx.", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".weixin.", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".mmsns.qpic.cn", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { NULL, 0 } }; diff --git a/tests/pcap/wechat.pcap b/tests/pcap/wechat.pcap new file mode 100644 index 000000000..f731d9925 Binary files /dev/null and b/tests/pcap/wechat.pcap differ diff --git a/tests/result/KakaoTalk_talk.pcap.out b/tests/result/KakaoTalk_talk.pcap.out index 97b69377c..96d39ede2 100644 --- a/tests/result/KakaoTalk_talk.pcap.out +++ b/tests/result/KakaoTalk_talk.pcap.out @@ -1,5 +1,4 @@ HTTP 5 280 1 -QQ 15 1727 1 SSL_No_Cert 74 14132 2 RTP 2991 398751 2 SSL 5 1198 1 @@ -9,6 +8,7 @@ HTTP_Proxy 16 1838 2 Tor 40 10538 1 Amazon 4 396 1 KakaoTalk_Voice 44 6196 2 +WeChat 15 1727 1 1 TCP 10.24.82.188:34533 <-> 120.28.26.242:80 [proto: 7/HTTP][5 pkts/280 bytes] 2 TCP 10.24.82.188:58916 <-> 54.255.185.236:5222 [proto: 178/Amazon][4 pkts/396 bytes] @@ -23,7 +23,7 @@ KakaoTalk_Voice 44 6196 2 11 TCP 173.194.72.188:5228 <-> 10.24.82.188:34686 [proto: 126/Google][1 pkts/164 bytes] 12 TCP 110.76.143.50:9001 <-> 10.24.82.188:58857 [proto: 163/Tor][40 pkts/10538 bytes] 13 TCP 173.252.122.1:443 <-> 10.24.82.188:52123 [proto: 91.119/SSL.Facebook][1 pkts/56 bytes] - 14 TCP 10.24.82.188:48489 <-> 203.205.147.215:80 [proto: 7.48/HTTP.QQ][15 pkts/1727 bytes][Host: hkminorshort.weixin.qq.com] + 14 TCP 10.24.82.188:48489 <-> 203.205.147.215:80 [proto: 7.197/HTTP.WeChat][15 pkts/1727 bytes][Host: hkminorshort.weixin.qq.com] 15 UDP 1.201.1.174:23047 <-> 10.24.82.188:10269 [proto: 194/KakaoTalk_Voice][22 pkts/3112 bytes] 16 UDP 1.201.1.174:23046 <-> 10.24.82.188:10268 [proto: 87/RTP][1488 pkts/198510 bytes] 17 UDP 1.201.1.174:23045 <-> 10.24.82.188:11321 [proto: 194/KakaoTalk_Voice][22 pkts/3084 bytes] diff --git a/tests/result/quickplay.pcap.out b/tests/result/quickplay.pcap.out index 277e25fc8..8c6781221 100644 --- a/tests/result/quickplay.pcap.out +++ b/tests/result/quickplay.pcap.out @@ -1,8 +1,8 @@ -QQ 12 4781 5 Facebook 6 1740 3 Google 2 378 1 Amazon 2 1469 1 QuickPlay 133 96179 11 +WeChat 12 4781 5 1 TCP 120.28.26.231:80 <-> 10.54.169.250:33277 [proto: 7.126/HTTP.Google][2 pkts/378 bytes][Host: clients3.google.com] 2 TCP 120.28.35.41:80 <-> 10.54.169.250:50669 [proto: 7.196/HTTP.QuickPlay][4 pkts/3680 bytes][Host: api-singtelhawk.quickplay.com] @@ -11,8 +11,8 @@ QuickPlay 133 96179 11 5 TCP 120.28.35.40:80 <-> 10.54.169.250:52017 [proto: 7.196/HTTP.QuickPlay][8 pkts/6032 bytes][Host: vod-singtelhawk.quickplay.com] 6 TCP 120.28.35.40:80 <-> 10.54.169.250:52019 [proto: 7.196/HTTP.QuickPlay][25 pkts/19606 bytes][Host: vod-singtelhawk.quickplay.com] 7 TCP 120.28.35.40:80 <-> 10.54.169.250:52021 [proto: 7.196/HTTP.QuickPlay][4 pkts/2754 bytes][Host: vod-singtelhawk.quickplay.com] - 8 TCP 203.205.147.215:80 <-> 10.54.169.250:35670 [proto: 7.48/HTTP.QQ][2 pkts/943 bytes][Host: hkminorshort.weixin.qq.com] - 9 TCP 203.205.129.101:80 <-> 10.54.169.250:42762 [proto: 7.48/HTTP.QQ][2 pkts/877 bytes][Host: hkextshort.weixin.qq.com] + 8 TCP 203.205.147.215:80 <-> 10.54.169.250:35670 [proto: 7.197/HTTP.WeChat][2 pkts/943 bytes][Host: hkminorshort.weixin.qq.com] + 9 TCP 203.205.129.101:80 <-> 10.54.169.250:42762 [proto: 7.197/HTTP.WeChat][2 pkts/877 bytes][Host: hkextshort.weixin.qq.com] 10 TCP 173.252.74.22:80 <-> 10.54.169.250:52285 [proto: 7.119/HTTP.Facebook][2 pkts/582 bytes][Host: www.facebook.com] 11 TCP 31.13.68.49:80 <-> 10.54.169.250:44793 [proto: 7.119/HTTP.Facebook][2 pkts/576 bytes][Host: www.facebook.com] 12 TCP 120.28.5.18:80 <-> 10.54.169.250:33064 [proto: 7.196/HTTP.QuickPlay][2 pkts/467 bytes][Host: api-singtelhawk.quickplay.com] @@ -21,7 +21,7 @@ QuickPlay 133 96179 11 15 TCP 120.28.35.41:80 <-> 10.54.169.250:50668 [proto: 7.196/HTTP.QuickPlay][4 pkts/3360 bytes][Host: api-singtelhawk.quickplay.com] 16 TCP 120.28.35.40:80 <-> 10.54.169.250:52018 [proto: 7.196/HTTP.QuickPlay][7 pkts/5048 bytes][Host: vod-singtelhawk.quickplay.com] 17 TCP 120.28.35.40:80 <-> 10.54.169.250:52022 [proto: 7.196/HTTP.QuickPlay][7 pkts/4284 bytes][Host: vod-singtelhawk.quickplay.com] - 18 TCP 203.205.129.101:80 <-> 10.54.169.250:42761 [proto: 7.48/HTTP.QQ][2 pkts/641 bytes][Host: hkextshort.weixin.qq.com] + 18 TCP 203.205.129.101:80 <-> 10.54.169.250:42761 [proto: 7.197/HTTP.WeChat][2 pkts/641 bytes][Host: hkextshort.weixin.qq.com] 19 TCP 173.252.74.22:80 <-> 10.54.169.250:52288 [proto: 7.119/HTTP.Facebook][2 pkts/582 bytes][Host: www.facebook.com] - 20 TCP 203.205.151.160:80 <-> 10.54.169.250:54883 [proto: 7.48/HTTP.QQ][3 pkts/1337 bytes][Host: hkextshort.weixin.qq.com] - 21 TCP 203.205.151.160:80 <-> 10.54.169.250:54885 [proto: 7.48/HTTP.QQ][3 pkts/983 bytes][Host: hkextshort.weixin.qq.com] + 20 TCP 203.205.151.160:80 <-> 10.54.169.250:54883 [proto: 7.197/HTTP.WeChat][3 pkts/1337 bytes][Host: hkextshort.weixin.qq.com] + 21 TCP 203.205.151.160:80 <-> 10.54.169.250:54885 [proto: 7.197/HTTP.WeChat][3 pkts/983 bytes][Host: hkextshort.weixin.qq.com] diff --git a/tests/result/wechat.pcap.out b/tests/result/wechat.pcap.out new file mode 100644 index 000000000..b81a52377 --- /dev/null +++ b/tests/result/wechat.pcap.out @@ -0,0 +1,120 @@ +Unknown 1 110 1 +DNS 6 494 3 +HTTP 70 4620 8 +MDNS 116 10672 4 +NTP 1 90 1 +NetBIOS 12 1579 2 +DHCP 1 342 1 +IGMP 24 1280 4 +SSL 21 1209 3 +ICMPV6 3 218 2 +Google 128 29925 17 +LLMNR 12 944 6 +WeChat 1277 615827 51 + + 1 UDP 192.168.1.103:33915 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes][Host: webpush.web.wechat.com] + 2 TCP 192.168.1.103:40740 <-> 203.205.151.211:443 [proto: 91/SSL][8 pkts/469 bytes] + 3 UDP 192.168.1.103:41759 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/162 bytes][Host: 2.debian.pool.ntp.org] + 4 UDP 192.168.1.103:42589 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes][Host: ssl.gstatic.com] + 5 UDP 192.168.1.103:43317 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes][Host: webpush.web.wechat.com] + 6 UDP 192.168.1.103:43705 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/172 bytes][Host: webpush.web.wechat.com.lan] + 7 TCP 203.205.158.34:443 <-> 192.168.1.103:43850 [proto: 91.197/SSL.WeChat][24 pkts/8792 bytes][client: res.wx.qq.com] + 8 UDP 192.168.1.103:44063 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/162 bytes][Host: 1.debian.pool.ntp.org] + 9 UDP [fe80::91f9:3df3:7436:6cd6]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][14 pkts/1428 bytes] + 10 TCP 172.217.23.78:443 <-> 192.168.1.103:53220 [proto: 91.126/SSL.Google][8 pkts/583 bytes] + 11 TCP 216.58.205.78:443 <-> 192.168.1.103:47627 [proto: 91.126/SSL.Google][7 pkts/517 bytes] + 12 TCP 192.168.1.103:49787 <-> 216.58.205.142:443 [proto: 91.126/SSL.Google][6 pkts/396 bytes] + 13 UDP 192.168.1.103:53515 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/86 bytes][Host: webpush.web.wechat.com.lan] + 14 TCP 192.168.1.103:54084 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][6 pkts/1000 bytes] + 15 TCP 192.168.1.103:54058 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][179 pkts/76956 bytes] + 16 TCP 192.168.1.103:54090 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][17 pkts/4669 bytes][client: web.wechat.com] + 17 TCP 192.168.1.103:54092 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][26 pkts/11506 bytes][client: web.wechat.com] + 18 TCP 192.168.1.103:54094 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][40 pkts/18455 bytes][client: web.wechat.com] + 19 TCP 192.168.1.103:54096 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][17 pkts/4669 bytes][client: web.wechat.com] + 20 TCP 192.168.1.103:54098 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][38 pkts/15082 bytes][client: web.wechat.com] + 21 TCP 192.168.1.103:54100 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][27 pkts/10532 bytes][client: web.wechat.com] + 22 TCP 192.168.1.103:54102 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][28 pkts/18041 bytes][client: web.wechat.com] + 23 TCP 192.168.1.103:54104 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][17 pkts/4669 bytes][client: web.wechat.com] + 24 TCP 192.168.1.103:54110 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/132 bytes] + 25 TCP 192.168.1.103:54106 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/132 bytes] + 26 TCP 192.168.1.103:54112 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][9 pkts/618 bytes] + 27 TCP 192.168.1.103:54114 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][9 pkts/618 bytes] + 28 TCP 192.168.1.103:54118 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][18 pkts/4735 bytes][client: web.wechat.com] + 29 TCP 192.168.1.103:54120 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][18 pkts/4743 bytes][client: web.wechat.com] + 30 UDP 192.168.1.103:56367 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/164 bytes][Host: webpush.web.wechat.com] + 31 TCP 192.168.1.103:58036 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][26 pkts/11518 bytes][client: web.wechat.com] + 32 UDP 192.168.1.103:58165 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes][Host: webpush.web.wechat.com] + 33 TCP 192.168.1.103:58038 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][59 pkts/29728 bytes][client: web.wechat.com] + 34 TCP 192.168.1.103:58040 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][49 pkts/24468 bytes][client: web.wechat.com] + 35 TCP 192.168.1.103:58042 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][22 pkts/9520 bytes][client: web.wechat.com] + 36 TCP 192.168.1.103:58226 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][6 pkts/396 bytes] + 37 UDP 192.168.1.103:59567 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/79 bytes][Host: ssl.gstatic.com.lan] + 38 TCP 192.168.1.103:58143 <-> 216.58.205.131:443 [proto: 91.126/SSL.Google][3 pkts/1078 bytes] + 39 UDP 216.58.198.46:443 <-> 192.168.1.103:57591 [proto: 188.126/QUIC.Google][13 pkts/4812 bytes][Host: docs.google.com] + 40 UDP 192.168.1.100:57401 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes][Host: mcztmpkc] + 41 TCP 95.101.34.33:80 <-> 192.168.1.103:34996 [proto: 7/HTTP][9 pkts/594 bytes] + 42 TCP 95.101.34.33:80 <-> 192.168.1.103:35000 [proto: 7/HTTP][9 pkts/594 bytes] + 43 UDP [fe80::7a92:9cff:fe0f:a88e]:5353 <-> [ff02::fb]:5353 [proto: 8/MDNS][44 pkts/4488 bytes] + 44 TCP 192.168.1.103:54205 <-> 64.233.167.188:443 [proto: 91.126/SSL.Google][2 pkts/132 bytes] + 45 ICMPV6 [fe80::842:a3f3:a286:6c5b]:0 <-> [ff02::2]:0 [proto: 102/ICMPV6][2 pkts/132 bytes] + 46 UDP [fe80::91f9:3df3:7436:6cd6]:5355 <-> [ff02::1:3]:50440 [proto: 154/LLMNR][2 pkts/180 bytes][Host: lbjamwptxz] + 47 TCP 192.168.1.103:52020 <-> 95.101.180.179:80 [proto: 7/HTTP][8 pkts/528 bytes] + 48 UDP 172.217.23.67:443 <-> 192.168.1.103:35601 [proto: 188.126/QUIC.Google][10 pkts/3972 bytes][Host: ssl.gstatic.com] + 49 TCP 172.217.22.14:443 <-> 192.168.1.103:38657 [proto: 91.126/SSL.Google][34 pkts/8681 bytes][client: safebrowsing.googleusercontent.com] + 50 UDP 0.0.0.0:68 <-> 255.255.255.255:67 [proto: 18/DHCP][1 pkts/342 bytes][Host: iphonedimonica] + 51 UDP 192.168.1.103:37578 <-> 193.204.114.233:123 [proto: 9/NTP][1 pkts/90 bytes] + 52 TCP 192.168.1.103:40741 <-> 203.205.151.211:443 [proto: 91/SSL][4 pkts/216 bytes] + 53 UDP 192.168.1.103:42074 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][2 pkts/158 bytes][Host: ssl.gstatic.com.lan] + 54 UDP 192.168.1.103:42856 <-> 192.168.1.254:53 [proto: 5/DNS][2 pkts/170 bytes][Host: 1.debian.pool.ntp.org.lan] + 55 ICMPV6 [::]:0 <-> [ff02::1:ff86:6c5b]:0 [proto: 102/ICMPV6][1 pkts/86 bytes] + 56 TCP 203.205.158.34:443 <-> 192.168.1.103:43851 [proto: 91/SSL][9 pkts/524 bytes] + 57 UDP 192.168.1.103:44346 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/86 bytes][Host: webpush.web.wechat.com.lan] + 58 UDP 192.168.1.103:45366 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/164 bytes][Host: webpush.web.wechat.com] + 59 UDP 192.168.1.103:46078 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][2 pkts/309 bytes][Host: ssl.gstatic.com] + 60 UDP 172.217.23.67:443 <-> 192.168.1.103:51507 [proto: 188.126/QUIC.Google][13 pkts/6836 bytes][Host: ssl.gstatic.com] + 61 UDP 192.168.1.103:53734 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][2 pkts/366 bytes][Host: safebrowsing.googleusercontent.com] + 62 TCP 192.168.1.103:54085 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][3 pkts/198 bytes] + 63 TCP 192.168.1.103:54089 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][41 pkts/26587 bytes][client: web.wechat.com] + 64 TCP 192.168.1.103:54091 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][15 pkts/4537 bytes][client: web.wechat.com] + 65 TCP 192.168.1.103:54093 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][8 pkts/552 bytes] + 66 TCP 192.168.1.103:54095 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][39 pkts/25723 bytes][client: web.wechat.com] + 67 TCP 192.168.1.103:54097 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][44 pkts/19995 bytes][client: web.wechat.com] + 68 TCP 192.168.1.103:54099 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][54 pkts/36453 bytes][client: web.wechat.com] + 69 TCP 192.168.1.103:54101 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][86 pkts/65999 bytes][client: web.wechat.com] + 70 TCP 192.168.1.103:54103 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][96 pkts/63642 bytes][client: web.wechat.com] + 71 TCP 192.168.1.103:54109 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/132 bytes] + 72 TCP 192.168.1.103:54111 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][26 pkts/9761 bytes][client: web.wechat.com] + 73 TCP 192.168.1.103:54113 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][73 pkts/44045 bytes][client: web.wechat.com] + 74 TCP 192.168.1.103:54117 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][36 pkts/14963 bytes][client: web.wechat.com] + 75 TCP 192.168.1.103:54119 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][50 pkts/30965 bytes][client: web.wechat.com] + 76 TCP 192.168.1.103:54183 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/2508 bytes] + 77 UDP 192.168.1.103:55862 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][2 pkts/302 bytes][Host: docs.google.com] + 78 TCP 192.168.1.103:58037 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][8 pkts/552 bytes] + 79 TCP 192.168.1.103:58039 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][17 pkts/1146 bytes] + 80 TCP 192.168.1.103:58041 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][18 pkts/4743 bytes][client: web.wechat.com] + 81 TCP 192.168.1.103:58043 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][5 pkts/354 bytes] + 82 UDP 192.168.1.103:60356 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/465 bytes][Host: web.wechat.com] + 83 UDP 192.168.1.103:60562 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][2 pkts/309 bytes][Host: ssl.gstatic.com] + 84 UDP 192.168.1.100:49832 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes][Host: cansaqcq] + 85 UDP 192.168.1.100:138 <-> 192.168.1.255:138 [proto: 10/NetBIOS][3 pkts/751 bytes] + 86 UDP 192.168.1.100:137 <-> 192.168.1.255:137 [proto: 10/NetBIOS][9 pkts/828 bytes] + 87 UDP 192.168.1.100:54124 <-> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/140 bytes][Host: lbjamwptxz] + 88 IGMP 224.0.0.1:0 <-> 192.168.1.254:0 [proto: 82/IGMP][4 pkts/200 bytes] + 89 IGMP 224.0.0.22:0 <-> 192.168.1.100:0 [proto: 82/IGMP][15 pkts/810 bytes] + 90 IGMP 224.0.0.22:0 <-> 192.168.1.103:0 [proto: 82/IGMP][4 pkts/216 bytes] + 91 IGMP 224.0.0.22:0 <-> 192.168.1.108:0 [proto: 82/IGMP][1 pkts/54 bytes] + 92 TCP 192.168.1.103:36017 <-> 64.233.167.188:5228 [proto: 126/Google][20 pkts/1320 bytes] + 93 TCP 95.101.34.33:80 <-> 192.168.1.103:34999 [proto: 7/HTTP][9 pkts/594 bytes] + 94 TCP 95.101.34.33:80 <-> 192.168.1.103:34981 [proto: 7/HTTP][9 pkts/594 bytes] + 95 TCP 95.101.34.34:80 <-> 192.168.1.103:39207 [proto: 7/HTTP][9 pkts/594 bytes] + 96 TCP 95.101.34.34:80 <-> 192.168.1.103:39195 [proto: 7/HTTP][8 pkts/528 bytes] + 97 TCP 95.101.34.34:80 <-> 192.168.1.103:39231 [proto: 7/HTTP][9 pkts/594 bytes] + 98 UDP 192.168.1.103:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][44 pkts/3608 bytes] + 99 UDP 192.168.1.100:5353 <-> 224.0.0.251:5353 [proto: 8/MDNS][14 pkts/1148 bytes] + 100 UDP 192.168.1.103:19041 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/610 bytes][Host: res.wx.qq.com] + 101 UDP [fe80::91f9:3df3:7436:6cd6]:5355 <-> [ff02::1:3]:49195 [proto: 154/LLMNR][2 pkts/176 bytes][Host: cansaqcq] + 102 UDP [fe80::91f9:3df3:7436:6cd6]:5355 <-> [ff02::1:3]:50577 [proto: 154/LLMNR][2 pkts/176 bytes][Host: mcztmpkc] + + +Undetected flows: + 1 0 [fe80::842:a3f3:a286:6c5b]:0 <-> [ff02::16]:0 [proto: 0/Unknown][1 pkts/110 bytes] -- cgit v1.2.3 From 45582194cf0fa64160530e8dac1e6fb4410e95a2 Mon Sep 17 00:00:00 2001 From: Luca Date: Wed, 19 Apr 2017 09:56:51 +0200 Subject: Added DNScrypt detection --- src/include/ndpi_protocol_ids.h | 7 +++---- src/lib/ndpi_content_match.c.inc | 4 +++- src/lib/ndpi_main.c | 10 +++++++--- 3 files changed, 13 insertions(+), 8 deletions(-) (limited to 'src') diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 2c318b341..726736a06 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -233,8 +233,6 @@ #define NDPI_PROTOCOL_KAKAOTALK_VOICE 194 /* KakaoTalk Voice */ #define NDPI_PROTOCOL_TWITCH 195 /* Edoardo Dominici */ #define NDPI_PROTOCOL_QUICKPLAY 196 /* Streaming service used by various services such as hooq.tv */ - -/* 197 is free */ #define NDPI_PROTOCOL_WECHAT 197 #define NDPI_PROTOCOL_MPEGTS 198 @@ -248,8 +246,9 @@ #define NDPI_PROTOCOL_IQIYI 206 #define NDPI_PROTOCOL_SMPP 207 /* Damir Franusic */ -/* 208 - 209 free */ -#define NDPI_PROTOCOL_FREE_208 208 +#define NDPI_PROTOCOL_DNSCRYPT 208 + +/* 209 free */ #define NDPI_PROTOCOL_FREE_209 209 #define NDPI_PROTOCOL_DEEZER 210 diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index d9ceb77a4..6bf18ffbc 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8144,7 +8144,7 @@ ndpi_protocol_match host_match[] = { { ".wx.", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, { ".weixin.", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, { ".mmsns.qpic.cn", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - + { "dnscrypt.org", "DNScrypt", NDPI_PROTOCOL_DNSCRYPT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, { NULL, 0 } }; @@ -8217,6 +8217,8 @@ ndpi_protocol_match content_match[] = { - www.qbtxzhetq4s2f.com - www.fgd2iwya7vinfutj5wq5we.net + See also DGA (Domain Generation Algorithm) + In essence www..com|net To do things properly we should check if host name in the certificate diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index b07557b5a..5e864383a 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1616,9 +1616,13 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "AMQP", NDPI_PROTOCOL_CATEGORY_RPC, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - - /* To be removed as soon as we define new protocols */ - ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_208); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DNSCRYPT, + no_master, + no_master, "DNScrypt", NDPI_PROTOCOL_CATEGORY_NETWORK, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ + +/* To be removed as soon as we define new protocols */ ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_209); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_217); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_224); -- cgit v1.2.3 From e2f2111637638192b0e8c40aaf90046904873a4a Mon Sep 17 00:00:00 2001 From: Campus Date: Fri, 21 Apr 2017 01:42:54 +0200 Subject: update bittorrent detection - fix https://github.com/ntop/nDPI/issues/362 --- src/lib/ndpi_content_match.c.inc | 56 +++++++++++++++++++++++++++++++++++++++- src/lib/ndpi_main.c | 2 +- 2 files changed, 56 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 6bf18ffbc..85cfc0ec9 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -833,6 +833,21 @@ static ndpi_network host_protocol_list[] = { { 0x5B6C3800 /* 91.108.56.0/22 */, 22, NDPI_PROTOCOL_TELEGRAM }, { 0x959AA000 /* 149.154.160.0/20 */, 20, NDPI_PROTOCOL_TELEGRAM }, + /* + BitTorrent + */ + + { 0xB9381424 /* 185.56.20.36/32 */, 32, NDPI_PROTOCOL_BITTORRENT }, + { 0xC0DEED0A /* 192.222.237.10/32 */, 32, NDPI_PROTOCOL_BITTORRENT }, + { 0x4DDEAE14 /* 77.222.174.20/32 */, 32, NDPI_PROTOCOL_BITTORRENT }, + { 0x25779CBD /* 37.119.156.189/32 */, 32, NDPI_PROTOCOL_BITTORRENT }, + { 0x05277C26 /* 5.39.124.38/32 */, 32, NDPI_PROTOCOL_BITTORRENT }, + { 0x4FC0AB43 /* 79.192.171.67/32 */, 32, NDPI_PROTOCOL_BITTORRENT }, + { 0xAC100010 /* 172.16.0.16/32 */, 32, NDPI_PROTOCOL_BITTORRENT }, + { 0xB2A4F550 /* 178.164.245.80/32 */, 32, NDPI_PROTOCOL_BITTORRENT }, + { 0xAE597B3E /* 174.89.123.62/32 */, 32, NDPI_PROTOCOL_BITTORRENT }, + + /* Tor http://torstatus.blutmagie.de/ip_list_all.php/Tor_ip_list_ALL.csv @@ -7952,14 +7967,18 @@ ndpi_protocol_match host_match[] = { { "amazonaws.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "amazon-adsystem.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".cloudfront.net", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".apple.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".mzstatic.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".icloud.com", "AppleiCloud", NDPI_PROTOCOL_APPLE_ICLOUD, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "itunes.apple.com", "AppleiTunes", NDPI_PROTOCOL_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { ".cnn.c", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, { ".cnn.net", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { ".dropbox.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE }, { "log.getdropbox.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE }, + { ".ebay.", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".ebay.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".ebaystatic.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, @@ -7967,12 +7986,15 @@ ndpi_protocol_match host_match[] = { { ".ebayrtm.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".ebaystratus.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".ebayimg.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "facebook.com", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { "fbstatic-a.akamaihd.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { ".fbcdn.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { "fbcdn-", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, /* fbcdn-video-a-akamaihd.net */ { ".facebook.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".speedtest.net", "Ookla", NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_ACCEPTABLE }, + { ".google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".gstatic.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".googlesyndication.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, @@ -7986,18 +8008,25 @@ ndpi_protocol_match host_match[] = { { "googleapis.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "ggpht.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "1e100.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "maps.google.", "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "maps.gstatic.com", "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".gmail.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_SAFE }, { "mail.google.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_SAFE }, + { "mail.outlook.com", "Hotmail", NDPI_PROTOCOL_HOTMAIL, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_SAFE }, + { ".last.fm", "LastFM", NDPI_PROTOCOL_LASTFM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { "msn.com", "MSN", NDPI_PROTOCOL_MSN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { "netflix.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "nflxext.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "nflximg.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "nflximg.net", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "nflxvideo.net", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".skype.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, { ".skypeassets.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, { ".skypedata.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, @@ -8007,20 +8036,27 @@ ndpi_protocol_match host_match[] = { { "e7768.b.akamaiedge.net", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, { "e4593.dspg.akamaiedge.net", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, { "e4593.g.akamaiedge.net", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".tuenti.com", "Tuenti", NDPI_PROTOCOL_TUENTI, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".twttr.com", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, { "twitter.", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, { "twimg.com", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, + { ".viber.com", "Viber", NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, { ".cdn.viber.com", "Viber", NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { "wikipedia.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "wikimedia.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "mediawiki.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "wikimediafoundation.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".whatsapp.", "WhatsApp", NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { ".yahoo.", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".yimg.com", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "yahooapis.", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "youtube.", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "youtu.be.", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "yt3.ggpht.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, @@ -8029,17 +8065,26 @@ ndpi_protocol_match host_match[] = { { "youtube-nocookie.", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "ggpht.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "googleusercontent.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".vevo.com", "Vevo", NDPI_PROTOCOL_VEVO, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".spotify.", "Spotify", NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".pandora.com", "Pandora", NDPI_PROTOCOL_PANDORA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".torproject.org", "Tor", NDPI_PROTOCOL_TOR, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, + { ".kakao.com", "KakaoTalk", NDPI_PROTOCOL_KAKAOTALK, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_FUN }, + { "ttvnw.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "static-cdn.jtvnw.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "www-cdn.jtvnw.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "quickplay.com", "QuickPlay", NDPI_PROTOCOL_QUICKPLAY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".qq.com", "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, { ".gtimg.com", "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".weibo.com", "Sina(Weibo)", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { ".sinaimg.cn", "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { ".sinajs.cn", "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, @@ -8060,6 +8105,7 @@ ndpi_protocol_match host_match[] = { { "instagramstatic-", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, { ".waze.com", "Waze", NDPI_PROTOCOL_WAZE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".deezer.com", "Deezer", NDPI_PROTOCOL_DEEZER, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".microsoft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, @@ -8068,17 +8114,22 @@ ndpi_protocol_match host_match[] = { { ".webtrends.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".msecnd.net", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".visualstudio.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "bn1301.storage.live.com", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE,NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, { "*.gateway.messenger.live.com", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, { "skyapi.live.net", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, { "d.docs.live.net", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { "update.microsoft.com", "WindowsUpdate", NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, { ".windowsupdate.com", "WindowsUpdate", NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, { "worldofwarcraft.com", "WorldOfWarcraft", NDPI_PROTOCOL_WORLDOFWARCRAFT, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".anchorfree.", "HotspotShield", NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, { "hotspotshield.com", "HotspotShield", NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, + { ".webex.com", "Webex", NDPI_PROTOCOL_WEBEX, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".ocsdomain.com", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, { "ocs.fr", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, { ".ocs.fr", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, @@ -8144,7 +8195,10 @@ ndpi_protocol_match host_match[] = { { ".wx.", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, { ".weixin.", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, { ".mmsns.qpic.cn", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { "dnscrypt.org", "DNScrypt", NDPI_PROTOCOL_DNSCRYPT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, + + { "dnscrypt.org", "DNScrypt", NDPI_PROTOCOL_DNSCRYPT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, + + { "torrent.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_P2P, NDPI_PROTOCOL_ACCEPTABLE }, { NULL, 0 } }; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 5e864383a..a7d5f7bd8 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -902,7 +902,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BITTORRENT, no_master, no_master, "BitTorrent", NDPI_PROTOCOL_CATEGORY_P2P, - ndpi_build_default_ports(ports_a, 51413, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_a, 51413, 53646, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 6771, 51413, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TEREDO, no_master, -- cgit v1.2.3 From af5021d571b682d540b796eb59f31dcddd3f3aa0 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sat, 29 Apr 2017 08:32:28 +0000 Subject: Fixed warning --- src/lib/protocols/oscar.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/lib/protocols/oscar.c b/src/lib/protocols/oscar.c index 869b36378..d6ca25cde 100644 --- a/src/lib/protocols/oscar.c +++ b/src/lib/protocols/oscar.c @@ -579,7 +579,7 @@ static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct { /* request ID */ req_ID = get_u_int32_t(packet->payload, 12); - if((req_ID <= 4294967295)) + if((req_ID <= ((u_int32_t)-1))) { NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR Detected \n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); -- cgit v1.2.3 From 205b82f6ba0018f2b7620a0558bfd78723fc2a2d Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 1 May 2017 21:20:43 +0200 Subject: Added new API calls - ndpi_add_string_value_to_automa - ndpi_match_string_id --- libndpi.sym | 2 ++ src/include/ndpi_api.h | 24 ++++++++++++++++++++++++ src/lib/ndpi_main.c | 27 +++++++++++++++++++++++++-- 3 files changed, 51 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/libndpi.sym b/libndpi.sym index 3fb3d9c33..6eb2f7bcb 100644 --- a/libndpi.sym +++ b/libndpi.sym @@ -41,9 +41,11 @@ ndpi_set_detected_protocol ndpi_match_string_subprotocol ndpi_init_automa ndpi_free_automa +ndpi_add_string_value_to_automa ndpi_add_string_to_automa ndpi_finalize_automa ndpi_match_string +ndpi_match_string_id set_ndpi_malloc set_ndpi_free set_ndpi_debug_function diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index bcc5fe51f..b2c6b6952 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -566,6 +566,18 @@ extern "C" { * * @par The automata initialized with ndpi_init_automa(); * @par The (sub)string to search + * @par The number associated with this string + * @return 0 in case of no error, or -1 if an error occurred. + * + */ + int ndpi_add_string_value_to_automa(void *_automa, char *str, unsigned long num); + + + /** + * Add a string to match to an automata. Same as ndpi_add_string_value_to_automa() with num set to 1 + * + * @par The automata initialized with ndpi_init_automa(); + * @par The (sub)string to search * @return 0 in case of no error, or -1 if an error occurred. * */ @@ -592,6 +604,18 @@ extern "C" { int ndpi_match_string(void *_automa, char *string_to_match); + /** + * Add a string to match to an automata + * + * @par The automata initialized with ndpi_init_automa(); + * @par The (sub)string to search + * @par The id associated with the matched string or 0 id not found. + * @return 0 in case of match, or -1 if no match, or -2 if an error occurred. + * + */ + int ndpi_match_string_id(void *_automa, char *string_to_match, unsigned long *id); + + /* Utility functions to set ndpi malloc/free/print wrappers */ void set_ndpi_malloc(void* (*__ndpi_malloc)(size_t size)); void set_ndpi_free(void (*__ndpi_free)(void *ptr)); diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 0c5c0f0ff..8783ef6cd 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1858,18 +1858,22 @@ void* ndpi_init_automa(void) { return(ac_automata_init(ac_match_handler)); } -int ndpi_add_string_to_automa(void *_automa, char *str) { +int ndpi_add_string_value_to_automa(void *_automa, char *str, unsigned long num) { AC_PATTERN_t ac_pattern; AC_AUTOMATA_t *automa = (AC_AUTOMATA_t*)_automa; if(automa == NULL) return(-1); ac_pattern.astring = str; - ac_pattern.rep.number = 1; /* Dummy */ + ac_pattern.rep.number = num; ac_pattern.length = strlen(ac_pattern.astring); return(ac_automata_add(automa, &ac_pattern) == ACERR_SUCCESS ? 0 : -1); } +int ndpi_add_string_to_automa(void *_automa, char *str) { + return(ndpi_add_string_value_to_automa(_automa, str, 1)); +} + void ndpi_free_automa(void *_automa) { ac_automata_release((AC_AUTOMATA_t*)_automa); } void ndpi_finalize_automa(void *_automa) { ac_automata_finalize((AC_AUTOMATA_t*)_automa); } @@ -1892,6 +1896,25 @@ int ndpi_match_string(void *_automa, char *string_to_match) { return(matching_protocol_id > 0 ? 0 : -1); } +/* ****************************************************** */ + +int ndpi_match_string_id(void *_automa, char *string_to_match, unsigned long *id) { + AC_TEXT_t ac_input_text; + AC_AUTOMATA_t *automa = (AC_AUTOMATA_t*)_automa; + + *id = 0; + if((automa == NULL) + || (string_to_match == NULL) + || (string_to_match[0] == '\0')) + return(-2); + + ac_input_text.astring = string_to_match, ac_input_text.length = strlen(string_to_match); + ac_automata_search(automa, &ac_input_text, (void*)&id); + ac_automata_reset(automa); + + return(*id > 0 ? *id : -1); +} + /* *********************************************** */ static void free_ptree_data(void *data) { ; } -- cgit v1.2.3 From 442adce51db0b3fd9fdfe9f80df9e3cb767414c1 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 1 May 2017 23:05:42 +0200 Subject: Fixed invalid ndpi_match_string_id() return code --- src/lib/ndpi_main.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index b318ce566..1ef83dcc7 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1913,17 +1913,17 @@ int ndpi_match_string_id(void *_automa, char *string_to_match, unsigned long *id AC_TEXT_t ac_input_text; AC_AUTOMATA_t *automa = (AC_AUTOMATA_t*)_automa; - *id = 0; + *id = -1; if((automa == NULL) || (string_to_match == NULL) || (string_to_match[0] == '\0')) return(-2); ac_input_text.astring = string_to_match, ac_input_text.length = strlen(string_to_match); - ac_automata_search(automa, &ac_input_text, (void*)&id); + ac_automata_search(automa, &ac_input_text, (void*)id); ac_automata_reset(automa); - return(*id > 0 ? *id : -1); + return(*id != -1 ? 0 : -1); } /* *********************************************** */ -- cgit v1.2.3 From 1af3d571d93c7baa8fd40322df775e98df01b402 Mon Sep 17 00:00:00 2001 From: Campus Date: Tue, 2 May 2017 16:50:25 +0200 Subject: fix for https://github.com/ntop/nDPI/issues/371 --- src/lib/third_party/src/ndpi_patricia.c | 1 + 1 file changed, 1 insertion(+) (limited to 'src') diff --git a/src/lib/third_party/src/ndpi_patricia.c b/src/lib/third_party/src/ndpi_patricia.c index 13ed71371..b37fffa97 100644 --- a/src/lib/third_party/src/ndpi_patricia.c +++ b/src/lib/third_party/src/ndpi_patricia.c @@ -769,6 +769,7 @@ ndpi_patricia_lookup (patricia_tree_t *patricia, prefix_t *prefix) } new_node = (patricia_node_t*)ndpi_calloc(1, sizeof *new_node); + if(!new_node) return NULL; new_node->bit = prefix->bitlen; new_node->prefix = ndpi_Ref_Prefix (prefix); new_node->parent = NULL; -- cgit v1.2.3 From cd26942edf5686455f051205e5c3454588d7409a Mon Sep 17 00:00:00 2001 From: Campus Date: Thu, 11 May 2017 15:48:12 +0200 Subject: delete check for old protocol --- src/lib/protocols/ssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c index 69f06e714..94f3ad7e3 100644 --- a/src/lib/protocols/ssl.c +++ b/src/lib/protocols/ssl.c @@ -358,7 +358,7 @@ static void ssl_mark_and_payload_search_for_other_protocols(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { -#if defined(NDPI_PROTOCOL_MEEBO)|| defined(NDPI_PROTOCOL_TOR) || defined(NDPI_PROTOCOL_VPN_X) || defined(NDPI_PROTOCOL_UNENCRYPTED_JABBER) || defined (NDPI_PROTOCOL_OSCAR) || defined (NDPI_PROTOCOL_ITUNES) || defined (NDPI_PROTOCOL_GMAIL) +#if defined(NDPI_PROTOCOL_TOR) || defined(NDPI_PROTOCOL_VPN_X) || defined(NDPI_PROTOCOL_UNENCRYPTED_JABBER) || defined (NDPI_PROTOCOL_OSCAR) || defined (NDPI_PROTOCOL_ITUNES) || defined (NDPI_PROTOCOL_GMAIL) struct ndpi_packet_struct *packet = &flow->packet; // struct ndpi_id_struct *src=flow->src; // struct ndpi_id_struct *dst=flow->dst; -- cgit v1.2.3 From 0a2cbe49267929a9a356003a249fc1111739478b Mon Sep 17 00:00:00 2001 From: Pavlos Antoniou Date: Wed, 17 May 2017 18:11:25 +0300 Subject: Fix buffer overflows in http.c --- src/lib/protocols/http.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 0b734fa84..44ca32cb4 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -633,7 +633,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct /* Check for additional field introduced by Facebook */ x = 1; while(packet->line[x].len != 0) { - if((memcmp(packet->line[x].ptr, "X-FB-SIM-HNI", 12)) == 0) { + if(packet->line[x].len >= 12 && (memcmp(packet->line[x].ptr, "X-FB-SIM-HNI", 12)) == 0) { ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_FACEBOOK); check_content_type_and_change_protocol(ndpi_struct, flow); return; @@ -644,7 +644,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct /* check PPStream protocol or iQiyi service (iqiyi is delivered by ppstream) */ // substring in url - if(strstr((const char*) &packet->payload[filename_start], "iqiyi.com") != NULL) { + if(ndpi_strnstr((const char*) &packet->payload[filename_start], "iqiyi.com", (packet->payload_packet_len - filename_start)) != NULL) { if(kxun_counter == 0) { flow->l4.tcp.ppstream_stage++; iqiyi_counter++; @@ -654,7 +654,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct } // additional field in http payload x = 1; - while(packet->line[x].len != 0) { + while((packet->line[x].len >= 4) && (packet->line[x+1].len >= 5) && (packet->line[x+2].len >= 10)) { if(packet->line[x].ptr && ((memcmp(packet->line[x].ptr, "qyid", 4)) == 0) && packet->line[x+1].ptr && ((memcmp(packet->line[x+1].ptr, "qypid", 5)) == 0) && packet->line[x+2].ptr && ((memcmp(packet->line[x+2].ptr, "qyplatform", 10)) == 0) @@ -670,7 +670,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct /* Check for 1kxun packet */ int a; for (a = 0; a < packet->parsed_lines; a++) { - if((memcmp(packet->line[a].ptr, "Client-Source:", 14)) == 0) { + if(packet->line[a].len >= 14 && (memcmp(packet->line[a].ptr, "Client-Source:", 14)) == 0) { if((memcmp(packet->line[a].ptr+15, "1kxun", 5)) == 0) { kxun_counter++; check_content_type_and_change_protocol(ndpi_struct, flow); -- cgit v1.2.3 From ebb6d4499ae2ab9f474318fca08326609440e91c Mon Sep 17 00:00:00 2001 From: Campus Date: Wed, 17 May 2017 17:33:16 +0200 Subject: update Snapchat detection --- src/lib/ndpi_content_match.c.inc | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'src') diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 85cfc0ec9..8b326f6e5 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -7995,6 +7995,7 @@ ndpi_protocol_match host_match[] = { { ".speedtest.net", "Ookla", NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_ACCEPTABLE }, + { "google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".gstatic.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".googlesyndication.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, @@ -8095,6 +8096,8 @@ ndpi_protocol_match host_match[] = { { "feelinsonice.appspot.com", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, { "feelinsonice-hrd.appspot.com", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, { "feelinsonice.com", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".snapchat.", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".snapads.", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, /* Detected "instagram.c10r.facebook.com". Omitted "*amazonaws.com" and "*facebook.com" CDNs e.g. "ig-telegraph-shv-04-frc3.facebook.com" */ { ".cdninstagram.com", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, @@ -8113,6 +8116,7 @@ ndpi_protocol_match host_match[] = { { "i2-msdn.sec.s-msft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, { ".webtrends.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".msecnd.net", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "bing.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".visualstudio.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, { "bn1301.storage.live.com", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE,NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, -- cgit v1.2.3 From f4bba23ba79bef30957b67ad155d424d920421bc Mon Sep 17 00:00:00 2001 From: Pavlos Antoniou Date: Thu, 18 May 2017 10:42:23 +0300 Subject: use correct subscripts when checking IP array in ndpi_main.c --- src/lib/ndpi_main.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 1ef83dcc7..80ad78183 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -4277,8 +4277,8 @@ char *ndpi_get_ip_string(struct ndpi_detection_module_struct *ndpi_struct, #ifdef NDPI_DETECTION_SUPPORT_IPV6 if(ip->ipv6.u6_addr.u6_addr32[0] != 0 || ip->ipv6.u6_addr.u6_addr32[1] != 0 || - ip->ipv6.u6_addr.u6_addr32[1] != 0 || - ip->ipv6.u6_addr.u6_addr32[1] != 0) { + ip->ipv6.u6_addr.u6_addr32[2] != 0 || + ip->ipv6.u6_addr.u6_addr32[3] != 0) { const u_int16_t *b = ip->ipv6.u6_addr.u6_addr16; snprintf(ndpi_struct->ip_string, 32, "%x:%x:%x:%x:%x:%x:%x:%x", -- cgit v1.2.3 From 167732cae40fdfb8cb9fe2766f4671363f8672e6 Mon Sep 17 00:00:00 2001 From: Pavlos Antoniou Date: Thu, 18 May 2017 11:09:56 +0300 Subject: Check pointer for NULL before dereferencing --- src/lib/ndpi_main.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) (limited to 'src') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 80ad78183..040c54959 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -2955,17 +2955,19 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str u_int8_t l4protocol; u_int8_t l4_result; - /* reset payload_packet_len, will be set if ipv4 tcp or udp */ - flow->packet.payload_packet_len = 0; - flow->packet.l4_packet_len = 0; - flow->packet.l3_packet_len = packetlen; - - flow->packet.tcp = NULL; - flow->packet.udp = NULL; - flow->packet.generic_l4_ptr = NULL; + if (flow) { + /* reset payload_packet_len, will be set if ipv4 tcp or udp */ + flow->packet.payload_packet_len = 0; + flow->packet.l4_packet_len = 0; + flow->packet.l3_packet_len = packetlen; + + flow->packet.tcp = NULL; + flow->packet.udp = NULL; + flow->packet.generic_l4_ptr = NULL; #ifdef NDPI_DETECTION_SUPPORT_IPV6 - flow->packet.iphv6 = NULL; + flow->packet.iphv6 = NULL; #endif /* NDPI_DETECTION_SUPPORT_IPV6 */ + } if(flow) { ndpi_apply_flow_protocol_to_packet(flow, &flow->packet); -- cgit v1.2.3 From ec0e6f98d4c22f3b3a92282916e6416cf70dd173 Mon Sep 17 00:00:00 2001 From: Pavlos Antoniou Date: Thu, 18 May 2017 13:08:45 +0300 Subject: Remove redundant check from btlib.c --- src/lib/protocols/btlib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/lib/protocols/btlib.c b/src/lib/protocols/btlib.c index 5685eb7e9..4d44198d1 100644 --- a/src/lib/protocols/btlib.c +++ b/src/lib/protocols/btlib.c @@ -396,7 +396,7 @@ void cb_data(bt_parse_data_cb_t *cbd,int *ret) { return; } - if(cbd->buf[0] == 'e' && !cbd->buf[0]) { + if(cbd->buf[0] == 'e') { p->e_msg = s; p->e_len = cbd->v.s.l; return; -- cgit v1.2.3 From d17ea73273eacf4044759fe4e563e96a8195ffdd Mon Sep 17 00:00:00 2001 From: Campus Date: Thu, 25 May 2017 17:13:43 +0200 Subject: update --- src/lib/ndpi_content_match.c.inc | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'src') diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 8b326f6e5..e5a5d68fb 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8148,6 +8148,11 @@ ndpi_protocol_match host_match[] = { { "evsecure-aia.verisign.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, { "evsecure-crl.verisign.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, { ".omniroot.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".microsoftonline.com", "office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".office365.com", "office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".office.com", "office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".msocsp.com", "office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".msocdn.com", "office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, /* http://www.urlquery.net/report.php?id=1453233646161 */ { "lifedom.top", "Cloudflare", NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, -- cgit v1.2.3 From 694bc039e85493786b2ff9049459748f43a0a233 Mon Sep 17 00:00:00 2001 From: William Guglielmo Date: Mon, 29 May 2017 19:09:32 +0200 Subject: Added tinc protocol detection --- src/include/ndpi_protocol_ids.h | 5 +- src/include/ndpi_protocols.h | 2 + src/include/ndpi_typedefs.h | 21 +++ src/lib/Makefile.am | 5 +- src/lib/ndpi_main.c | 14 +- src/lib/protocols/tinc.c | 160 +++++++++++++++++++++ src/lib/third_party/include/libcache.h | 105 ++++++++++++++ src/lib/third_party/src/libcache.c | 255 +++++++++++++++++++++++++++++++++ tests/pcap/tinc.pcap | Bin 0 -> 357387 bytes tests/result/tinc.pcap.out | 6 + 10 files changed, 567 insertions(+), 6 deletions(-) create mode 100644 src/lib/protocols/tinc.c create mode 100644 src/lib/third_party/include/libcache.h create mode 100644 src/lib/third_party/src/libcache.c create mode 100644 tests/pcap/tinc.pcap create mode 100644 tests/result/tinc.pcap.out (limited to 'src') diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 726736a06..4fce98b14 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -247,10 +247,7 @@ #define NDPI_PROTOCOL_SMPP 207 /* Damir Franusic */ #define NDPI_PROTOCOL_DNSCRYPT 208 - -/* 209 free */ -#define NDPI_PROTOCOL_FREE_209 209 - +#define NDPI_PROTOCOL_TINC 209 /* William Guglielmo */ #define NDPI_PROTOCOL_DEEZER 210 #define NDPI_PROTOCOL_INSTAGRAM 211 /* Andrea Buscarinu */ #define NDPI_PROTOCOL_MICROSOFT 212 diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index b3b4092b4..c0bce974e 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -196,6 +196,7 @@ void ndpi_search_drda(struct ndpi_detection_module_struct *ndpi_struct, struct n void ndpi_search_bjnp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_kxun(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_smpp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); +void ndpi_search_tinc(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); /* --- INIT FUNCTIONS --- */ void init_afp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_aimini_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); @@ -339,4 +340,5 @@ void init_drda_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int void init_bjnp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_kxun_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_smpp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); +void init_tinc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); #endif /* __NDPI_PROTOCOLS_H__ */ diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index e1fbeb71c..906268b62 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -25,6 +25,7 @@ #define __NDPI_TYPEDEFS_H__ #include "ndpi_define.h" +#include "../lib/third_party/include/libcache.h" #define BT_ANNOUNCE #define SNAP_EXT @@ -330,6 +331,18 @@ struct bt_announce { // 192 bytes }; #endif +#ifdef NDPI_PROTOCOL_TINC + +#define TINC_CACHE_MAX_SIZE 100 + +typedef struct { + u_int32_t src_address; + u_int32_t dst_address; + u_int16_t dst_port; +} tinc_cache_entry_t; + +#endif + typedef enum { HTTP_METHOD_UNKNOWN = 0, HTTP_METHOD_OPTIONS, @@ -877,6 +890,9 @@ struct ndpi_detection_module_struct { struct bt_announce *bt_ann; int bt_ann_len; #endif +#endif +#ifdef NDPI_PROTOCOL_TINC + cache_t *tinc_cache; #endif ndpi_proto_defaults_t proto_defaults[NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS]; @@ -1052,6 +1068,11 @@ struct ndpi_flow_struct { u_int8_t ovpn_session_id[8]; u_int8_t ovpn_counter; #endif +#ifdef NDPI_PROTOCOL_TINC + u_int8_t tinc_state; + tinc_cache_entry_t tinc_cache_entry; +#endif + /* internal structures to save functions calls */ struct ndpi_packet_struct packet; diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index 3770c9cfc..d3bd19264 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -158,13 +158,16 @@ libndpi_la_SOURCES = ndpi_content_match.c.inc \ protocols/zattoo.c \ protocols/zeromq.c \ protocols/smpp.c \ + protocols/tinc.c \ third_party/include/actypes.h \ third_party/include/ahocorasick.h \ third_party/include/ndpi_patricia.h \ third_party/include/node.h \ third_party/include/sort.h \ + third_party/include/libcache.h \ third_party/src/ahocorasick.c \ third_party/src/node.c \ - third_party/src/sort.c + third_party/src/sort.c \ + third_party/src/libcache.c EXTRA_DIST = third_party/src/ndpi_patricia.c diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 040c54959..ef6393877 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1621,9 +1621,13 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "DNScrypt", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_TINC, + no_master, + no_master, "TINC", NDPI_PROTOCOL_CATEGORY_VPN, + ndpi_build_default_ports(ports_a, 655, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 655, 0, 0, 0, 0) /* UDP */); /* To be removed as soon as we define new protocols */ - ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_209); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_217); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_224); @@ -1941,6 +1945,11 @@ void ndpi_exit_detection_module(struct ndpi_detection_module_struct *ndpi_struct ndpi_free(ndpi_struct->proto_defaults[i].protoName); } +#ifdef NDPI_PROTOCOL_TINC + if(ndpi_struct->tinc_cache) + cache_free(ndpi_struct->tinc_cache); +#endif + if(ndpi_struct->protocols_ptree) ndpi_Destroy_Patricia((patricia_tree_t*)ndpi_struct->protocols_ptree, free_ptree_data); @@ -2709,6 +2718,9 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* SMPP */ init_smpp_dissector(ndpi_struct, &a, detection_bitmask); + /* TINC */ + init_tinc_dissector(ndpi_struct, &a, detection_bitmask); + /*** Put false-positive sensitive protocols at the end ***/ /* SKYPE */ diff --git a/src/lib/protocols/tinc.c b/src/lib/protocols/tinc.c new file mode 100644 index 000000000..b25aff2e7 --- /dev/null +++ b/src/lib/protocols/tinc.c @@ -0,0 +1,160 @@ +/* + * tinc.c + * + * Copyright (C) 2017 - William Guglielmo + * Copyright (C) 2017 - ntop.org + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ + + +#include "ndpi_api.h" + +#ifdef NDPI_PROTOCOL_TINC + +static void ndpi_check_tinc(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) +{ + struct ndpi_packet_struct *packet = &flow->packet; + const u_int8_t *packet_payload = packet->payload; + u_int32_t payload_len = packet->payload_packet_len; + struct ndpi_id_struct *src = flow->src; + struct ndpi_id_struct *dst = flow->dst; + + if(packet->udp != NULL) { + if(ndpi_struct->tinc_cache != NULL) { + tinc_cache_entry_t tinc_cache_entry1 = { + .src_address = packet->iph->saddr, + .dst_address = packet->iph->daddr, + .dst_port = packet->udp->dest + }; + + tinc_cache_entry_t tinc_cache_entry2 = { + .src_address = packet->iph->daddr, + .dst_address = packet->iph->saddr, + .dst_port = packet->udp->source + }; + + if( cache_remove(ndpi_struct->tinc_cache, &tinc_cache_entry1, sizeof(tinc_cache_entry1)) == CACHE_NO_ERROR || + cache_remove(ndpi_struct->tinc_cache, &tinc_cache_entry2, sizeof(tinc_cache_entry2)) == CACHE_NO_ERROR) + { + cache_remove(ndpi_struct->tinc_cache, &tinc_cache_entry1, sizeof(tinc_cache_entry1)); + cache_remove(ndpi_struct->tinc_cache, &tinc_cache_entry2, sizeof(tinc_cache_entry2)); + + // cache_free(ndpi_struct->tinc_cache); + + NDPI_LOG(NDPI_PROTOCOL_TINC, ndpi_struct, NDPI_LOG_DEBUG, "Found tinc udp connection\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TINC, NDPI_PROTOCOL_UNKNOWN); + } + } + + return; + + } + else if(packet->tcp != NULL) { + + if(payload_len == 0) { + if(packet->tcp->syn == 1 && packet->tcp->ack == 0) { + flow->tinc_cache_entry.src_address = packet->iph->saddr; + flow->tinc_cache_entry.dst_address = packet->iph->daddr; + flow->tinc_cache_entry.dst_port = packet->tcp->dest; + } + return; + } + + switch(flow->tinc_state) { + case 0: + case 1: + if(payload_len > 6 && memcmp(packet_payload, "0 ", 2) == 0 && packet_payload[2] != ' ') { + u_int16_t i = 3; + while(i < payload_len && packet_payload[i++] != ' '); + if(i+3 == payload_len && memcmp((packet_payload+i), "17\n", 3) == 0) { + flow->tinc_state++; + return; + } + } + break; + + case 2: + case 3: + if(payload_len > 11 && memcmp(packet_payload, "1 ", 2) == 0 && packet_payload[2] != ' ') { + u_int16_t i = 3; + u_int8_t numbers_left = 4; + while(numbers_left) { + while(packet_payload[i] >= '0' && packet_payload[i] <= '9') { + i++; + } + + if(packet_payload[i++] == ' ') { + numbers_left--; + } + else break; + } + + if(numbers_left) break; + + while((packet_payload[i] >= '0' && packet_payload[i] <= '9') || + (packet_payload[i] >= 'A' && packet_payload[i] <= 'Z')) { + i++; + } + + if(packet_payload[i] == '\n') { + if(++flow->tinc_state > 3) { + if(ndpi_struct->tinc_cache == NULL) { + ndpi_struct->tinc_cache = cache_new(TINC_CACHE_MAX_SIZE); + } + + cache_add(ndpi_struct->tinc_cache, &(flow->tinc_cache_entry), sizeof(flow->tinc_cache_entry)); + + NDPI_LOG(NDPI_PROTOCOL_TINC, ndpi_struct, NDPI_LOG_DEBUG, "Found tinc tcp connection\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TINC, NDPI_PROTOCOL_UNKNOWN); + } + return; + } + } + break; + + default: break; + } + } + + NDPI_LOG(NDPI_PROTOCOL_TINC, ndpi_struct, NDPI_LOG_DEBUG, "exclude tinc.\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_TINC); +} + +void ndpi_search_tinc(struct ndpi_detection_module_struct* ndpi_struct, struct ndpi_flow_struct* flow) { + struct ndpi_packet_struct* packet = &flow->packet; + + NDPI_LOG(NDPI_PROTOCOL_TINC, ndpi_struct, NDPI_LOG_DEBUG, "tinc detection...\n"); + + if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_TINC) { + if (packet->tcp_retransmission == 0) { + ndpi_check_tinc(ndpi_struct, flow); + } + } +} + +void init_tinc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +{ + ndpi_set_bitmask_protocol_detection("TINC", ndpi_struct, detection_bitmask, *id, + NDPI_PROTOCOL_TINC, + ndpi_search_tinc, + NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, + ADD_TO_DETECTION_BITMASK); + + *id += 1; +} + +#endif diff --git a/src/lib/third_party/include/libcache.h b/src/lib/third_party/include/libcache.h new file mode 100644 index 000000000..f959b3a9c --- /dev/null +++ b/src/lib/third_party/include/libcache.h @@ -0,0 +1,105 @@ +#ifndef __LIBCACHE_H__ +#define __LIBCACHE_H__ + +#include + + +/* Codes representing the result of some functions */ +typedef enum { + CACHE_NO_ERROR = 0, + CACHE_CONTAINS_FALSE = 0, + CACHE_CONTAINS_TRUE, + CACHE_INVALID_INPUT, + CACHE_REMOVE_NOT_FOUND, + CACHE_MALLOC_ERROR +} cache_result; + +/* CACHE_T */ +typedef struct cache_t cache_t; + +/* CACHE_ENTRY */ +typedef struct cache_entry cache_entry; + +/* CACHE_ENTRY_MAP */ +typedef struct cache_entry_map cache_entry_map; + + +/* STRUCT CACHE_T */ +struct cache_t { + uint32_t size; + uint32_t max_size; + cache_entry *head; + cache_entry *tail; + cache_entry_map **map; +}; + +/* STRUCT CACHE_ENTRY */ +struct cache_entry_map { + cache_entry *entry; + cache_entry_map *next; +}; + +/* STRUCT CACHE_ENTRY_MAP */ +struct cache_entry { + void *item; + uint32_t item_size; + cache_entry *prev; + cache_entry *next; +}; + + +/** + * Returns a new cache_t + * + * @par cache_max_size = max number of item that the new cache_t can contain + * @return a new cache_t, or NULL if an error occurred + * + */ +cache_t *cache_new(uint32_t cache_max_size); + + +/** + * Add an item in the specified cache_t + * + * @par cache = the cache_t + * @par item = pointer to the item to add + * @par item_size = size of the item + * @return a code representing the result of the function + * + */ +cache_result cache_add(cache_t *cache, void *item, uint32_t item_size); + + +/** + * Check if an item is in the specified cache_t + * + * @par cache = the cache_t + * @par item = pointer to the item to check + * @par item_size = size of the item + * @return a code representing the result of the function + * + */ +cache_result cache_contains(cache_t *cache, void *item, uint32_t item_size); + + +/** + * Remove an item in the specified cache_t + * + * @par cache = the cache_t + * @par item = pointer to the item to remove + * @par item_size = size of the item + * @return a code representing the result of the function + * + */ +cache_result cache_remove(cache_t *cache, void *item, uint32_t item_size); + +/** + * Free the specified cache_t + * + * @par alist = the cache + * + */ +void cache_free(cache_t *cache); + + +#endif diff --git a/src/lib/third_party/src/libcache.c b/src/lib/third_party/src/libcache.c new file mode 100644 index 000000000..dc4bf9460 --- /dev/null +++ b/src/lib/third_party/src/libcache.c @@ -0,0 +1,255 @@ +#include +#include +#include +#include + +#include "libcache.h" + + +// https://en.wikipedia.org/wiki/Jenkins_hash_function +uint32_t jenkins_one_at_a_time_hash(const uint8_t* key, size_t length) { + size_t i = 0; + uint32_t hash = 0; + while (i != length) { + hash += key[i++]; + hash += hash << 10; + hash ^= hash >> 6; + } + hash += hash << 3; + hash ^= hash >> 11; + hash += hash << 15; + return hash; +} + +cache_entry_map *cache_entry_map_new() { + return (cache_entry_map *) calloc(sizeof(cache_entry_map), 1); +} +cache_entry *cache_entry_new() { + return (cache_entry *) calloc(sizeof(cache_entry), 1); +} + +cache_t *cache_new(uint32_t cache_max_size) { + if(!cache_max_size) { + return NULL; + } + + cache_t *cache = (cache_t *) calloc(sizeof(cache_t), 1); + if(!cache) { + return NULL; + } + + cache->size = 0; + cache->max_size = cache_max_size; + + cache->map = (cache_entry_map **) calloc(sizeof(cache_entry_map *), cache->max_size); + + if(!cache->map) { + free(cache); + return NULL; + } + + return cache; +} + +cache_result cache_add(cache_t *cache, void *item, uint32_t item_size) { + if(!cache || !item || !item_size) { + return CACHE_INVALID_INPUT; + } + + uint32_t hash = jenkins_one_at_a_time_hash(item, item_size) % cache->max_size; + + if((cache->map)[hash]) { + cache_entry_map *hash_entry_map = cache->map[hash]; + while(hash_entry_map) { + if(item_size == hash_entry_map->entry->item_size && + !memcmp(hash_entry_map->entry->item, item, item_size)) { + break; + } + + hash_entry_map = hash_entry_map->next; + } + + if(hash_entry_map) { + cache_entry *entry = hash_entry_map->entry; + if(entry->prev) { + if(entry->next) { + entry->prev->next = entry->next; + entry->next->prev = entry->prev; + } else { + entry->prev->next = NULL; + cache->tail = entry->prev; + } + entry->prev = NULL; + entry->next = cache->head; + cache->head->prev = entry; + cache->head = entry; + } + + return CACHE_NO_ERROR; + } + } + + + cache_entry *entry = cache_entry_new(); + if(!entry) { + return CACHE_MALLOC_ERROR; + } + + cache_entry_map *map_entry = cache_entry_map_new(); + if(!map_entry) { + free(entry); + return CACHE_MALLOC_ERROR; + } + + + entry->item = malloc(item_size); + memcpy(entry->item, item, item_size); + entry->item_size = item_size; + + entry->prev = NULL; + entry->next = cache->head; + if(cache->head) cache->head->prev = entry; + cache->head = entry; + + map_entry->entry = entry; + map_entry->next = cache->map[hash]; + cache->map[hash] = map_entry; + + if(cache->max_size > cache->size) { + (cache->size)++; + if(cache->size == 1) { + cache->tail = entry; + } + } else { + cache_entry *tail = cache->tail; + + uint32_t hash = jenkins_one_at_a_time_hash(tail->item, tail->item_size) % cache->max_size; + if(cache->map[hash]) { + cache_entry_map *hash_entry_map_prev = NULL; + cache_entry_map *hash_entry_map = cache->map[hash]; + while(hash_entry_map) { + if(tail->item_size == hash_entry_map->entry->item_size && + !memcmp(tail->item, hash_entry_map->entry->item, item_size)) { + break; + } + + hash_entry_map_prev = hash_entry_map; + hash_entry_map = hash_entry_map->next; + } + + if(hash_entry_map_prev) { + hash_entry_map_prev->next = hash_entry_map->next; + } else { + cache->map[hash] = hash_entry_map->next; + } + + tail->prev->next = NULL; + cache->tail = tail->prev; + + free(tail->item); + free(tail); + free(hash_entry_map); + } + } + + return CACHE_NO_ERROR; +} + +cache_result cache_contains(cache_t *cache, void *item, uint32_t item_size) { + if(!cache || !item || !item_size) { + return CACHE_INVALID_INPUT; + } + + uint32_t hash = jenkins_one_at_a_time_hash(item, item_size) % cache->max_size; + + if(cache->map[hash]) { + cache_entry_map *hash_entry_map = cache->map[hash]; + while(hash_entry_map) { + if(item_size == hash_entry_map->entry->item_size && + !memcmp(hash_entry_map->entry->item, item, item_size)) { + return CACHE_CONTAINS_TRUE; + } + + hash_entry_map = hash_entry_map->next; + } + } + + return CACHE_CONTAINS_FALSE; +} + +cache_result cache_remove(cache_t *cache, void *item, uint32_t item_size) { + if(!cache || !item || !item_size) { + return CACHE_INVALID_INPUT; + } + + uint32_t hash = jenkins_one_at_a_time_hash(item, item_size) % cache->max_size; + + if(cache->map[hash]) { + cache_entry_map *hash_entry_map_prev = NULL; + cache_entry_map *hash_entry_map = cache->map[hash]; + while(hash_entry_map) { + if(item_size == hash_entry_map->entry->item_size && + !memcmp(hash_entry_map->entry->item, item, item_size)) { + break; + } + + hash_entry_map_prev = hash_entry_map; + hash_entry_map = hash_entry_map->next; + } + + if(hash_entry_map) { + + if(hash_entry_map_prev) { + hash_entry_map_prev->next = hash_entry_map->next; + } else { + cache->map[hash] = hash_entry_map->next; + } + + cache_entry *entry = hash_entry_map->entry; + + if(entry->prev) { + entry->prev->next = entry->next; + } else { + cache->head = entry->next; + } + if(entry->next) { + entry->next->prev = entry->prev; + } else { + cache->tail = entry->prev; + } + + free(entry->item); + free(entry); + free(hash_entry_map); + + (cache->size)--; + return CACHE_NO_ERROR; + } + } + + return CACHE_REMOVE_NOT_FOUND; +} + +void cache_free(cache_t *cache) { + if(!cache) { + return; + } + + int i; + for(i = 0; i < cache->max_size; i++) { + cache_entry_map *prev = NULL; + cache_entry_map *curr = cache->map[i]; + while(curr) { + prev = curr; + curr = curr->next; + free(prev->entry->item); + free(prev->entry); + free(prev); + } + } + + free(cache->map); + free(cache); + + return; +} diff --git a/tests/pcap/tinc.pcap b/tests/pcap/tinc.pcap new file mode 100644 index 000000000..d6f1d24ce Binary files /dev/null and b/tests/pcap/tinc.pcap differ diff --git a/tests/result/tinc.pcap.out b/tests/result/tinc.pcap.out new file mode 100644 index 000000000..cd9506709 --- /dev/null +++ b/tests/result/tinc.pcap.out @@ -0,0 +1,6 @@ +TINC 317 352291 4 + + 1 TCP 131.114.168.27:59244 <-> 185.83.218.112:55655 [proto: 209/TINC][15 pkts/3169 bytes <-> 11 pkts/2932 bytes] + 2 TCP 131.114.168.27:49290 <-> 185.83.218.112:55656 [proto: 209/TINC][14 pkts/3812 bytes <-> 13 pkts/3098 bytes] + 3 UDP 131.114.168.27:55655 <-> 185.83.218.112:55655 [proto: 209/TINC][101 pkts/136966 bytes <-> 29 pkts/32550 bytes] + 4 UDP 185.83.218.112:55656 <-> 131.114.168.27:55656 [proto: 209/TINC][29 pkts/30038 bytes <-> 105 pkts/139726 bytes] -- cgit v1.2.3 From 46284e1537906ba1b268979bb8f8ae0788219746 Mon Sep 17 00:00:00 2001 From: William Guglielmo Date: Mon, 29 May 2017 21:30:30 +0200 Subject: Update ndpi_typedefs.h --- src/include/ndpi_typedefs.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 906268b62..3e31c3807 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -333,7 +333,7 @@ struct bt_announce { // 192 bytes #ifdef NDPI_PROTOCOL_TINC -#define TINC_CACHE_MAX_SIZE 100 +#define TINC_CACHE_MAX_SIZE 10 typedef struct { u_int32_t src_address; -- cgit v1.2.3 From c5c417e526e55b802281257a7873839c7d3180d1 Mon Sep 17 00:00:00 2001 From: Luca Date: Tue, 30 May 2017 07:03:55 +0200 Subject: Snapchat is now detected as sociaal network --- src/lib/ndpi_content_match.c.inc | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'src') diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index e5a5d68fb..4fd04dac9 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8100,12 +8100,12 @@ ndpi_protocol_match host_match[] = { { ".snapads.", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, /* Detected "instagram.c10r.facebook.com". Omitted "*amazonaws.com" and "*facebook.com" CDNs e.g. "ig-telegraph-shv-04-frc3.facebook.com" */ - { ".cdninstagram.com", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - { "instagram.", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - { ".instagram.", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - { "igcdn-photos-", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - { "instagramimages-", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - { "instagramstatic-", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { ".cdninstagram.com", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "instagram.", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".instagram.", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "igcdn-photos-", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "instagramimages-", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "instagramstatic-", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { ".waze.com", "Waze", NDPI_PROTOCOL_WAZE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, -- cgit v1.2.3 From 4a751f9d05ba742313fc0a88b1b3962ee51dac7d Mon Sep 17 00:00:00 2001 From: William Guglielmo Date: Tue, 30 May 2017 19:17:41 +0200 Subject: Updated libcache --- src/include/ndpi_typedefs.h | 2 +- src/lib/third_party/include/libcache.h | 84 +++++++++------------- src/lib/third_party/src/libcache.c | 123 ++++++++++++++++++++++----------- src/lib/third_party/src/test.c | 71 +++++++++++++++++++ 4 files changed, 186 insertions(+), 94 deletions(-) create mode 100644 src/lib/third_party/src/test.c (limited to 'src') diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 3e31c3807..0bede5cb2 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -892,7 +892,7 @@ struct ndpi_detection_module_struct { #endif #endif #ifdef NDPI_PROTOCOL_TINC - cache_t *tinc_cache; + cache_t tinc_cache; #endif ndpi_proto_defaults_t proto_defaults[NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS]; diff --git a/src/lib/third_party/include/libcache.h b/src/lib/third_party/include/libcache.h index f959b3a9c..1f240854f 100644 --- a/src/lib/third_party/include/libcache.h +++ b/src/lib/third_party/include/libcache.h @@ -1,65 +1,45 @@ -#ifndef __LIBCACHE_H__ -#define __LIBCACHE_H__ - -#include - - -/* Codes representing the result of some functions */ -typedef enum { - CACHE_NO_ERROR = 0, - CACHE_CONTAINS_FALSE = 0, - CACHE_CONTAINS_TRUE, - CACHE_INVALID_INPUT, - CACHE_REMOVE_NOT_FOUND, - CACHE_MALLOC_ERROR -} cache_result; - -/* CACHE_T */ -typedef struct cache_t cache_t; +/** + * @file libcache.h + * @author William Guglielmo + * @brief File containing header of cache_t type. + * + */ -/* CACHE_ENTRY */ -typedef struct cache_entry cache_entry; -/* CACHE_ENTRY_MAP */ -typedef struct cache_entry_map cache_entry_map; +#ifndef __DESELMO_LIBCACHE_H__ +#define __DESELMO_LIBCACHE_H__ +#include -/* STRUCT CACHE_T */ -struct cache_t { - uint32_t size; - uint32_t max_size; - cache_entry *head; - cache_entry *tail; - cache_entry_map **map; -}; +/** + * @brief Codes representing the result of some functions + * + */ +typedef enum cache_result { + CACHE_NO_ERROR = 0, /**< Returned by a function if no error occurs. */ + CACHE_CONTAINS_FALSE = 0, /**< Returned by function cache_contains if item is not present. */ + CACHE_CONTAINS_TRUE, /**< Returned by function cache_contains if item is present. */ + CACHE_INVALID_INPUT, /**< Returned by a function if it is called with invalid input parameters. */ + CACHE_REMOVE_NOT_FOUND, /**< Returned by function cache_remove if item is not present. */ + CACHE_MALLOC_ERROR /**< Returned by a function if a malloc fail. */ +} cache_result; -/* STRUCT CACHE_ENTRY */ -struct cache_entry_map { - cache_entry *entry; - cache_entry_map *next; -}; -/* STRUCT CACHE_ENTRY_MAP */ -struct cache_entry { - void *item; - uint32_t item_size; - cache_entry *prev; - cache_entry *next; -}; +typedef struct cache_t *cache_t; /** - * Returns a new cache_t + * @brief Returns a new cache_t * * @par cache_max_size = max number of item that the new cache_t can contain * @return a new cache_t, or NULL if an error occurred * */ -cache_t *cache_new(uint32_t cache_max_size); +cache_t cache_new(uint32_t cache_max_size); /** - * Add an item in the specified cache_t + * @brief Add an item in the specified cache_t * * @par cache = the cache_t * @par item = pointer to the item to add @@ -67,11 +47,11 @@ cache_t *cache_new(uint32_t cache_max_size); * @return a code representing the result of the function * */ -cache_result cache_add(cache_t *cache, void *item, uint32_t item_size); +cache_result cache_add(cache_t cache, void *item, uint32_t item_size); /** - * Check if an item is in the specified cache_t + * @brief Check if an item is in the specified cache_t * * @par cache = the cache_t * @par item = pointer to the item to check @@ -79,11 +59,11 @@ cache_result cache_add(cache_t *cache, void *item, uint32_t item_size); * @return a code representing the result of the function * */ -cache_result cache_contains(cache_t *cache, void *item, uint32_t item_size); +cache_result cache_contains(cache_t cache, void *item, uint32_t item_size); /** - * Remove an item in the specified cache_t + * @brief Remove an item in the specified cache_t * * @par cache = the cache_t * @par item = pointer to the item to remove @@ -91,15 +71,15 @@ cache_result cache_contains(cache_t *cache, void *item, uint32_t item_size); * @return a code representing the result of the function * */ -cache_result cache_remove(cache_t *cache, void *item, uint32_t item_size); +cache_result cache_remove(cache_t cache, void *item, uint32_t item_size); /** - * Free the specified cache_t + * @brief Free the specified cache_t * * @par alist = the cache * */ -void cache_free(cache_t *cache); +void cache_free(cache_t cache); #endif diff --git a/src/lib/third_party/src/libcache.c b/src/lib/third_party/src/libcache.c index dc4bf9460..d5545beae 100644 --- a/src/lib/third_party/src/libcache.c +++ b/src/lib/third_party/src/libcache.c @@ -1,3 +1,11 @@ +/** + * @file libcache.c + * @author William Guglielmo + * @brief File containing implementation of cache_t type. + * + */ + + #include #include #include @@ -7,6 +15,7 @@ // https://en.wikipedia.org/wiki/Jenkins_hash_function +#define HASH_FUNCTION jenkins_one_at_a_time_hash uint32_t jenkins_one_at_a_time_hash(const uint8_t* key, size_t length) { size_t i = 0; uint32_t hash = 0; @@ -21,19 +30,62 @@ uint32_t jenkins_one_at_a_time_hash(const uint8_t* key, size_t length) { return hash; } -cache_entry_map *cache_entry_map_new() { - return (cache_entry_map *) calloc(sizeof(cache_entry_map), 1); + +typedef struct cache_entry *cache_entry; + +typedef struct cache_entry_map *cache_entry_map; + +struct cache_t { + uint32_t size; + uint32_t max_size; + cache_entry head; + cache_entry tail; + cache_entry_map *map; +}; + +struct cache_entry_map { + cache_entry entry; + cache_entry_map next; +}; + +struct cache_entry { + void *item; + uint32_t item_size; + cache_entry prev; + cache_entry next; +}; + + +void cache_touch_entry(cache_t cache, cache_entry entry) { + if(entry->prev) { + if(entry->next) { + entry->prev->next = entry->next; + entry->next->prev = entry->prev; + } else { + entry->prev->next = NULL; + cache->tail = entry->prev; + } + entry->prev = NULL; + entry->next = cache->head; + cache->head->prev = entry; + cache->head = entry; + } +} + + +cache_entry cache_entry_new() { + return (cache_entry) calloc(sizeof(struct cache_entry), 1); } -cache_entry *cache_entry_new() { - return (cache_entry *) calloc(sizeof(cache_entry), 1); +cache_entry_map cache_entry_map_new() { + return (cache_entry_map) calloc(sizeof(struct cache_entry_map), 1); } -cache_t *cache_new(uint32_t cache_max_size) { +cache_t cache_new(uint32_t cache_max_size) { if(!cache_max_size) { return NULL; } - cache_t *cache = (cache_t *) calloc(sizeof(cache_t), 1); + cache_t cache = (cache_t) calloc(sizeof(struct cache_t), 1); if(!cache) { return NULL; } @@ -41,7 +93,7 @@ cache_t *cache_new(uint32_t cache_max_size) { cache->size = 0; cache->max_size = cache_max_size; - cache->map = (cache_entry_map **) calloc(sizeof(cache_entry_map *), cache->max_size); + cache->map = (cache_entry_map *) calloc(sizeof(cache_entry_map ), cache->max_size); if(!cache->map) { free(cache); @@ -51,15 +103,15 @@ cache_t *cache_new(uint32_t cache_max_size) { return cache; } -cache_result cache_add(cache_t *cache, void *item, uint32_t item_size) { +cache_result cache_add(cache_t cache, void *item, uint32_t item_size) { if(!cache || !item || !item_size) { return CACHE_INVALID_INPUT; } - uint32_t hash = jenkins_one_at_a_time_hash(item, item_size) % cache->max_size; + uint32_t hash = HASH_FUNCTION(item, item_size) % cache->max_size; if((cache->map)[hash]) { - cache_entry_map *hash_entry_map = cache->map[hash]; + cache_entry_map hash_entry_map = cache->map[hash]; while(hash_entry_map) { if(item_size == hash_entry_map->entry->item_size && !memcmp(hash_entry_map->entry->item, item, item_size)) { @@ -70,32 +122,19 @@ cache_result cache_add(cache_t *cache, void *item, uint32_t item_size) { } if(hash_entry_map) { - cache_entry *entry = hash_entry_map->entry; - if(entry->prev) { - if(entry->next) { - entry->prev->next = entry->next; - entry->next->prev = entry->prev; - } else { - entry->prev->next = NULL; - cache->tail = entry->prev; - } - entry->prev = NULL; - entry->next = cache->head; - cache->head->prev = entry; - cache->head = entry; - } + cache_touch_entry(cache, hash_entry_map->entry); return CACHE_NO_ERROR; } } - cache_entry *entry = cache_entry_new(); + cache_entry entry = cache_entry_new(); if(!entry) { return CACHE_MALLOC_ERROR; } - cache_entry_map *map_entry = cache_entry_map_new(); + cache_entry_map map_entry = cache_entry_map_new(); if(!map_entry) { free(entry); return CACHE_MALLOC_ERROR; @@ -121,12 +160,12 @@ cache_result cache_add(cache_t *cache, void *item, uint32_t item_size) { cache->tail = entry; } } else { - cache_entry *tail = cache->tail; + cache_entry tail = cache->tail; - uint32_t hash = jenkins_one_at_a_time_hash(tail->item, tail->item_size) % cache->max_size; + uint32_t hash = HASH_FUNCTION(tail->item, tail->item_size) % cache->max_size; if(cache->map[hash]) { - cache_entry_map *hash_entry_map_prev = NULL; - cache_entry_map *hash_entry_map = cache->map[hash]; + cache_entry_map hash_entry_map_prev = NULL; + cache_entry_map hash_entry_map = cache->map[hash]; while(hash_entry_map) { if(tail->item_size == hash_entry_map->entry->item_size && !memcmp(tail->item, hash_entry_map->entry->item, item_size)) { @@ -155,18 +194,20 @@ cache_result cache_add(cache_t *cache, void *item, uint32_t item_size) { return CACHE_NO_ERROR; } -cache_result cache_contains(cache_t *cache, void *item, uint32_t item_size) { +cache_result cache_contains(cache_t cache, void *item, uint32_t item_size) { if(!cache || !item || !item_size) { return CACHE_INVALID_INPUT; } - uint32_t hash = jenkins_one_at_a_time_hash(item, item_size) % cache->max_size; + uint32_t hash = HASH_FUNCTION(item, item_size) % cache->max_size; if(cache->map[hash]) { - cache_entry_map *hash_entry_map = cache->map[hash]; + cache_entry_map hash_entry_map = cache->map[hash]; while(hash_entry_map) { if(item_size == hash_entry_map->entry->item_size && !memcmp(hash_entry_map->entry->item, item, item_size)) { + cache_touch_entry(cache, hash_entry_map->entry); + return CACHE_CONTAINS_TRUE; } @@ -177,16 +218,16 @@ cache_result cache_contains(cache_t *cache, void *item, uint32_t item_size) { return CACHE_CONTAINS_FALSE; } -cache_result cache_remove(cache_t *cache, void *item, uint32_t item_size) { +cache_result cache_remove(cache_t cache, void *item, uint32_t item_size) { if(!cache || !item || !item_size) { return CACHE_INVALID_INPUT; } - uint32_t hash = jenkins_one_at_a_time_hash(item, item_size) % cache->max_size; + uint32_t hash = HASH_FUNCTION(item, item_size) % cache->max_size; if(cache->map[hash]) { - cache_entry_map *hash_entry_map_prev = NULL; - cache_entry_map *hash_entry_map = cache->map[hash]; + cache_entry_map hash_entry_map_prev = NULL; + cache_entry_map hash_entry_map = cache->map[hash]; while(hash_entry_map) { if(item_size == hash_entry_map->entry->item_size && !memcmp(hash_entry_map->entry->item, item, item_size)) { @@ -205,7 +246,7 @@ cache_result cache_remove(cache_t *cache, void *item, uint32_t item_size) { cache->map[hash] = hash_entry_map->next; } - cache_entry *entry = hash_entry_map->entry; + cache_entry entry = hash_entry_map->entry; if(entry->prev) { entry->prev->next = entry->next; @@ -230,15 +271,15 @@ cache_result cache_remove(cache_t *cache, void *item, uint32_t item_size) { return CACHE_REMOVE_NOT_FOUND; } -void cache_free(cache_t *cache) { +void cache_free(cache_t cache) { if(!cache) { return; } int i; for(i = 0; i < cache->max_size; i++) { - cache_entry_map *prev = NULL; - cache_entry_map *curr = cache->map[i]; + cache_entry_map prev = NULL; + cache_entry_map curr = cache->map[i]; while(curr) { prev = curr; curr = curr->next; diff --git a/src/lib/third_party/src/test.c b/src/lib/third_party/src/test.c new file mode 100644 index 000000000..63097fcc3 --- /dev/null +++ b/src/lib/third_party/src/test.c @@ -0,0 +1,71 @@ +#include +#include +#include + +#include "libcache.h" + + +int main() { + cache_t cache = cache_new(3); + long e; + + e = 0; + assert(cache_add(cache, &e, sizeof(e)) == CACHE_NO_ERROR); + assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); + assert(cache_remove(cache, &e, sizeof(e)) == CACHE_NO_ERROR); + assert(cache_remove(cache, &e, sizeof(e)) == CACHE_REMOVE_NOT_FOUND); + assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_FALSE); + assert(cache_add(cache, &e, sizeof(e)) == CACHE_NO_ERROR); + assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); + e = 1; + assert(cache_add(cache, &e, sizeof(e)) == CACHE_NO_ERROR); + assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); + e = 2; + assert(cache_add(cache, &e, sizeof(e)) == CACHE_NO_ERROR); + assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); + e = 3; + assert(cache_add(cache, &e, sizeof(e)) == CACHE_NO_ERROR); + assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); + e = 0; + assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_FALSE); + e = 1; + assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); + e = 2; + assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); + e = 3; + assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); + e = 1; + assert(cache_add(cache, &e, sizeof(e)) == CACHE_NO_ERROR); + e = 4; + assert(cache_add(cache, &e, sizeof(e)) == CACHE_NO_ERROR); + e = 0; + assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_FALSE); + e = 1; + assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); + e = 2; + assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_FALSE); + e = 3; + assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); + e = 4; + assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); + // e = 5; + // assert(cache_add(cache, &e, sizeof(e)) == CACHE_NO_ERROR); + // e = 1; + // assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_FALSE); + + for(e = 0; e < 1000; e++) { + assert(cache_add(cache, &e, sizeof(e)) == CACHE_NO_ERROR); + assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); + } + for(e = 0; e < 997; e++) { + assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_FALSE); + } + for(e = 997; e < 1000; e++) { + assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); + } + + cache_free(cache); + + puts("OK"); + return 0; +} -- cgit v1.2.3 From b08fbe46c0e72ad858655eadc24c7674c495dc06 Mon Sep 17 00:00:00 2001 From: William Guglielmo Date: Tue, 30 May 2017 21:04:57 +0200 Subject: Delete test.c --- src/lib/third_party/src/test.c | 71 ------------------------------------------ 1 file changed, 71 deletions(-) delete mode 100644 src/lib/third_party/src/test.c (limited to 'src') diff --git a/src/lib/third_party/src/test.c b/src/lib/third_party/src/test.c deleted file mode 100644 index 63097fcc3..000000000 --- a/src/lib/third_party/src/test.c +++ /dev/null @@ -1,71 +0,0 @@ -#include -#include -#include - -#include "libcache.h" - - -int main() { - cache_t cache = cache_new(3); - long e; - - e = 0; - assert(cache_add(cache, &e, sizeof(e)) == CACHE_NO_ERROR); - assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); - assert(cache_remove(cache, &e, sizeof(e)) == CACHE_NO_ERROR); - assert(cache_remove(cache, &e, sizeof(e)) == CACHE_REMOVE_NOT_FOUND); - assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_FALSE); - assert(cache_add(cache, &e, sizeof(e)) == CACHE_NO_ERROR); - assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); - e = 1; - assert(cache_add(cache, &e, sizeof(e)) == CACHE_NO_ERROR); - assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); - e = 2; - assert(cache_add(cache, &e, sizeof(e)) == CACHE_NO_ERROR); - assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); - e = 3; - assert(cache_add(cache, &e, sizeof(e)) == CACHE_NO_ERROR); - assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); - e = 0; - assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_FALSE); - e = 1; - assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); - e = 2; - assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); - e = 3; - assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); - e = 1; - assert(cache_add(cache, &e, sizeof(e)) == CACHE_NO_ERROR); - e = 4; - assert(cache_add(cache, &e, sizeof(e)) == CACHE_NO_ERROR); - e = 0; - assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_FALSE); - e = 1; - assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); - e = 2; - assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_FALSE); - e = 3; - assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); - e = 4; - assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); - // e = 5; - // assert(cache_add(cache, &e, sizeof(e)) == CACHE_NO_ERROR); - // e = 1; - // assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_FALSE); - - for(e = 0; e < 1000; e++) { - assert(cache_add(cache, &e, sizeof(e)) == CACHE_NO_ERROR); - assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); - } - for(e = 0; e < 997; e++) { - assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_FALSE); - } - for(e = 997; e < 1000; e++) { - assert(cache_contains(cache, &e, sizeof(e)) == CACHE_CONTAINS_TRUE); - } - - cache_free(cache); - - puts("OK"); - return 0; -} -- cgit v1.2.3 From 22b7b407c32dfa7fedb017b64d4a8e2905a483b4 Mon Sep 17 00:00:00 2001 From: cardigliano Date: Thu, 1 Jun 2017 18:13:31 +0200 Subject: compilation fix --- src/lib/third_party/include/libcache.h | 2 +- src/lib/third_party/src/libcache.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/lib/third_party/include/libcache.h b/src/lib/third_party/include/libcache.h index 1f240854f..da3e9411f 100644 --- a/src/lib/third_party/include/libcache.h +++ b/src/lib/third_party/include/libcache.h @@ -25,7 +25,7 @@ typedef enum cache_result { } cache_result; -typedef struct cache_t *cache_t; +typedef struct cache *cache_t; /** diff --git a/src/lib/third_party/src/libcache.c b/src/lib/third_party/src/libcache.c index d5545beae..bc16d37dc 100644 --- a/src/lib/third_party/src/libcache.c +++ b/src/lib/third_party/src/libcache.c @@ -35,7 +35,7 @@ typedef struct cache_entry *cache_entry; typedef struct cache_entry_map *cache_entry_map; -struct cache_t { +struct cache { uint32_t size; uint32_t max_size; cache_entry head; @@ -85,7 +85,7 @@ cache_t cache_new(uint32_t cache_max_size) { return NULL; } - cache_t cache = (cache_t) calloc(sizeof(struct cache_t), 1); + cache_t cache = (cache_t) calloc(sizeof(struct cache), 1); if(!cache) { return NULL; } -- cgit v1.2.3 From e1b5b54c4c5c61e206d01eb3872a39a9ba7c3b25 Mon Sep 17 00:00:00 2001 From: William Guglielmo Date: Fri, 2 Jun 2017 00:29:04 +0200 Subject: Update license libcache --- src/lib/third_party/include/libcache.h | 24 +++++++++++++++++++++--- src/lib/third_party/src/libcache.c | 24 +++++++++++++++++++++--- 2 files changed, 42 insertions(+), 6 deletions(-) (limited to 'src') diff --git a/src/lib/third_party/include/libcache.h b/src/lib/third_party/include/libcache.h index 1f240854f..fa1675f14 100644 --- a/src/lib/third_party/include/libcache.h +++ b/src/lib/third_party/include/libcache.h @@ -1,7 +1,25 @@ /** - * @file libcache.h - * @author William Guglielmo - * @brief File containing header of cache_t type. + * libcache.h + * +Copyright (c) 2017 William Guglielmo + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. * */ diff --git a/src/lib/third_party/src/libcache.c b/src/lib/third_party/src/libcache.c index d5545beae..11af22284 100644 --- a/src/lib/third_party/src/libcache.c +++ b/src/lib/third_party/src/libcache.c @@ -1,7 +1,25 @@ /** - * @file libcache.c - * @author William Guglielmo - * @brief File containing implementation of cache_t type. + * libcache.c + * +Copyright (c) 2017 William Guglielmo + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. * */ -- cgit v1.2.3 From 6b5f640849b510e1f5137b8a6e2fb7d707cebaa1 Mon Sep 17 00:00:00 2001 From: Campus Date: Fri, 2 Jun 2017 20:10:05 +0200 Subject: improved spotify detection --- src/lib/ndpi_content_match.c.inc | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src') diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 4fd04dac9..9072fab19 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8070,6 +8070,8 @@ ndpi_protocol_match host_match[] = { { ".vevo.com", "Vevo", NDPI_PROTOCOL_VEVO, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { ".spotify.", "Spotify", NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "audio-fa.scdn.co", "Spotify", NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".pandora.com", "Pandora", NDPI_PROTOCOL_PANDORA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, -- cgit v1.2.3 From 1467ad68d4077ea440be81bfa19c7032695c5a94 Mon Sep 17 00:00:00 2001 From: Pavlos Antoniou Date: Wed, 7 Jun 2017 11:18:38 +0200 Subject: Remove unused variables for ndpiReader.c and tinc.c --- example/ndpiReader.c | 1 - src/lib/protocols/tinc.c | 2 -- 2 files changed, 3 deletions(-) (limited to 'src') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 142c1d5d1..337110d32 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1288,7 +1288,6 @@ static int getTopStats(struct top_stats **topStats, struct port_stats *stats, u_ struct top_stats *s; struct port_stats *sp, *tmp; struct info_pair inf; - float pkt_burst; u_int64_t total_ip_addrs = 0; /* stats are ordered by packet number */ diff --git a/src/lib/protocols/tinc.c b/src/lib/protocols/tinc.c index b25aff2e7..a69d18759 100644 --- a/src/lib/protocols/tinc.c +++ b/src/lib/protocols/tinc.c @@ -29,8 +29,6 @@ static void ndpi_check_tinc(struct ndpi_detection_module_struct *ndpi_struct, st struct ndpi_packet_struct *packet = &flow->packet; const u_int8_t *packet_payload = packet->payload; u_int32_t payload_len = packet->payload_packet_len; - struct ndpi_id_struct *src = flow->src; - struct ndpi_id_struct *dst = flow->dst; if(packet->udp != NULL) { if(ndpi_struct->tinc_cache != NULL) { -- cgit v1.2.3 From 39dc99443cf60c2daa859d77c59b811a4aad4243 Mon Sep 17 00:00:00 2001 From: Campus Date: Wed, 7 Jun 2017 18:18:12 +0200 Subject: added GoogleDrive detection --- src/include/ndpi_protocol_ids.h | 93 ++++++++++++++++++++-------------------- src/lib/ndpi_content_match.c.inc | 11 +++-- src/lib/ndpi_main.c | 1 - 3 files changed, 54 insertions(+), 51 deletions(-) (limited to 'src') diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 4fce98b14..c32613777 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -159,71 +159,71 @@ #define NDPI_PROTOCOL_TWITTER 120 #define NDPI_PROTOCOL_DROPBOX 121 #define NDPI_PROTOCOL_GMAIL 122 -#define NDPI_PROTOCOL_GOOGLE_MAPS 123 +#define NDPI_PROTOCOL_GOOGLE_MAPS 123 #define NDPI_PROTOCOL_YOUTUBE 124 #define NDPI_PROTOCOL_SKYPE 125 #define NDPI_PROTOCOL_GOOGLE 126 #define NDPI_PROTOCOL_DCERPC 127 #define NDPI_PROTOCOL_NETFLOW 128 #define NDPI_PROTOCOL_SFLOW 129 -#define NDPI_PROTOCOL_HTTP_CONNECT 130 -#define NDPI_PROTOCOL_HTTP_PROXY 131 -#define NDPI_PROTOCOL_CITRIX 132 -#define NDPI_PROTOCOL_NETFLIX 133 -#define NDPI_PROTOCOL_LASTFM 134 -#define NDPI_PROTOCOL_WAZE 135 +#define NDPI_PROTOCOL_HTTP_CONNECT 130 +#define NDPI_PROTOCOL_HTTP_PROXY 131 +#define NDPI_PROTOCOL_CITRIX 132 +#define NDPI_PROTOCOL_NETFLIX 133 +#define NDPI_PROTOCOL_LASTFM 134 +#define NDPI_PROTOCOL_WAZE 135 #define NDPI_PROTOCOL_SKYFILE_PREPAID 136 #define NDPI_PROTOCOL_SKYFILE_RUDICS 137 #define NDPI_PROTOCOL_SKYFILE_POSTPAID 138 #define NDPI_PROTOCOL_CITRIX_ONLINE 139 -#define NDPI_PROTOCOL_APPLE 140 -#define NDPI_PROTOCOL_WEBEX 141 -#define NDPI_PROTOCOL_WHATSAPP 142 +#define NDPI_PROTOCOL_APPLE 140 +#define NDPI_PROTOCOL_WEBEX 141 +#define NDPI_PROTOCOL_WHATSAPP 142 #define NDPI_PROTOCOL_APPLE_ICLOUD 143 -#define NDPI_PROTOCOL_VIBER 144 +#define NDPI_PROTOCOL_VIBER 144 #define NDPI_PROTOCOL_APPLE_ITUNES 145 -#define NDPI_PROTOCOL_RADIUS 146 +#define NDPI_PROTOCOL_RADIUS 146 #define NDPI_PROTOCOL_WINDOWS_UPDATE 147 #define NDPI_PROTOCOL_TEAMVIEWER 148 /* xplico.org */ -#define NDPI_PROTOCOL_TUENTI 149 +#define NDPI_PROTOCOL_TUENTI 149 #define NDPI_PROTOCOL_LOTUS_NOTES 150 -#define NDPI_PROTOCOL_SAP 151 -#define NDPI_PROTOCOL_GTP 152 -#define NDPI_PROTOCOL_UPNP 153 -#define NDPI_PROTOCOL_LLMNR 154 +#define NDPI_PROTOCOL_SAP 151 +#define NDPI_PROTOCOL_GTP 152 +#define NDPI_PROTOCOL_UPNP 153 +#define NDPI_PROTOCOL_LLMNR 154 #define NDPI_PROTOCOL_REMOTE_SCAN 155 -#define NDPI_PROTOCOL_SPOTIFY 156 -#define NDPI_CONTENT_WEBM 157 -#define NDPI_PROTOCOL_H323 158 /* Remy Mudingay */ -#define NDPI_PROTOCOL_OPENVPN 159 /* Remy Mudingay */ -#define NDPI_PROTOCOL_NOE 160 /* Remy Mudingay */ -#define NDPI_PROTOCOL_CISCOVPN 161 /* Remy Mudingay */ +#define NDPI_PROTOCOL_SPOTIFY 156 +#define NDPI_CONTENT_WEBM 157 +#define NDPI_PROTOCOL_H323 158 /* Remy Mudingay */ +#define NDPI_PROTOCOL_OPENVPN 159 /* Remy Mudingay */ +#define NDPI_PROTOCOL_NOE 160 /* Remy Mudingay */ +#define NDPI_PROTOCOL_CISCOVPN 161 /* Remy Mudingay */ #define NDPI_PROTOCOL_TEAMSPEAK 162 /* Remy Mudingay */ -#define NDPI_PROTOCOL_TOR 163 /* Remy Mudingay */ -#define NDPI_PROTOCOL_SKINNY 164 /* Remy Mudingay */ -#define NDPI_PROTOCOL_RTCP 165 /* Remy Mudingay */ -#define NDPI_PROTOCOL_RSYNC 166 /* Remy Mudingay */ -#define NDPI_PROTOCOL_ORACLE 167 /* Remy Mudingay */ -#define NDPI_PROTOCOL_CORBA 168 /* Remy Mudingay */ +#define NDPI_PROTOCOL_TOR 163 /* Remy Mudingay */ +#define NDPI_PROTOCOL_SKINNY 164 /* Remy Mudingay */ +#define NDPI_PROTOCOL_RTCP 165 /* Remy Mudingay */ +#define NDPI_PROTOCOL_RSYNC 166 /* Remy Mudingay */ +#define NDPI_PROTOCOL_ORACLE 167 /* Remy Mudingay */ +#define NDPI_PROTOCOL_CORBA 168 /* Remy Mudingay */ #define NDPI_PROTOCOL_UBUNTUONE 169 /* Remy Mudingay */ #define NDPI_PROTOCOL_WHOIS_DAS 170 -#define NDPI_PROTOCOL_COLLECTD 171 -#define NDPI_PROTOCOL_SOCKS 172 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_MS_LYNC 173 -#define NDPI_PROTOCOL_RTMP 174 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_FTP_DATA 175 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_COLLECTD 171 +#define NDPI_PROTOCOL_SOCKS 172 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_MS_LYNC 173 +#define NDPI_PROTOCOL_RTMP 174 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_FTP_DATA 175 /* Tomasz Bujlow */ #define NDPI_PROTOCOL_WIKIPEDIA 176 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_ZMQ 177 -#define NDPI_PROTOCOL_AMAZON 178 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_EBAY 179 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_CNN 180 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_MEGACO 181 /* Gianluca Costa */ -#define NDPI_PROTOCOL_REDIS 182 -#define NDPI_PROTOCOL_PANDO 183 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_VHUA 184 -#define NDPI_PROTOCOL_TELEGRAM 185 /* Gianluca Costa */ -#define NDPI_PROTOCOL_VEVO 186 -#define NDPI_PROTOCOL_PANDORA 187 +#define NDPI_PROTOCOL_ZMQ 177 +#define NDPI_PROTOCOL_AMAZON 178 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_EBAY 179 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_CNN 180 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_MEGACO 181 /* Gianluca Costa */ +#define NDPI_PROTOCOL_REDIS 182 +#define NDPI_PROTOCOL_PANDO 183 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_VHUA 184 +#define NDPI_PROTOCOL_TELEGRAM 185 /* Gianluca Costa */ +#define NDPI_PROTOCOL_VEVO 186 +#define NDPI_PROTOCOL_PANDORA 187 #define NDPI_PROTOCOL_QUIC 188 /* Andrea Buscarinu - Michele Campus */ #define NDPI_PROTOCOL_WHATSAPP_VOICE 189 #define NDPI_PROTOCOL_EAQ 190 @@ -256,8 +256,7 @@ #define NDPI_PROTOCOL_HOTSPOT_SHIELD 215 #define NDPI_PROTOCOL_HEP 216 /* sipcapture.org QXIP BV */ -/* 217 is free */ -#define NDPI_PROTOCOL_FREE_217 217 +#define NDPI_PROTOCOL_GOOGLE_DRIVE 217 #define NDPI_PROTOCOL_OCS 218 #define NDPI_PROTOCOL_OFFICE_365 219 diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 9072fab19..dd0a21ae2 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -7990,11 +7990,16 @@ ndpi_protocol_match host_match[] = { { "facebook.com", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { "fbstatic-a.akamaihd.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { ".fbcdn.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "fbcdn-", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, /* fbcdn-video-a-akamaihd.net */ + { "fbcdn-", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { ".facebook.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { ".speedtest.net", "Ookla", NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_ACCEPTABLE }, + { "drive-thirdparty.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_SAFE }, + { "docs.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_SAFE }, + { ".docs.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_SAFE }, + { "drive.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_SAFE }, + { "google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".gstatic.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, @@ -8013,8 +8018,8 @@ ndpi_protocol_match host_match[] = { { "maps.google.", "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "maps.gstatic.com", "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".gmail.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_SAFE }, - { "mail.google.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_SAFE }, + { ".gmail.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "mail.google.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { "mail.outlook.com", "Hotmail", NDPI_PROTOCOL_HOTMAIL, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_SAFE }, diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index ef6393877..810485149 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1628,7 +1628,6 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 655, 0, 0, 0, 0) /* UDP */); /* To be removed as soon as we define new protocols */ - ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_217); ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_224); /* calling function for host and content matched protocols */ -- cgit v1.2.3 From 05912a49ae7cfeab2b050a6228012df245cced33 Mon Sep 17 00:00:00 2001 From: Campus Date: Fri, 9 Jun 2017 01:15:11 +0200 Subject: fixed 1kxun application protocol to avoid false positive in udp detection --- src/include/ndpi_protocols.h | 2 - src/lib/Makefile.am | 1 - src/lib/ndpi_main.c | 14 +++---- src/lib/protocols/http.c | 24 ++++++----- src/lib/protocols/kxun.c | 98 -------------------------------------------- 5 files changed, 20 insertions(+), 119 deletions(-) delete mode 100644 src/lib/protocols/kxun.c (limited to 'src') diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index c0bce974e..f1d34f75e 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -194,7 +194,6 @@ void ndpi_search_rx(struct ndpi_detection_module_struct *ndpi_struct, struct ndp void ndpi_search_git(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_drda(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_bjnp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); -void ndpi_search_kxun(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_smpp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_tinc(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); /* --- INIT FUNCTIONS --- */ @@ -338,7 +337,6 @@ void init_git_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 void init_hangout_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_drda_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_bjnp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); -void init_kxun_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_smpp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_tinc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); #endif /* __NDPI_PROTOCOLS_H__ */ diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index d3bd19264..375e9ce48 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -67,7 +67,6 @@ libndpi_la_SOURCES = ndpi_content_match.c.inc \ protocols/kakaotalk_voice.c \ protocols/kerberos.c \ protocols/kontiki.c \ - protocols/kxun.c \ protocols/ldap.c \ protocols/lotus_notes.c \ protocols/mail_imap.c \ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 810485149..53c2b9d59 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1596,11 +1596,11 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "BJNP", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 8612, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_1KXUN, - no_master, - no_master, "1kxun", NDPI_PROTOCOL_CATEGORY_MEDIA, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ + /* ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_1KXUN, */ + /* no_master, */ + /* no_master, "1kxun", NDPI_PROTOCOL_CATEGORY_MEDIA, */ + /* ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /\* TCP *\/ */ + /* ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /\* UDP *\/ */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SMPP, no_master, no_master, "SMPP", NDPI_PROTOCOL_CATEGORY_P2P, @@ -2711,8 +2711,8 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* BJNP */ init_bjnp_dissector(ndpi_struct, &a, detection_bitmask); - /* 1KXUN */ - init_kxun_dissector(ndpi_struct, &a, detection_bitmask); + /* /\* 1KXUN *\/ */ + /* init_kxun_dissector(ndpi_struct, &a, detection_bitmask); */ /* SMPP */ init_smpp_dissector(ndpi_struct, &a, detection_bitmask); diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 44ca32cb4..35e67a54d 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -39,14 +39,13 @@ static void ndpi_int_http_add_connection(struct ndpi_detection_module_struct *nd ndpi_search_tcp_or_udp(ndpi_struct, flow); /* If no custom protocol has been detected */ - /* if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) */ { - if(protocol == NDPI_PROTOCOL_HTTP) { - ndpi_int_reset_protocol(flow); - ndpi_set_detected_protocol(ndpi_struct, flow, flow->guessed_host_protocol_id, protocol); - } else - ndpi_set_detected_protocol(ndpi_struct, flow, protocol, NDPI_PROTOCOL_HTTP); - } - + /* if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) */ + if(protocol == NDPI_PROTOCOL_HTTP) { + ndpi_int_reset_protocol(flow); + ndpi_set_detected_protocol(ndpi_struct, flow, flow->guessed_host_protocol_id, protocol); + } else + ndpi_set_detected_protocol(ndpi_struct, flow, protocol, NDPI_PROTOCOL_HTTP); + flow->http_detected = 1; } } @@ -199,11 +198,13 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ /* PPStream */ if(flow->l4.tcp.ppstream_stage > 0 && iqiyi_counter == 0) { NDPI_LOG(NDPI_PROTOCOL_PPSTREAM, ndpi_struct, NDPI_LOG_DEBUG, "PPStream found.\n"); - ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_PPSTREAM); + /* ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_PPSTREAM); */ + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_HTTP); } else if(iqiyi_counter > 0) { NDPI_LOG(NDPI_PROTOCOL_IQIYI, ndpi_struct, NDPI_LOG_DEBUG, "iQiyi found.\n"); - ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_IQIYI); + /* ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_IQIYI); */ + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_HTTP); } #endif @@ -211,7 +212,8 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ /* 1KXUN */ if(kxun_counter > 0) { NDPI_LOG(NDPI_PROTOCOL_1KXUN, ndpi_struct, NDPI_LOG_DEBUG, "1kxun found.\n"); - ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_1KXUN); + /* ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_1KXUN); */ + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_HTTP); } #endif diff --git a/src/lib/protocols/kxun.c b/src/lib/protocols/kxun.c deleted file mode 100644 index d78e77a1a..000000000 --- a/src/lib/protocols/kxun.c +++ /dev/null @@ -1,98 +0,0 @@ -/* - * kxun.c - * - * Copyright (C) 2016 - ntop.org - * - * nDPI is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * nDPI is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with nDPI. If not, see . - * - */ -#include "ndpi_protocols.h" - -#ifdef NDPI_PROTOCOL_1KXUN - - -static void ndpi_int_kxun_add_connection(struct ndpi_detection_module_struct - *ndpi_struct, struct ndpi_flow_struct *flow) -{ - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_UNKNOWN); -} - - -void ndpi_search_kxun(struct ndpi_detection_module_struct - *ndpi_struct, struct ndpi_flow_struct *flow) -{ - struct ndpi_packet_struct *packet = &flow->packet; - - /* 1KXUN over TCP is detected inside HTTP dissector */ - - /* check 1KXUN over UDP */ - if(packet->udp != NULL) { - /* check ipv6 */ - if(packet->iphv6 != NULL) { - if(packet->iphv6->ip6_dst.u6_addr.u6_addr32[0] == 0x2ff && - packet->payload_packet_len == 329) { - if(packet->payload[0] == 0xff && - packet->payload[1] == 0x0f && - packet->payload[4] == 0xa0 && - packet->payload[5] == 0x00) { - NDPI_LOG(NDPI_PROTOCOL_1KXUN, ndpi_struct, NDPI_LOG_DEBUG, - "found 1kxun over udp.\n"); - ndpi_int_kxun_add_connection(ndpi_struct, flow); - return; - } - } - } - else if(packet->iph != NULL) { - if(packet->iph->daddr == 0xffffffff) { - if(packet->payload_packet_len == 40 && - packet->payload[8] == 0x41 && - packet->payload[9] == 0x41 && - packet->payload[10] == 0x42) { - NDPI_LOG(NDPI_PROTOCOL_1KXUN, ndpi_struct, NDPI_LOG_DEBUG, - "found 1kxun over udp.\n"); - ndpi_int_kxun_add_connection(ndpi_struct, flow); - return; - } - if(packet->payload_packet_len == 317 && - packet->payload[0] == 0xff && - packet->payload[1] == 0xff && - packet->payload[4] == 0xa0 && - packet->payload[5] == 0x00) { - NDPI_LOG(NDPI_PROTOCOL_1KXUN, ndpi_struct, NDPI_LOG_DEBUG, - "found 1kxun over udp.\n"); - ndpi_int_kxun_add_connection(ndpi_struct, flow); - return; - } - } - } - } - /* EXCLUDE 1KXUN */ - NDPI_LOG(NDPI_PROTOCOL_1KXUN, ndpi_struct, NDPI_LOG_DEBUG, "exclude 1kxun.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_1KXUN); -} - - -void init_kxun_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) -{ - ndpi_set_bitmask_protocol_detection("1kxun", ndpi_struct, detection_bitmask, *id, - NDPI_PROTOCOL_1KXUN, - ndpi_search_kxun, - NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD, - SAVE_DETECTION_BITMASK_AS_UNKNOWN, - ADD_TO_DETECTION_BITMASK); - - *id += 1; -} - -#endif -- cgit v1.2.3 From 88d47399b5db59e75f1515dc34bf8416c79fb0b6 Mon Sep 17 00:00:00 2001 From: Campus Date: Fri, 9 Jun 2017 01:18:41 +0200 Subject: updated results --- src/lib/ndpi_main.c | 8 -- tests/result/1kxun.pcap.out | 252 +++++++++++++++++++++---------------------- tests/result/pps.pcap.out | 12 +-- tests/result/wechat.pcap.out | 7 +- 4 files changed, 136 insertions(+), 143 deletions(-) (limited to 'src') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 53c2b9d59..9c6432de0 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1596,11 +1596,6 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "BJNP", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 8612, 0, 0, 0, 0) /* UDP */); - /* ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_1KXUN, */ - /* no_master, */ - /* no_master, "1kxun", NDPI_PROTOCOL_CATEGORY_MEDIA, */ - /* ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /\* TCP *\/ */ - /* ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /\* UDP *\/ */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SMPP, no_master, no_master, "SMPP", NDPI_PROTOCOL_CATEGORY_P2P, @@ -2711,9 +2706,6 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* BJNP */ init_bjnp_dissector(ndpi_struct, &a, detection_bitmask); - /* /\* 1KXUN *\/ */ - /* init_kxun_dissector(ndpi_struct, &a, detection_bitmask); */ - /* SMPP */ init_smpp_dissector(ndpi_struct, &a, detection_bitmask); diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out index 1860121c9..6cbdc3f69 100644 --- a/tests/result/1kxun.pcap.out +++ b/tests/result/1kxun.pcap.out @@ -1,4 +1,4 @@ -Unknown 9 2428 7 +Unknown 24 6428 14 DNS 2 378 1 HTTP 5 324 2 MDNS 1 82 1 @@ -13,137 +13,137 @@ Facebook 19 6840 2 Google 3 176 1 LLMNR 89 6799 47 Lync 2 132 1 -1kxun 967 535718 28 +1kxun 952 531718 21 1 TCP 119.235.235.84:443 <-> 192.168.5.16:53406 [proto: 91/SSL][13 pkts/6269 bytes <-> 10 pkts/1165 bytes] 2 TCP 192.168.115.8:49613 <-> 183.131.48.144:80 [proto: 7.205/HTTP.1kxun][260 pkts/15070 bytes <-> 159 pkts/168623 bytes][Host: 183.131.48.144] 3 UDP [fe80::5d92:62a8:ebde:1319]:53938 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: isatap] 4 UDP [fe80::9bd:81dd:2fdc:5750]:61548 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/190 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad] 5 UDP [fe80::5d92:62a8:ebde:1319]:58468 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/178 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] - 6 UDP 192.168.2.186:32768 -> 255.255.255.255:1947 [proto: 205/1kxun][2 pkts/164 bytes -> 0 pkts/0 bytes] - 7 TCP 192.168.5.16:53623 <-> 192.168.115.75:443 [proto: 91/SSL][11 pkts/1959 bytes <-> 8 pkts/1683 bytes][client: 1] - 8 TCP 192.168.5.16:53625 <-> 192.168.115.75:443 [proto: 91/SSL][11 pkts/1955 bytes <-> 8 pkts/1683 bytes][client: 1] - 9 TCP 192.168.5.16:53629 <-> 192.168.115.75:443 [proto: 91/SSL][10 pkts/1895 bytes <-> 7 pkts/1623 bytes][client: 1] - 10 UDP [fe80::9bd:81dd:2fdc:5750]:64568 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/190 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad] - 11 UDP [fe80::5d92:62a8:ebde:1319]:61172 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/174 bytes -> 0 pkts/0 bytes][Host: sonusav] - 12 TCP 192.168.5.16:53627 <-> 203.69.81.73:80 [proto: 7.205/HTTP.1kxun][6 pkts/676 bytes <-> 8 pkts/8822 bytes][Host: dl-obs.official.line.naver.jp] - 13 UDP [fe80::4568:efbc:40b1:1346]:50194 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/176 bytes -> 0 pkts/0 bytes][Host: kevin-pc] - 14 UDP 192.168.5.16:63372 <-> 168.95.1.1:53 [proto: 5/DNS][1 pkts/89 bytes <-> 1 pkts/289 bytes][Host: dl-obs.official.line.naver.jp] - 15 UDP 192.168.5.45:59461 -> 192.168.255.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes -> 0 pkts/0 bytes] - 16 UDP 192.168.5.45:59789 -> 192.168.255.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes -> 0 pkts/0 bytes] - 17 TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [proto: 7.205/HTTP.1kxun][10 pkts/880 bytes <-> 3 pkts/572 bytes][Host: 218.244.135.170:9099] - 18 UDP 192.168.5.48:49701 -> 239.255.255.250:1900 [proto: 12/SSDP][7 pkts/1253 bytes -> 0 pkts/0 bytes] - 19 UDP [fe80::4568:efbc:40b1:1346]:57148 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/176 bytes -> 0 pkts/0 bytes][Host: kevin-pc] - 20 UDP 192.168.3.95:51451 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes -> 0 pkts/0 bytes][Host: 小佛專機] - 21 UDP 192.168.5.44:51389 -> 239.255.255.250:1900 [proto: 12/SSDP][13 pkts/2275 bytes -> 0 pkts/0 bytes] - 22 UDP 192.168.5.16:68 <-> 192.168.119.1:67 [proto: 18/DHCP][2 pkts/684 bytes <-> 2 pkts/684 bytes][Host: macbook-air] - 23 UDP 192.168.5.41:55593 -> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/68 bytes -> 0 pkts/0 bytes][Host: kevin-pc] - 24 UDP 192.168.101.33:55485 -> 239.255.255.250:1900 [proto: 12/SSDP][10 pkts/1750 bytes -> 0 pkts/0 bytes] - 25 UDP 192.168.3.236:56043 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: isatap] - 26 UDP 192.168.115.8:51024 <-> 8.8.8.8:53 [proto: 5.205/DNS.1kxun][2 pkts/160 bytes <-> 1 pkts/112 bytes][Host: jp.kankan.1kxun.mobi] - 27 UDP 192.168.5.57:55809 -> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/2450 bytes -> 0 pkts/0 bytes] - 28 UDP 192.168.5.50:57143 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/142 bytes -> 0 pkts/0 bytes][Host: charming-pc] - 29 UDP 192.168.5.37:57325 -> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1575 bytes -> 0 pkts/0 bytes] - 30 UDP 192.168.3.95:58779 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes -> 0 pkts/0 bytes][Host: 小佛專機] - 31 UDP 192.168.5.44:59571 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: jason-pc] - 32 UDP 192.168.115.8:54420 <-> 8.8.8.8:53 [proto: 5.48/DNS.QQ][2 pkts/150 bytes <-> 1 pkts/116 bytes][Host: vv.video.qq.com] - 33 UDP 192.168.5.48:59797 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/140 bytes -> 0 pkts/0 bytes][Host: kasper-mac] - 34 UDP 192.168.5.47:60267 -> 239.255.255.250:1900 [proto: 12/SSDP][8 pkts/1432 bytes -> 0 pkts/0 bytes] - 35 UDP 192.168.10.110:60480 -> 255.255.255.255:62976 [proto: 205/1kxun][5 pkts/1795 bytes -> 0 pkts/0 bytes] - 36 UDP 192.168.5.47:61603 -> 224.0.0.252:5355 [proto: 173/Lync][2 pkts/132 bytes -> 0 pkts/0 bytes] - 37 UDP 192.168.3.236:62069 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] - 38 UDP 192.168.125.30:62976 -> 255.255.255.255:62976 [proto: 205/1kxun][2 pkts/718 bytes -> 0 pkts/0 bytes] - 39 UDP 192.168.10.7:62976 -> 255.255.255.255:62976 [proto: 205/1kxun][2 pkts/718 bytes -> 0 pkts/0 bytes] - 40 UDP 192.168.140.140:62976 -> 255.255.255.255:62976 [proto: 205/1kxun][1 pkts/359 bytes -> 0 pkts/0 bytes] - 41 UDP [fe80::e034:7be:d8f9:6197]:57143 -> [ff02::1:3]:5355 [proto: 154/LLMNR][1 pkts/91 bytes -> 0 pkts/0 bytes][Host: charming-pc] - 42 UDP 192.168.115.8:60724 <-> 8.8.8.8:53 [proto: 5.205/DNS.1kxun][2 pkts/146 bytes <-> 1 pkts/137 bytes][Host: pic.1kxun.com] - 43 UDP [fe80::edf5:240a:c8c0:8312]:61603 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: ro_x1c] - 44 UDP 192.168.5.49:1900 -> 239.255.255.250:1900 [proto: 12/SSDP][16 pkts/8473 bytes -> 0 pkts/0 bytes] - 45 TCP 192.168.115.8:49609 <-> 42.120.51.152:8080 [proto: 7.205/HTTP.1kxun][20 pkts/4716 bytes <-> 13 pkts/7005 bytes][Host: 42.120.51.152:8080] - 46 TCP 192.168.5.16:53624 <-> 68.233.253.133:80 [proto: 7.205/HTTP.1kxun][7 pkts/996 bytes <-> 5 pkts/986 bytes][Host: api.magicansoft.com] - 47 UDP [fe80::e98f:bae2:19f7:6b0f]:51451 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/184 bytes -> 0 pkts/0 bytes][Host: 小佛專機] - 48 TCP 192.168.115.8:49600 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][18 pkts/1722 bytes <-> 51 pkts/61707 bytes][Host: pic.1kxun.com] - 49 TCP 192.168.115.8:49606 <-> 106.185.35.110:80 [proto: 7.205/HTTP.1kxun][22 pkts/1926 bytes <-> 28 pkts/33821 bytes][Host: jp.kankan.1kxun.mobi] - 50 TCP 192.168.115.8:49602 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][24 pkts/2786 bytes <-> 41 pkts/46203 bytes][Host: pic.1kxun.com] - 51 TCP 192.168.115.8:49604 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][20 pkts/2564 bytes <-> 38 pkts/43013 bytes][Host: pic.1kxun.com] - 52 UDP [fe80::f65c:89ff:fe89:e607]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][1 pkts/98 bytes -> 0 pkts/0 bytes] - 53 UDP [fe80::e98f:bae2:19f7:6b0f]:58779 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/184 bytes -> 0 pkts/0 bytes][Host: 小佛專機] - 54 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][4 pkts/1368 bytes -> 0 pkts/0 bytes][Host: shen] - 55 UDP 59.120.208.218:50151 -> 255.255.255.255:1947 [proto: 205/1kxun][2 pkts/164 bytes -> 0 pkts/0 bytes] - 56 UDP [fe80::5d92:62a8:ebde:1319]:49735 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/178 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] - 57 TCP 192.168.115.8:49612 <-> 183.131.48.145:80 [proto: 7.205/HTTP.1kxun][10 pkts/1428 bytes <-> 4 pkts/867 bytes][Host: 183.131.48.145] - 58 UDP 192.168.115.8:52723 <-> 168.95.1.1:53 [proto: 5.205/DNS.1kxun][2 pkts/152 bytes <-> 1 pkts/108 bytes][Host: kankan.1kxun.com] - 59 TCP 192.168.115.8:49608 <-> 203.205.151.234:80 [proto: 7.48/HTTP.QQ][18 pkts/3550 bytes <-> 7 pkts/1400 bytes][Host: vv.video.qq.com] - 60 TCP 192.168.115.8:49596 <-> 203.66.182.87:443 [proto: 91/SSL][4 pkts/220 bytes <-> 2 pkts/132 bytes] - 61 UDP [fe80::9bd:81dd:2fdc:5750]:1900 -> [ff02::c]:1900 [proto: 12/SSDP][16 pkts/8921 bytes -> 0 pkts/0 bytes] - 62 TCP 192.168.5.16:53622 <-> 192.168.115.75:443 [proto: 91/SSL][1 pkts/60 bytes <-> 1 pkts/60 bytes] - 63 TCP 192.168.5.16:53626 <-> 192.168.115.75:443 [proto: 91/SSL][11 pkts/1943 bytes <-> 8 pkts/1267 bytes][client: 1] - 64 TCP 192.168.5.16:53628 <-> 203.69.81.73:80 [proto: 7.205/HTTP.1kxun][6 pkts/676 bytes <-> 8 pkts/8482 bytes][Host: dl-obs.official.line.naver.jp] - 65 TCP 192.168.115.8:49598 <-> 222.73.254.167:80 [proto: 7.205/HTTP.1kxun][10 pkts/1406 bytes <-> 4 pkts/980 bytes][Host: kankan.1kxun.com] - 66 UDP [fe80::5d92:62a8:ebde:1319]:63659 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: isatap] - 67 UDP [fe80::406:55a8:6453:25dd]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][5 pkts/490 bytes -> 0 pkts/0 bytes] - 68 UDP 192.168.5.50:49766 -> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/71 bytes -> 0 pkts/0 bytes][Host: charming-pc] - 69 UDP 192.168.5.50:50030 -> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/71 bytes -> 0 pkts/0 bytes][Host: charming-pc] - 70 UDP 192.168.115.8:51458 -> 224.0.0.252:5355 [proto: 154/LLMNR][4 pkts/256 bytes -> 0 pkts/0 bytes][Host: wpad] - 71 UDP 192.168.3.236:51714 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: isatap] - 72 UDP 192.168.5.49:51704 -> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1611 bytes -> 0 pkts/0 bytes] - 73 UDP 192.168.115.8:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][6 pkts/552 bytes -> 0 pkts/0 bytes] - 74 UDP 192.168.5.67:138 -> 192.168.255.255:138 [proto: 10/NetBIOS][2 pkts/549 bytes -> 0 pkts/0 bytes] - 75 UDP 192.168.5.45:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][2 pkts/184 bytes -> 0 pkts/0 bytes] - 76 UDP 192.168.5.45:138 -> 192.168.255.255:138 [proto: 10/NetBIOS][3 pkts/648 bytes -> 0 pkts/0 bytes] - 77 UDP 192.168.3.236:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][13 pkts/1196 bytes -> 0 pkts/0 bytes] - 78 UDP 192.168.0.104:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][3 pkts/276 bytes -> 0 pkts/0 bytes] - 79 UDP 192.168.5.47:53962 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: ro_x1c] - 80 UDP 192.168.5.41:54470 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: kevin-pc] - 81 UDP 192.168.5.37:54506 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: notebook] - 82 UDP 192.168.3.95:54888 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes -> 0 pkts/0 bytes][Host: 小佛專機] - 83 UDP 192.168.5.41:55312 -> 239.255.255.250:1900 [proto: 12/SSDP][8 pkts/1400 bytes -> 0 pkts/0 bytes] - 84 UDP 192.168.5.9:55484 -> 239.255.255.250:1900 [proto: 12/SSDP][12 pkts/2100 bytes -> 0 pkts/0 bytes] - 85 UDP [fe80::e034:7be:d8f9:6197]:49766 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/182 bytes -> 0 pkts/0 bytes][Host: charming-pc] - 86 UDP 192.168.5.37:56366 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: notebook] - 87 UDP 192.168.115.8:52723 <-> 8.8.8.8:53 [proto: 5.205/DNS.1kxun][2 pkts/152 bytes <-> 1 pkts/108 bytes][Host: kankan.1kxun.com] - 88 UDP 192.168.101.33:58456 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] - 89 UDP 192.168.5.9:58456 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] - 90 UDP 192.168.5.44:58702 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: jason-pc] - 91 UDP 192.168.5.44:59062 -> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/68 bytes -> 0 pkts/0 bytes][Host: jason-pc] - 92 UDP [fe80::edf5:240a:c8c0:8312]:53962 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: ro_x1c] - 93 UDP 192.168.3.236:59730 -> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/67 bytes -> 0 pkts/0 bytes][Host: sonusav] - 94 UDP 192.168.3.95:59468 -> 239.255.255.250:1900 [proto: 12/SSDP][12 pkts/2100 bytes -> 0 pkts/0 bytes] - 95 UDP 192.168.5.49:61548 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/150 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad] - 96 TCP 192.168.5.16:53580 <-> 31.13.87.36:443 [proto: 91.119/SSL.Facebook][4 pkts/2050 bytes <-> 5 pkts/2297 bytes] - 97 TCP 31.13.87.1:443 <-> 192.168.5.16:53578 [proto: 91.119/SSL.Facebook][5 pkts/1006 bytes <-> 5 pkts/1487 bytes] - 98 UDP 192.168.5.50:62756 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/142 bytes -> 0 pkts/0 bytes][Host: charming-pc] - 99 UDP 192.168.101.33:62822 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] - 100 UDP 192.168.5.9:62822 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] - 101 UDP 192.168.5.57:64428 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: usher-pc] - 102 UDP 192.168.5.49:64568 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/150 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad] - 103 UDP 192.168.5.50:64674 -> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1611 bytes -> 0 pkts/0 bytes] - 104 UDP 192.168.5.57:65150 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: usher-pc] - 105 UDP 192.168.3.236:65496 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] - 106 TCP 192.168.115.8:49581 <-> 64.233.189.128:80 [proto: 7.126/HTTP.Google][2 pkts/110 bytes <-> 1 pkts/66 bytes] - 107 UDP 192.168.119.1:67 -> 255.255.255.255:68 [proto: 18/DHCP][14 pkts/4788 bytes -> 0 pkts/0 bytes] - 108 UDP 192.168.5.9:68 -> 255.255.255.255:67 [proto: 18/DHCP][1 pkts/342 bytes -> 0 pkts/0 bytes][Host: joanna-pc] - 109 UDP 192.168.5.41:68 -> 255.255.255.255:67 [proto: 18/DHCP][1 pkts/342 bytes -> 0 pkts/0 bytes][Host: kevin-pc] - 110 UDP [fe80::beee:7bff:fe0c:b3de]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][4 pkts/392 bytes -> 0 pkts/0 bytes] - 111 UDP [fe80::e034:7be:d8f9:6197]:62756 -> [ff02::1:3]:5355 [proto: 154/LLMNR][1 pkts/91 bytes -> 0 pkts/0 bytes][Host: charming-pc] - 112 UDP 59.120.208.212:32768 -> 255.255.255.255:1947 [proto: 205/1kxun][1 pkts/82 bytes -> 0 pkts/0 bytes] - 113 UDP 192.168.5.64:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/82 bytes -> 0 pkts/0 bytes] - 114 TCP 192.168.5.16:53605 -> 68.233.253.133:80 [proto: 7/HTTP][2 pkts/126 bytes -> 0 pkts/0 bytes] - 115 TCP 192.168.5.16:53613 -> 68.233.253.133:80 [proto: 7/HTTP][3 pkts/198 bytes -> 0 pkts/0 bytes] - 116 UDP 192.168.5.16:123 -> 17.253.26.125:123 [proto: 9/NTP][1 pkts/90 bytes -> 0 pkts/0 bytes] - 117 TCP 192.168.115.8:49597 <-> 106.185.35.110:80 [proto: 7.205/HTTP.1kxun][10 pkts/1394 bytes <-> 4 pkts/1464 bytes][Host: jp.kankan.1kxun.mobi] - 118 TCP 192.168.115.8:49599 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][16 pkts/1612 bytes <-> 27 pkts/29579 bytes][Host: pic.1kxun.com] - 119 TCP 192.168.115.8:49605 <-> 106.185.35.110:80 [proto: 7.205/HTTP.1kxun][8 pkts/1128 bytes <-> 5 pkts/2282 bytes][Host: jp.kankan.1kxun.mobi] - 120 TCP 192.168.115.8:49601 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][18 pkts/2440 bytes <-> 43 pkts/49237 bytes][Host: pic.1kxun.com] - 121 TCP 192.168.115.8:49603 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][12 pkts/1396 bytes <-> 22 pkts/24184 bytes][Host: pic.1kxun.com] - 122 UDP [fe80::e98f:bae2:19f7:6b0f]:54888 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/184 bytes -> 0 pkts/0 bytes][Host: 小佛專機] + 6 TCP 192.168.5.16:53623 <-> 192.168.115.75:443 [proto: 91/SSL][11 pkts/1959 bytes <-> 8 pkts/1683 bytes][client: 1] + 7 TCP 192.168.5.16:53625 <-> 192.168.115.75:443 [proto: 91/SSL][11 pkts/1955 bytes <-> 8 pkts/1683 bytes][client: 1] + 8 TCP 192.168.5.16:53629 <-> 192.168.115.75:443 [proto: 91/SSL][10 pkts/1895 bytes <-> 7 pkts/1623 bytes][client: 1] + 9 UDP [fe80::9bd:81dd:2fdc:5750]:64568 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/190 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad] + 10 UDP [fe80::5d92:62a8:ebde:1319]:61172 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/174 bytes -> 0 pkts/0 bytes][Host: sonusav] + 11 TCP 192.168.5.16:53627 <-> 203.69.81.73:80 [proto: 7.205/HTTP.1kxun][6 pkts/676 bytes <-> 8 pkts/8822 bytes][Host: dl-obs.official.line.naver.jp] + 12 UDP [fe80::4568:efbc:40b1:1346]:50194 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/176 bytes -> 0 pkts/0 bytes][Host: kevin-pc] + 13 UDP 192.168.5.16:63372 <-> 168.95.1.1:53 [proto: 5/DNS][1 pkts/89 bytes <-> 1 pkts/289 bytes][Host: dl-obs.official.line.naver.jp] + 14 UDP 192.168.5.45:59461 -> 192.168.255.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes -> 0 pkts/0 bytes] + 15 UDP 192.168.5.45:59789 -> 192.168.255.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes -> 0 pkts/0 bytes] + 16 TCP 192.168.115.8:49607 <-> 218.244.135.170:9099 [proto: 7.205/HTTP.1kxun][10 pkts/880 bytes <-> 3 pkts/572 bytes][Host: 218.244.135.170:9099] + 17 UDP 192.168.5.48:49701 -> 239.255.255.250:1900 [proto: 12/SSDP][7 pkts/1253 bytes -> 0 pkts/0 bytes] + 18 UDP [fe80::4568:efbc:40b1:1346]:57148 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/176 bytes -> 0 pkts/0 bytes][Host: kevin-pc] + 19 UDP 192.168.3.95:51451 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes -> 0 pkts/0 bytes][Host: 小佛專機] + 20 UDP 192.168.5.44:51389 -> 239.255.255.250:1900 [proto: 12/SSDP][13 pkts/2275 bytes -> 0 pkts/0 bytes] + 21 UDP 192.168.5.16:68 <-> 192.168.119.1:67 [proto: 18/DHCP][2 pkts/684 bytes <-> 2 pkts/684 bytes][Host: macbook-air] + 22 UDP 192.168.5.41:55593 -> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/68 bytes -> 0 pkts/0 bytes][Host: kevin-pc] + 23 UDP 192.168.101.33:55485 -> 239.255.255.250:1900 [proto: 12/SSDP][10 pkts/1750 bytes -> 0 pkts/0 bytes] + 24 UDP 192.168.3.236:56043 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: isatap] + 25 UDP 192.168.115.8:51024 <-> 8.8.8.8:53 [proto: 5.205/DNS.1kxun][2 pkts/160 bytes <-> 1 pkts/112 bytes][Host: jp.kankan.1kxun.mobi] + 26 UDP 192.168.5.57:55809 -> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/2450 bytes -> 0 pkts/0 bytes] + 27 UDP 192.168.5.50:57143 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/142 bytes -> 0 pkts/0 bytes][Host: charming-pc] + 28 UDP 192.168.5.37:57325 -> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1575 bytes -> 0 pkts/0 bytes] + 29 UDP 192.168.3.95:58779 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes -> 0 pkts/0 bytes][Host: 小佛專機] + 30 UDP 192.168.5.44:59571 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: jason-pc] + 31 UDP 192.168.115.8:54420 <-> 8.8.8.8:53 [proto: 5.48/DNS.QQ][2 pkts/150 bytes <-> 1 pkts/116 bytes][Host: vv.video.qq.com] + 32 UDP 192.168.5.48:59797 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/140 bytes -> 0 pkts/0 bytes][Host: kasper-mac] + 33 UDP 192.168.5.47:60267 -> 239.255.255.250:1900 [proto: 12/SSDP][8 pkts/1432 bytes -> 0 pkts/0 bytes] + 34 UDP 192.168.5.47:61603 -> 224.0.0.252:5355 [proto: 173/Lync][2 pkts/132 bytes -> 0 pkts/0 bytes] + 35 UDP 192.168.3.236:62069 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] + 36 UDP [fe80::e034:7be:d8f9:6197]:57143 -> [ff02::1:3]:5355 [proto: 154/LLMNR][1 pkts/91 bytes -> 0 pkts/0 bytes][Host: charming-pc] + 37 UDP 192.168.115.8:60724 <-> 8.8.8.8:53 [proto: 5.205/DNS.1kxun][2 pkts/146 bytes <-> 1 pkts/137 bytes][Host: pic.1kxun.com] + 38 UDP [fe80::edf5:240a:c8c0:8312]:61603 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: ro_x1c] + 39 UDP 192.168.5.49:1900 -> 239.255.255.250:1900 [proto: 12/SSDP][16 pkts/8473 bytes -> 0 pkts/0 bytes] + 40 TCP 192.168.115.8:49609 <-> 42.120.51.152:8080 [proto: 7.205/HTTP.1kxun][20 pkts/4716 bytes <-> 13 pkts/7005 bytes][Host: 42.120.51.152:8080] + 41 TCP 192.168.5.16:53624 <-> 68.233.253.133:80 [proto: 7.205/HTTP.1kxun][7 pkts/996 bytes <-> 5 pkts/986 bytes][Host: api.magicansoft.com] + 42 UDP [fe80::e98f:bae2:19f7:6b0f]:51451 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/184 bytes -> 0 pkts/0 bytes][Host: 小佛專機] + 43 TCP 192.168.115.8:49600 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][18 pkts/1722 bytes <-> 51 pkts/61707 bytes][Host: pic.1kxun.com] + 44 TCP 192.168.115.8:49606 <-> 106.185.35.110:80 [proto: 7.205/HTTP.1kxun][22 pkts/1926 bytes <-> 28 pkts/33821 bytes][Host: jp.kankan.1kxun.mobi] + 45 TCP 192.168.115.8:49602 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][24 pkts/2786 bytes <-> 41 pkts/46203 bytes][Host: pic.1kxun.com] + 46 TCP 192.168.115.8:49604 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][20 pkts/2564 bytes <-> 38 pkts/43013 bytes][Host: pic.1kxun.com] + 47 UDP [fe80::f65c:89ff:fe89:e607]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][1 pkts/98 bytes -> 0 pkts/0 bytes] + 48 UDP [fe80::e98f:bae2:19f7:6b0f]:58779 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/184 bytes -> 0 pkts/0 bytes][Host: 小佛專機] + 49 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][4 pkts/1368 bytes -> 0 pkts/0 bytes][Host: shen] + 50 UDP [fe80::5d92:62a8:ebde:1319]:49735 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/178 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] + 51 TCP 192.168.115.8:49612 <-> 183.131.48.145:80 [proto: 7.205/HTTP.1kxun][10 pkts/1428 bytes <-> 4 pkts/867 bytes][Host: 183.131.48.145] + 52 UDP 192.168.115.8:52723 <-> 168.95.1.1:53 [proto: 5.205/DNS.1kxun][2 pkts/152 bytes <-> 1 pkts/108 bytes][Host: kankan.1kxun.com] + 53 TCP 192.168.115.8:49608 <-> 203.205.151.234:80 [proto: 7.48/HTTP.QQ][18 pkts/3550 bytes <-> 7 pkts/1400 bytes][Host: vv.video.qq.com] + 54 TCP 192.168.115.8:49596 <-> 203.66.182.87:443 [proto: 91/SSL][4 pkts/220 bytes <-> 2 pkts/132 bytes] + 55 UDP [fe80::9bd:81dd:2fdc:5750]:1900 -> [ff02::c]:1900 [proto: 12/SSDP][16 pkts/8921 bytes -> 0 pkts/0 bytes] + 56 TCP 192.168.5.16:53622 <-> 192.168.115.75:443 [proto: 91/SSL][1 pkts/60 bytes <-> 1 pkts/60 bytes] + 57 TCP 192.168.5.16:53626 <-> 192.168.115.75:443 [proto: 91/SSL][11 pkts/1943 bytes <-> 8 pkts/1267 bytes][client: 1] + 58 TCP 192.168.5.16:53628 <-> 203.69.81.73:80 [proto: 7.205/HTTP.1kxun][6 pkts/676 bytes <-> 8 pkts/8482 bytes][Host: dl-obs.official.line.naver.jp] + 59 TCP 192.168.115.8:49598 <-> 222.73.254.167:80 [proto: 7.205/HTTP.1kxun][10 pkts/1406 bytes <-> 4 pkts/980 bytes][Host: kankan.1kxun.com] + 60 UDP [fe80::5d92:62a8:ebde:1319]:63659 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: isatap] + 61 UDP [fe80::406:55a8:6453:25dd]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][5 pkts/490 bytes -> 0 pkts/0 bytes] + 62 UDP 192.168.5.50:49766 -> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/71 bytes -> 0 pkts/0 bytes][Host: charming-pc] + 63 UDP 192.168.5.50:50030 -> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/71 bytes -> 0 pkts/0 bytes][Host: charming-pc] + 64 UDP 192.168.115.8:51458 -> 224.0.0.252:5355 [proto: 154/LLMNR][4 pkts/256 bytes -> 0 pkts/0 bytes][Host: wpad] + 65 UDP 192.168.3.236:51714 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: isatap] + 66 UDP 192.168.5.49:51704 -> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1611 bytes -> 0 pkts/0 bytes] + 67 UDP 192.168.115.8:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][6 pkts/552 bytes -> 0 pkts/0 bytes] + 68 UDP 192.168.5.67:138 -> 192.168.255.255:138 [proto: 10/NetBIOS][2 pkts/549 bytes -> 0 pkts/0 bytes] + 69 UDP 192.168.5.45:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][2 pkts/184 bytes -> 0 pkts/0 bytes] + 70 UDP 192.168.5.45:138 -> 192.168.255.255:138 [proto: 10/NetBIOS][3 pkts/648 bytes -> 0 pkts/0 bytes] + 71 UDP 192.168.3.236:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][13 pkts/1196 bytes -> 0 pkts/0 bytes] + 72 UDP 192.168.0.104:137 -> 192.168.255.255:137 [proto: 10/NetBIOS][3 pkts/276 bytes -> 0 pkts/0 bytes] + 73 UDP 192.168.5.47:53962 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/132 bytes -> 0 pkts/0 bytes][Host: ro_x1c] + 74 UDP 192.168.5.41:54470 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: kevin-pc] + 75 UDP 192.168.5.37:54506 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: notebook] + 76 UDP 192.168.3.95:54888 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/144 bytes -> 0 pkts/0 bytes][Host: 小佛專機] + 77 UDP 192.168.5.41:55312 -> 239.255.255.250:1900 [proto: 12/SSDP][8 pkts/1400 bytes -> 0 pkts/0 bytes] + 78 UDP 192.168.5.9:55484 -> 239.255.255.250:1900 [proto: 12/SSDP][12 pkts/2100 bytes -> 0 pkts/0 bytes] + 79 UDP [fe80::e034:7be:d8f9:6197]:49766 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/182 bytes -> 0 pkts/0 bytes][Host: charming-pc] + 80 UDP 192.168.5.37:56366 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: notebook] + 81 UDP 192.168.115.8:52723 <-> 8.8.8.8:53 [proto: 5.205/DNS.1kxun][2 pkts/152 bytes <-> 1 pkts/108 bytes][Host: kankan.1kxun.com] + 82 UDP 192.168.101.33:58456 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] + 83 UDP 192.168.5.9:58456 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] + 84 UDP 192.168.5.44:58702 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: jason-pc] + 85 UDP 192.168.5.44:59062 -> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/68 bytes -> 0 pkts/0 bytes][Host: jason-pc] + 86 UDP [fe80::edf5:240a:c8c0:8312]:53962 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: ro_x1c] + 87 UDP 192.168.3.236:59730 -> 224.0.0.252:5355 [proto: 154/LLMNR][1 pkts/67 bytes -> 0 pkts/0 bytes][Host: sonusav] + 88 UDP 192.168.3.95:59468 -> 239.255.255.250:1900 [proto: 12/SSDP][12 pkts/2100 bytes -> 0 pkts/0 bytes] + 89 UDP 192.168.5.49:61548 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/150 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad] + 90 TCP 192.168.5.16:53580 <-> 31.13.87.36:443 [proto: 91.119/SSL.Facebook][4 pkts/2050 bytes <-> 5 pkts/2297 bytes] + 91 TCP 31.13.87.1:443 <-> 192.168.5.16:53578 [proto: 91.119/SSL.Facebook][5 pkts/1006 bytes <-> 5 pkts/1487 bytes] + 92 UDP 192.168.5.50:62756 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/142 bytes -> 0 pkts/0 bytes][Host: charming-pc] + 93 UDP 192.168.101.33:62822 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] + 94 UDP 192.168.5.9:62822 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: joanna-pc] + 95 UDP 192.168.5.57:64428 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: usher-pc] + 96 UDP 192.168.5.49:64568 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/150 bytes -> 0 pkts/0 bytes][Host: caesar-thinkpad] + 97 UDP 192.168.5.50:64674 -> 239.255.255.250:1900 [proto: 12/SSDP][9 pkts/1611 bytes -> 0 pkts/0 bytes] + 98 UDP 192.168.5.57:65150 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: usher-pc] + 99 UDP 192.168.3.236:65496 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] + 100 TCP 192.168.115.8:49581 <-> 64.233.189.128:80 [proto: 7.126/HTTP.Google][2 pkts/110 bytes <-> 1 pkts/66 bytes] + 101 UDP 192.168.119.1:67 -> 255.255.255.255:68 [proto: 18/DHCP][14 pkts/4788 bytes -> 0 pkts/0 bytes] + 102 UDP 192.168.5.9:68 -> 255.255.255.255:67 [proto: 18/DHCP][1 pkts/342 bytes -> 0 pkts/0 bytes][Host: joanna-pc] + 103 UDP 192.168.5.41:68 -> 255.255.255.255:67 [proto: 18/DHCP][1 pkts/342 bytes -> 0 pkts/0 bytes][Host: kevin-pc] + 104 UDP [fe80::beee:7bff:fe0c:b3de]:546 -> [ff02::1:2]:547 [proto: 103/DHCPV6][4 pkts/392 bytes -> 0 pkts/0 bytes] + 105 UDP [fe80::e034:7be:d8f9:6197]:62756 -> [ff02::1:3]:5355 [proto: 154/LLMNR][1 pkts/91 bytes -> 0 pkts/0 bytes][Host: charming-pc] + 106 UDP 192.168.5.64:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/82 bytes -> 0 pkts/0 bytes] + 107 TCP 192.168.5.16:53605 -> 68.233.253.133:80 [proto: 7/HTTP][2 pkts/126 bytes -> 0 pkts/0 bytes] + 108 TCP 192.168.5.16:53613 -> 68.233.253.133:80 [proto: 7/HTTP][3 pkts/198 bytes -> 0 pkts/0 bytes] + 109 UDP 192.168.5.16:123 -> 17.253.26.125:123 [proto: 9/NTP][1 pkts/90 bytes -> 0 pkts/0 bytes] + 110 TCP 192.168.115.8:49597 <-> 106.185.35.110:80 [proto: 7.205/HTTP.1kxun][10 pkts/1394 bytes <-> 4 pkts/1464 bytes][Host: jp.kankan.1kxun.mobi] + 111 TCP 192.168.115.8:49599 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][16 pkts/1612 bytes <-> 27 pkts/29579 bytes][Host: pic.1kxun.com] + 112 TCP 192.168.115.8:49605 <-> 106.185.35.110:80 [proto: 7.205/HTTP.1kxun][8 pkts/1128 bytes <-> 5 pkts/2282 bytes][Host: jp.kankan.1kxun.mobi] + 113 TCP 192.168.115.8:49601 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][18 pkts/2440 bytes <-> 43 pkts/49237 bytes][Host: pic.1kxun.com] + 114 TCP 192.168.115.8:49603 <-> 106.187.35.246:80 [proto: 7.205/HTTP.1kxun][12 pkts/1396 bytes <-> 22 pkts/24184 bytes][Host: pic.1kxun.com] + 115 UDP [fe80::e98f:bae2:19f7:6b0f]:54888 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/184 bytes -> 0 pkts/0 bytes][Host: 小佛專機] Undetected flows: - 1 UDP 192.168.0.100:50925 -> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/142 bytes -> 0 pkts/0 bytes] - 2 UDP [2001:b030:214:100:c2a0:bbff:fe73:eb47]:62976 -> [ff02::1]:62976 [proto: 0/Unknown][2 pkts/782 bytes -> 0 pkts/0 bytes] - 3 UDP [2001:b020:6::c2a0:bbff:fe73:eb57]:62976 -> [ff02::1]:62976 [proto: 0/Unknown][2 pkts/782 bytes -> 0 pkts/0 bytes] - 4 UDP 192.168.119.1:56861 -> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/177 bytes -> 0 pkts/0 bytes] - 5 UDP [fe80::4e5e:cff:fe9a:ec54]:5678 -> [ff02::1]:5678 [proto: 0/Unknown][1 pkts/185 bytes -> 0 pkts/0 bytes] - 6 UDP [fe80::4e5e:cff:feea:365]:5678 -> [ff02::1]:5678 [proto: 0/Unknown][1 pkts/197 bytes -> 0 pkts/0 bytes] - 7 UDP 192.168.119.2:43786 -> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/163 bytes -> 0 pkts/0 bytes] + 1 UDP 192.168.2.186:32768 -> 255.255.255.255:1947 [proto: 0/Unknown][2 pkts/164 bytes -> 0 pkts/0 bytes] + 2 UDP 192.168.0.100:50925 -> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/142 bytes -> 0 pkts/0 bytes] + 3 UDP 192.168.10.110:60480 -> 255.255.255.255:62976 [proto: 0/Unknown][5 pkts/1795 bytes -> 0 pkts/0 bytes] + 4 UDP 192.168.125.30:62976 -> 255.255.255.255:62976 [proto: 0/Unknown][2 pkts/718 bytes -> 0 pkts/0 bytes] + 5 UDP 192.168.10.7:62976 -> 255.255.255.255:62976 [proto: 0/Unknown][2 pkts/718 bytes -> 0 pkts/0 bytes] + 6 UDP 192.168.140.140:62976 -> 255.255.255.255:62976 [proto: 0/Unknown][1 pkts/359 bytes -> 0 pkts/0 bytes] + 7 UDP [2001:b030:214:100:c2a0:bbff:fe73:eb47]:62976 -> [ff02::1]:62976 [proto: 0/Unknown][2 pkts/782 bytes -> 0 pkts/0 bytes] + 8 UDP [2001:b020:6::c2a0:bbff:fe73:eb57]:62976 -> [ff02::1]:62976 [proto: 0/Unknown][2 pkts/782 bytes -> 0 pkts/0 bytes] + 9 UDP 192.168.119.1:56861 -> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/177 bytes -> 0 pkts/0 bytes] + 10 UDP 59.120.208.218:50151 -> 255.255.255.255:1947 [proto: 0/Unknown][2 pkts/164 bytes -> 0 pkts/0 bytes] + 11 UDP [fe80::4e5e:cff:fe9a:ec54]:5678 -> [ff02::1]:5678 [proto: 0/Unknown][1 pkts/185 bytes -> 0 pkts/0 bytes] + 12 UDP [fe80::4e5e:cff:feea:365]:5678 -> [ff02::1]:5678 [proto: 0/Unknown][1 pkts/197 bytes -> 0 pkts/0 bytes] + 13 UDP 192.168.119.2:43786 -> 255.255.255.255:5678 [proto: 0/Unknown][1 pkts/163 bytes -> 0 pkts/0 bytes] + 14 UDP 59.120.208.212:32768 -> 255.255.255.255:1947 [proto: 0/Unknown][1 pkts/82 bytes -> 0 pkts/0 bytes] diff --git a/tests/result/pps.pcap.out b/tests/result/pps.pcap.out index bee502be8..9be4adae9 100644 --- a/tests/result/pps.pcap.out +++ b/tests/result/pps.pcap.out @@ -1,11 +1,11 @@ Unknown 990 378832 34 -HTTP 12 4427 6 +HTTP 3 174 2 SSDP 62 17013 9 Google 2 1093 1 UPnP 1 130 1 -iQIYI 1490 1845116 56 +iQIYI 1499 1849369 60 - 1 TCP 117.79.81.135:80 -> 192.168.115.8:50443 [proto: 7/HTTP][1 pkts/347 bytes -> 0 pkts/0 bytes] + 1 TCP 117.79.81.135:80 -> 192.168.115.8:50443 [proto: 7.206/HTTP.iQIYI][1 pkts/347 bytes -> 0 pkts/0 bytes] 2 TCP 192.168.115.8:50490 <-> 119.188.13.188:80 [proto: 7.206/HTTP.iQIYI][1 pkts/357 bytes <-> 1 pkts/479 bytes][Host: pdata.video.qiyi.com] 3 TCP 192.168.115.8:50497 <-> 123.125.112.49:80 [proto: 7.206/HTTP.iQIYI][1 pkts/1004 bytes <-> 2 pkts/301 bytes][Host: click.hm.baidu.com] 4 TCP 192.168.115.8:50775 <-> 123.125.111.70:80 [proto: 7.206/HTTP.iQIYI][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com] @@ -14,7 +14,7 @@ iQIYI 1490 1845116 56 7 TCP 192.168.115.8:50462 -> 202.108.14.236:80 [proto: 7/HTTP][2 pkts/108 bytes -> 0 pkts/0 bytes] 8 TCP 192.168.115.8:50474 <-> 202.108.14.221:80 [proto: 7.206/HTTP.iQIYI][1 pkts/1100 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] 9 TCP 192.168.115.8:50484 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/622 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] - 10 TCP 202.108.14.219:80 -> 192.168.115.8:50506 [proto: 7/HTTP][1 pkts/199 bytes -> 0 pkts/0 bytes] + 10 TCP 202.108.14.219:80 -> 192.168.115.8:50506 [proto: 7.206/HTTP.iQIYI][1 pkts/199 bytes -> 0 pkts/0 bytes] 11 TCP 192.168.115.8:50470 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/424 bytes <-> 1 pkts/194 bytes][Host: msg.iqiyi.com] 12 TCP 192.168.115.8:50502 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/947 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] 13 TCP 192.168.115.8:50504 -> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][1 pkts/946 bytes -> 0 pkts/0 bytes][Host: msg.71.am] @@ -46,7 +46,7 @@ iQIYI 1490 1845116 56 39 TCP 192.168.115.8:50772 <-> 123.125.111.70:80 [proto: 7.206/HTTP.iQIYI][1 pkts/399 bytes <-> 1 pkts/275 bytes][Host: nl.rcd.iqiyi.com] 40 TCP 192.168.5.15:65128 <-> 68.233.253.133:80 [proto: 7.206/HTTP.iQIYI][1 pkts/331 bytes <-> 1 pkts/390 bytes][Host: api.magicansoft.com] 41 TCP 192.168.115.8:50482 <-> 140.205.243.64:80 [proto: 7.206/HTTP.iQIYI][1 pkts/444 bytes <-> 1 pkts/283 bytes][Host: cmc.tanx.com] - 42 TCP 202.108.14.219:80 -> 192.168.115.8:50295 [proto: 7/HTTP][2 pkts/398 bytes -> 0 pkts/0 bytes] + 42 TCP 202.108.14.219:80 -> 192.168.115.8:50295 [proto: 7.206/HTTP.iQIYI][2 pkts/398 bytes -> 0 pkts/0 bytes] 43 TCP 192.168.115.8:50467 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/629 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] 44 TCP 192.168.115.8:50469 <-> 202.108.14.219:80 [proto: 7.206/HTTP.iQIYI][1 pkts/573 bytes <-> 1 pkts/199 bytes][Host: msg.71.am] 45 TCP 192.168.115.8:50471 <-> 202.108.14.236:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1898 bytes <-> 2 pkts/398 bytes][Host: msg.71.am] @@ -72,7 +72,7 @@ iQIYI 1490 1845116 56 65 UDP 192.168.5.57:59648 -> 239.255.255.250:1900 [proto: 12/SSDP][6 pkts/1050 bytes -> 0 pkts/0 bytes] 66 UDP 192.168.5.63:60976 -> 239.255.255.250:1900 [proto: 12/SSDP][1 pkts/165 bytes -> 0 pkts/0 bytes] 67 UDP 192.168.5.48:63930 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/358 bytes -> 0 pkts/0 bytes] - 68 TCP 77.234.41.35:80 <-> 192.168.115.8:49174 [proto: 7/HTTP][4 pkts/2953 bytes <-> 1 pkts/356 bytes] + 68 TCP 77.234.41.35:80 <-> 192.168.115.8:49174 [proto: 7.206/HTTP.iQIYI][4 pkts/2953 bytes <-> 1 pkts/356 bytes] 69 TCP 192.168.115.8:50486 <-> 77.234.40.96:80 [proto: 7.206/HTTP.iQIYI][11 pkts/11023 bytes <-> 12 pkts/14869 bytes][Host: bcu.ff.avast.com] 70 TCP 192.168.115.8:50463 <-> 101.227.200.11:80 [proto: 7.206/HTTP.iQIYI][2 pkts/1555 bytes <-> 1 pkts/306 bytes][Host: api.cupid.iqiyi.com] 71 TCP 192.168.115.8:50769 <-> 101.227.200.11:80 [proto: 7.206/HTTP.iQIYI][1 pkts/604 bytes <-> 1 pkts/291 bytes][Host: api.cupid.iqiyi.com] diff --git a/tests/result/wechat.pcap.out b/tests/result/wechat.pcap.out index 1f80e3df1..426f79c1e 100644 --- a/tests/result/wechat.pcap.out +++ b/tests/result/wechat.pcap.out @@ -8,9 +8,10 @@ DHCP 1 342 1 IGMP 24 1280 4 SSL 21 1209 3 ICMPV6 3 218 2 -Google 128 29925 17 +Google 113 24811 15 LLMNR 12 944 6 WeChat 1277 615827 51 +GoogleDrive 15 5114 2 1 UDP 192.168.1.103:33915 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] 2 TCP 192.168.1.103:40740 <-> 203.205.151.211:443 [proto: 91/SSL][4 pkts/216 bytes <-> 4 pkts/253 bytes] @@ -50,7 +51,7 @@ WeChat 1277 615827 51 36 TCP 192.168.1.103:58226 -> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][6 pkts/396 bytes -> 0 pkts/0 bytes] 37 UDP 192.168.1.103:59567 -> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/79 bytes -> 0 pkts/0 bytes][Host: ssl.gstatic.com.lan] 38 TCP 192.168.1.103:58143 -> 216.58.205.131:443 [proto: 91.126/SSL.Google][3 pkts/1078 bytes -> 0 pkts/0 bytes] - 39 UDP 192.168.1.103:57591 <-> 216.58.198.46:443 [proto: 188.126/QUIC.Google][6 pkts/2687 bytes <-> 7 pkts/2125 bytes][Host: docs.google.com] + 39 UDP 192.168.1.103:57591 <-> 216.58.198.46:443 [proto: 188.217/QUIC.GoogleDrive][6 pkts/2687 bytes <-> 7 pkts/2125 bytes][Host: docs.google.com] 40 UDP 192.168.1.100:57401 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: mcztmpkc] 41 TCP 192.168.1.103:34996 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] 42 TCP 192.168.1.103:35000 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] @@ -88,7 +89,7 @@ WeChat 1277 615827 51 74 TCP 192.168.1.103:54117 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][20 pkts/8397 bytes <-> 16 pkts/6566 bytes][client: web.wechat.com] 75 TCP 192.168.1.103:54119 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][26 pkts/8129 bytes <-> 24 pkts/22836 bytes][client: web.wechat.com] 76 TCP 192.168.1.103:54183 -> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/2508 bytes -> 0 pkts/0 bytes] - 77 UDP 192.168.1.103:55862 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes <-> 1 pkts/227 bytes][Host: docs.google.com] + 77 UDP 192.168.1.103:55862 <-> 192.168.1.254:53 [proto: 5.217/DNS.GoogleDrive][1 pkts/75 bytes <-> 1 pkts/227 bytes][Host: docs.google.com] 78 TCP 192.168.1.103:58037 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][5 pkts/338 bytes <-> 3 pkts/214 bytes] 79 TCP 192.168.1.103:58039 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][13 pkts/866 bytes <-> 4 pkts/280 bytes] 80 TCP 192.168.1.103:58041 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 8 pkts/3711 bytes][client: web.wechat.com] -- cgit v1.2.3 From e0366a99653debd29d57aae3ac81a0559a5434fb Mon Sep 17 00:00:00 2001 From: Campus Date: Fri, 9 Jun 2017 13:15:09 +0200 Subject: improved whatsapp and wechat detection by new ip-ranges --- src/lib/ndpi_content_match.c.inc | 21 +++++++++++++++++---- tests/result/Viber_session.pcap.out | 5 +++-- tests/result/viber_mobile.pcap.out | 6 +++--- 3 files changed, 23 insertions(+), 9 deletions(-) (limited to 'src') diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index dd0a21ae2..077a04ff0 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -74,21 +74,34 @@ static ndpi_network host_protocol_list[] = { /* WhatsApp Inc. - 169.47.35.32 - 169.47.35.63 */ + { 0x3216C6CC /* 50.22.198.204/30 */, 30, NDPI_PROTOCOL_WHATSAPP }, + { 0x4B7E2720 /* 75.126.39.32/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, + { 0x6CA8B460 /* 108.168.180.96/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, + { 0x9E553A00 /* 158.85.58.0/25 */, 25, NDPI_PROTOCOL_WHATSAPP }, + { 0x9E55FE40 /* 158.85.254.64/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, { 0xA92F2320 /* 169.47.35.32/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, + { 0xA93743E0 /* 169.55.67.224/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, + { 0xA93764A0 /* 169.55.100.160/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, + { 0xA937EBA0 /* 169.55.235.160/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, + { 0xADC0A220 /* 173.192.162.32/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, + { 0xB8AD8840 /* 184.173.136.64/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, + { 0xB93CDA35 /* 185.60.218.53/32 */, 27, NDPI_PROTOCOL_WHATSAPP }, + { 0xC60BFB20 /* 198.11.251.32/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, + { 0xD02B73C0 /* 208.43.115.192/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, + { 0xD02B7A80 /* 208.43.122.128/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, + /* WeChat - 203.205.147.171 - 203.205.147.173 - 203.205.151.162 + origin AS132203, AS132591, AS45090 */ { 0xCBCD93AB /* 203.205.147.171/32 */, 32, NDPI_PROTOCOL_WECHAT }, { 0xCBCD93AD /* 203.205.147.173/32 */, 32, NDPI_PROTOCOL_WECHAT }, { 0xCBCD97A2 /* 203.205.151.162/32 */, 32, NDPI_PROTOCOL_WECHAT }, + { 0x67071E25 /* 103.7.30.37/32 */, 32, NDPI_PROTOCOL_WECHAT }, /* OpenDNS, LLC diff --git a/tests/result/Viber_session.pcap.out b/tests/result/Viber_session.pcap.out index 11b958080..88d9589a3 100644 --- a/tests/result/Viber_session.pcap.out +++ b/tests/result/Viber_session.pcap.out @@ -2,18 +2,19 @@ Unknown 163 9995 7 HTTP 13 796 7 SSL_No_Cert 34 4141 1 ICMP 2 196 1 -SSL 80 7703 8 +SSL 75 7291 7 Facebook 29 3944 2 Dropbox 1 97 1 GMail 21 1891 1 Google 50 4084 5 +WhatsApp 5 412 1 Viber 4163 392492 4 Amazon 1 66 1 1 TCP 192.168.200.222:57999 <-> 74.125.130.188:5228 [proto: 126/Google][5 pkts/389 bytes <-> 5 pkts/368 bytes] 2 TCP 192.168.200.222:59011 <-> 74.125.130.188:5228 [proto: 126/Google][5 pkts/428 bytes <-> 4 pkts/264 bytes] 3 TCP 192.168.200.222:60828 -> 93.184.221.200:80 [proto: 7/HTTP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 4 TCP 192.168.200.222:44058 <-> 158.85.58.23:443 [proto: 91/SSL][2 pkts/157 bytes <-> 3 pkts/255 bytes] + 4 TCP 192.168.200.222:44058 <-> 158.85.58.23:443 [proto: 91.142/SSL.WhatsApp][2 pkts/157 bytes <-> 3 pkts/255 bytes] 5 TCP 222.165.163.117:443 <-> 192.168.200.222:47424 [proto: 91/SSL][3 pkts/253 bytes <-> 2 pkts/132 bytes] 6 TCP 192.168.200.222:38039 <-> 31.13.79.246:443 [proto: 91.119/SSL.Facebook][14 pkts/1058 bytes <-> 9 pkts/2287 bytes] 7 TCP 216.58.199.206:443 <-> 192.168.200.222:58663 [proto: 91.126/SSL.Google][1 pkts/66 bytes <-> 1 pkts/66 bytes] diff --git a/tests/result/viber_mobile.pcap.out b/tests/result/viber_mobile.pcap.out index e761e520c..097363152 100644 --- a/tests/result/viber_mobile.pcap.out +++ b/tests/result/viber_mobile.pcap.out @@ -4,12 +4,12 @@ HTTP 43 4771 7 BitTorrent 57 13074 27 SSL_No_Cert 36 5874 1 ICMP 3 370 2 -SSL 79 21658 7 +SSL 72 21126 6 Facebook 50 17455 3 Dropbox 2 163 1 GMail 35 14773 2 Google 76 17175 8 -WhatsApp 31 6224 2 +WhatsApp 38 6756 3 Viber 10081 1413446 4 Amazon 8 528 1 @@ -18,7 +18,7 @@ Amazon 8 528 1 3 TCP 192.168.200.222:59011 <-> 74.125.130.188:5228 [proto: 126/Google][8 pkts/3893 bytes <-> 8 pkts/1945 bytes] 4 UDP 192.168.200.222:39413 <-> 134.249.176.227:7108 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/329 bytes] 5 TCP 192.168.200.222:60828 -> 93.184.221.200:80 [proto: 7/HTTP][5 pkts/300 bytes -> 0 pkts/0 bytes] - 6 TCP 192.168.200.222:44058 <-> 158.85.58.23:443 [proto: 91/SSL][4 pkts/277 bytes <-> 3 pkts/255 bytes] + 6 TCP 192.168.200.222:44058 <-> 158.85.58.23:443 [proto: 91.142/SSL.WhatsApp][4 pkts/277 bytes <-> 3 pkts/255 bytes] 7 UDP 192.168.200.222:15836 <-> 8.8.8.8:53 [proto: 5.122/DNS.GMail][1 pkts/75 bytes <-> 1 pkts/166 bytes][Host: mail.google.com] 8 UDP 192.168.200.222:39413 <-> 84.202.23.122:22737 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/359 bytes] 9 UDP 192.168.200.222:39413 <-> 178.57.5.53:64731 [proto: 37/BitTorrent][1 pkts/146 bytes <-> 1 pkts/352 bytes] -- cgit v1.2.3 From af3086fb82e4c4622e10370ab092822e55fb6716 Mon Sep 17 00:00:00 2001 From: Campus Date: Fri, 9 Jun 2017 13:22:58 +0200 Subject: add check for whatsapp in ssl --- src/lib/protocols/ssl.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'src') diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c index 94f3ad7e3..5860abed7 100644 --- a/src/lib/protocols/ssl.c +++ b/src/lib/protocols/ssl.c @@ -595,6 +595,11 @@ void ndpi_search_ssl_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc && (packet->payload[3] <= 9))) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_UNKNOWN); return; + } else if((packet->payload_packet_len == 4) + && (packet->payload[0] == 'W') + && (packet->payload[1] == 'A')){ + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_UNKNOWN); + return; } else { /* No whatsapp, let's try SSL */ if(sslDetectProtocolFromCertificate(ndpi_struct, flow) > 0) -- cgit v1.2.3 From d9bef8fa46752bf97c0c0fe103f050ed3b0f3653 Mon Sep 17 00:00:00 2001 From: MaYuming Date: Tue, 13 Jun 2017 17:17:19 +0800 Subject: fix ms-lync detection missing, More detail at https://github.com/ntop/nDPI/issues/401 --- src/lib/protocols/stun.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) (limited to 'src') diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index caebeb066..421ed5d75 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -53,7 +53,8 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * u_int16_t msg_type, msg_len; struct stun_packet_header *h = (struct stun_packet_header*)payload; u_int8_t can_this_be_whatsapp_voice = 1; - + + if(payload_length < sizeof(struct stun_packet_header)) { if(flow->num_stun_udp_pkts > 0) { *is_whatsapp = 1; @@ -73,8 +74,6 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * if((payload[0] != 0x80) && ((msg_len+20) > payload_length)) return(NDPI_IS_NOT_STUN); - /* printf("msg_type=%04X, msg_len=%u\n", msg_type, msg_len); */ - if((payload_length == (msg_len+20)) && ((msg_type <= 0x000b) /* http://www.3cx.com/blog/voip-howto/stun-details/ */)) { u_int offset = 20; @@ -99,7 +98,6 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * case 0x8054: /* Candidate Identifier */ if((len == 4) - && (payload[offset+4] == 0x31) && (payload[offset+5] == 0x00) && (payload[offset+6] == 0x00) && (payload[offset+7] == 0x00)) { @@ -252,7 +250,6 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n if(packet->tcp) { /* STUN may be encapsulated in TCP packets */ - if(packet->payload_packet_len >= 2 + 20 && ntohs(get_u_int16_t(packet->payload, 0)) + 2 == packet->payload_packet_len) { @@ -261,9 +258,16 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n if(ndpi_int_check_stun(ndpi_struct, flow, packet->payload + 2, packet->payload_packet_len - 2, &is_whatsapp, &is_lync) == NDPI_IS_STUN) { - NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "found TCP stun.\n"); - ndpi_int_stun_add_connection(ndpi_struct, NDPI_PROTOCOL_STUN, flow); - return; + if(is_lync) { + NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "Found MS Lync\n"); + ndpi_int_stun_add_connection(ndpi_struct, NDPI_PROTOCOL_MS_LYNC, flow); + } else { + NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "found UDP stun.\n"); + ndpi_int_stun_add_connection(ndpi_struct, + is_whatsapp ? NDPI_PROTOCOL_WHATSAPP_VOICE : NDPI_PROTOCOL_STUN, flow); + } + + return; } } } @@ -293,7 +297,7 @@ void init_stun_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int ndpi_set_bitmask_protocol_detection("STUN", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_STUN, ndpi_search_stun, - NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD, + NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD, SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); -- cgit v1.2.3 From f3f83f2eee0eaf4301670c07d3b5cdfe36a09f58 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 13 Jun 2017 14:48:59 +0200 Subject: Adding AppleStore and PlayStore (work in progress) --- src/include/ndpi_protocol_ids.h | 10 +++------- src/include/ndpi_typedefs.h | 1 + src/lib/ndpi_content_match.c.inc | 13 ++++++++++--- src/lib/ndpi_main.c | 6 +++--- 4 files changed, 17 insertions(+), 13 deletions(-) (limited to 'src') diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index c32613777..f1ba9d4a3 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -255,25 +255,21 @@ #define NDPI_PROTOCOL_TEREDO 214 #define NDPI_PROTOCOL_HOTSPOT_SHIELD 215 #define NDPI_PROTOCOL_HEP 216 /* sipcapture.org QXIP BV */ - #define NDPI_PROTOCOL_GOOGLE_DRIVE 217 - #define NDPI_PROTOCOL_OCS 218 #define NDPI_PROTOCOL_OFFICE_365 219 #define NDPI_PROTOCOL_CLOUDFLARE 220 #define NDPI_PROTOCOL_MS_ONE_DRIVE 221 #define NDPI_PROTOCOL_MQTT 222 #define NDPI_PROTOCOL_RX 223 - -/* 224 is free */ -#define NDPI_PROTOCOL_FREE_224 224 - +#define NDPI_PROTOCOL_APPLESTORE 224 #define NDPI_PROTOCOL_OPENDNS 225 #define NDPI_PROTOCOL_GIT 226 #define NDPI_PROTOCOL_DRDA 227 +#define NDPI_PROTOCOL_PLAYSTORE 228 /* Google Play Store */ /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ -#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_DRDA +#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_PLAYSTORE #define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1) #define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL) diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 0bede5cb2..c10101d42 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -762,6 +762,7 @@ typedef enum { NDPI_PROTOCOL_CATEGORY_RPC, /* High level network communication protocols */ NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, /* Network administration and monitor protocols */ NDPI_PROTOCOL_CATEGORY_SYSTEM, /* System level applications */ + NDPI_PROTOCOL_CATEGORY_SW_UPDATE, /* Software update */ NDPI_PROTOCOL_NUM_CATEGORIES /* NOTE: Keep this as last member diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 077a04ff0..a1a501edf 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -7983,7 +7983,12 @@ ndpi_protocol_match host_match[] = { { ".apple.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".mzstatic.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".aaplimg.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".icloud.com", "AppleiCloud", NDPI_PROTOCOL_APPLE_ICLOUD, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "iosapps.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, /* iOS */ + { "osxapps.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, /* MacOS */ + { "swscan.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, + { "itunes-apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, { "itunes.apple.com", "AppleiTunes", NDPI_PROTOCOL_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, { ".cnn.c", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, @@ -8013,6 +8018,9 @@ ndpi_protocol_match host_match[] = { { ".docs.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_SAFE }, { "drive.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_SAFE }, + { "android.clients.google.com", "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, + { "ggpht.com", "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, + { "google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".gstatic.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, @@ -8025,7 +8033,6 @@ ndpi_protocol_match host_match[] = { { "googleusercontent.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "googleadservices.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "googleapis.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "ggpht.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "1e100.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "maps.google.", "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, @@ -8144,8 +8151,8 @@ ndpi_protocol_match host_match[] = { { "skyapi.live.net", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, { "d.docs.live.net", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - { "update.microsoft.com", "WindowsUpdate", NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, - { ".windowsupdate.com", "WindowsUpdate", NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, + { "update.microsoft.com", "WindowsUpdate", NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".windowsupdate.com", "WindowsUpdate", NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, { "worldofwarcraft.com", "WorldOfWarcraft", NDPI_PROTOCOL_WORLDOFWARCRAFT, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 9c6432de0..b721b98cd 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1622,9 +1622,6 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_a, 655, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 655, 0, 0, 0, 0) /* UDP */); -/* To be removed as soon as we define new protocols */ - ndpi_init_placeholder_proto(ndpi_mod, ports_a, ports_b, no_master, NDPI_PROTOCOL_FREE_224); - /* calling function for host and content matched protocols */ init_string_based_protocols(ndpi_mod); @@ -4493,6 +4490,9 @@ const char* ndpi_category_str(ndpi_protocol_category_t category) { case NDPI_PROTOCOL_CATEGORY_UNSPECIFIED: return("Unspecified"); break; + case NDPI_PROTOCOL_CATEGORY_SW_UPDATE: + return("SoftwareUpdate"); + break; case NDPI_PROTOCOL_NUM_CATEGORIES: return("Code should not use this internal constant"); break; -- cgit v1.2.3 From c46af1291a066d8ef2855b172444d55de4eecee2 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 13 Jun 2017 15:06:27 +0200 Subject: Improved AppleStore detection Modified string search matching to match the longest match (and not the first one) --- src/lib/ndpi_content_match.c.inc | 14 +++++++++----- src/lib/ndpi_main.c | 19 ++++++++++++------- 2 files changed, 21 insertions(+), 12 deletions(-) (limited to 'src') diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index a1a501edf..528bf84a5 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -91,7 +91,7 @@ static ndpi_network host_protocol_list[] = { { 0xC60BFB20 /* 198.11.251.32/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, { 0xD02B73C0 /* 208.43.115.192/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, { 0xD02B7A80 /* 208.43.122.128/27 */, 27, NDPI_PROTOCOL_WHATSAPP }, - + /* WeChat @@ -859,7 +859,7 @@ static ndpi_network host_protocol_list[] = { { 0xAC100010 /* 172.16.0.16/32 */, 32, NDPI_PROTOCOL_BITTORRENT }, { 0xB2A4F550 /* 178.164.245.80/32 */, 32, NDPI_PROTOCOL_BITTORRENT }, { 0xAE597B3E /* 174.89.123.62/32 */, 32, NDPI_PROTOCOL_BITTORRENT }, - + /* Tor @@ -7987,6 +7987,10 @@ ndpi_protocol_match host_match[] = { { ".icloud.com", "AppleiCloud", NDPI_PROTOCOL_APPLE_ICLOUD, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "iosapps.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, /* iOS */ { "osxapps.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, /* MacOS */ + { "buy.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, + { "su.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, + { "se.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, + { "myapp.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, { "swscan.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, { "itunes-apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, { "itunes.apple.com", "AppleiTunes", NDPI_PROTOCOL_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, @@ -8020,7 +8024,7 @@ ndpi_protocol_match host_match[] = { { "android.clients.google.com", "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, { "ggpht.com", "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, - + { "google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".gstatic.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, @@ -8096,7 +8100,7 @@ ndpi_protocol_match host_match[] = { { ".spotify.", "Spotify", NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "audio-fa.scdn.co", "Spotify", NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - + { ".pandora.com", "Pandora", NDPI_PROTOCOL_PANDORA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, @@ -8308,7 +8312,7 @@ ndpi_protocol_match content_match[] = { - www.fgd2iwya7vinfutj5wq5we.net See also DGA (Domain Generation Algorithm) - + In essence www..com|net To do things properly we should check if host name in the certificate diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index b721b98cd..52a7d7222 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1637,11 +1637,14 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp static int ac_match_handler(AC_MATCH_t *m, void *param) { int *matching_protocol_id = (int*)param; - /* Stopping to the first match. We might consider searching - * for the more specific match, paying more cpu cycles. */ + /* + Return 1 for stopping to the first match. + We might consider searching for the more + specific match, paying more cpu cycles. + */ *matching_protocol_id = m->patterns[0].rep.number; - return 1; /* 0 to continue searching, !0 to stop */ + return 0; /* 0 to continue searching, !0 to stop */ } /* ******************************************************************** */ @@ -4615,9 +4618,9 @@ char* ndpi_strnstr(const char *s, const char *find, size_t slen) { int ndpi_match_prefix(const u_int8_t *payload, size_t payload_len, const char *str, size_t str_len) { - return str_len <= payload_len - ? memcmp(payload, str, str_len) == 0 - : 0; + int rc = str_len <= payload_len ? memcmp(payload, str, str_len) == 0 : 0; + + return rc; } /* ****************************************************** */ @@ -4628,7 +4631,8 @@ int ndpi_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_stru int matching_protocol_id = NDPI_PROTOCOL_UNKNOWN; AC_TEXT_t ac_input_text; ndpi_automa *automa = is_host_match ? &ndpi_struct->host_automa : &ndpi_struct->content_automa; - + int rc; + if((automa->ac_automa == NULL) || (string_to_match_len == 0)) return(NDPI_PROTOCOL_UNKNOWN); if(!automa->ac_automa_finalized) { @@ -4638,6 +4642,7 @@ int ndpi_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_stru ac_input_text.astring = string_to_match, ac_input_text.length = string_to_match_len; ac_automata_search(((AC_AUTOMATA_t*)automa->ac_automa), &ac_input_text, (void*)&matching_protocol_id); + ac_automata_reset(((AC_AUTOMATA_t*)automa->ac_automa)); return(matching_protocol_id); -- cgit v1.2.3 From ef1a84fb39ddd8163d4824d8893145dc60ed6a56 Mon Sep 17 00:00:00 2001 From: "Yoni.Linder" Date: Wed, 10 May 2017 17:23:23 +0300 Subject: ndpi someip initial version with hardcoded port enforcing --- src/include/ndpi_protocol_ids.h | 3 + src/include/ndpi_protocols.h | 2 + src/lib/ndpi_main.c | 8 ++ src/lib/protocols/SOMEIP.c | 229 ++++++++++++++++++++++++++++++++++++++++ 4 files changed, 242 insertions(+) create mode 100644 src/lib/protocols/SOMEIP.c (limited to 'src') diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index f1ba9d4a3..cf474eefa 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -268,6 +268,9 @@ #define NDPI_PROTOCOL_DRDA 227 #define NDPI_PROTOCOL_PLAYSTORE 228 /* Google Play Store */ +#define NDPI_PROTOCOL_SOMEIP 228 + + /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ #define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_PLAYSTORE diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index f1d34f75e..2ac9485ab 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -190,6 +190,7 @@ void ndpi_search_starcraft(struct ndpi_detection_module_struct *ndpi_struct, str void ndpi_search_ubntac2(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_coap(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_mqtt (struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); +void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_rx(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_git(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_drda(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); @@ -332,6 +333,7 @@ void init_stracraft_dissector(struct ndpi_detection_module_struct *ndpi_struct, void init_ubntac2_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_coap_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_mqtt_dissector (struct ndpi_detection_module_struct *ndpi_struct,u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); +void init_someip_dissector (struct ndpi_detection_module_struct *ndpi_struct,u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_rx_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_git_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_hangout_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 52a7d7222..c18723c87 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1571,6 +1571,11 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "MQTT", NDPI_PROTOCOL_CATEGORY_RPC, ndpi_build_default_ports(ports_a, 1883, 8883, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SOMEIP, + no_master, + no_master, "SOME/IP", NDPI_PROTOCOL_CATEGORY_RPC, + ndpi_build_default_ports(ports_a, 30491, 30501, 0, 0, 0), /* TCP */ + ndpi_build_default_ports(ports_b, 30491, 30501, 30490, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RX, no_master, no_master, "RX", NDPI_PROTOCOL_CATEGORY_RPC, @@ -2691,6 +2696,9 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* MQTT */ init_mqtt_dissector(ndpi_struct, &a, detection_bitmask); + /* MQTT */ + init_someip_dissector(ndpi_struct, &a, detection_bitmask); + /* RX */ init_rx_dissector(ndpi_struct, &a, detection_bitmask); diff --git a/src/lib/protocols/SOMEIP.c b/src/lib/protocols/SOMEIP.c new file mode 100644 index 000000000..84fdfada7 --- /dev/null +++ b/src/lib/protocols/SOMEIP.c @@ -0,0 +1,229 @@ +/* + * SOMEIP.c + * + * Copyright (C) 2016 Sorin Zamfir + * + * This file is part of nDPI, an open source deep packet inspection + * library based on the OpenDPI and PACE technology by ipoque GmbH + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your omessage_typeion) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ + +#include "ndpi_protocols.h" +#ifdef NDPI_PROTOCOL_SOMEIP + +/** + * The type of control messages in mqtt version 3.1.1 + * see http://docs.oasis-open.org/mqtt/mqtt/v3.1.1 + */ +enum SOMEIP_MESSAGE_TYPES { + REQUEST = 0x00, + REQUEST_NO_RETURN = 0x01, + NOTIFICATION = 0x02, + REQUEST_ACK = 0x40, + REQUEST_NO_RETURN_ACK = 0x41, + NOTIFICATION_ACK = 0x42, + RESPONSE = 0x80, + ERROR = 0x81, + RESPONSE_ACK = 0xc0, + ERROR_ACK = 0xc1 +}; + +enum SOMEIP_RETURN_CODES { + E_OK = 0x00, + E_NOT_OK = 0x01, + E_UNKNOWN_SERVICE = 0x02, + E_UNKNOWN_METHOD = 0x03, + E_NOT_READY = 0x04, + E_NOT_REACHABLE = 0x05, + E_TIMEOUT = 0x06, + E_WRONG_PROTOCOL_VERSION = 0x07, + E_WRONG_INTERFACE_VERSION = 0x08, + E_MALFORMED_MESSAGE = 0x09, + E_WRONG_MESSAGE_TYPE = 0x0a +}; + +enum SPECIAL_MESSAGE_IDS { + MSG_MAGIC_COOKIE = 0xffff0000, + MSG_MAGIC_COOKIE_ACK = 0xffff8000, + MSG_SD = 0xffff8100 +}; + + +/** + * Entry point when protocol is identified. + */ +static void ndpi_int_someip_add_connection (struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) +{ + ndpi_set_detected_protocol(ndpi_struct,flow,NDPI_PROTOCOL_SOMEIP,NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found.\n"); +} + +/** + * Dissector function that searches SOME/IP headers + */ +void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) +{ + + //####Maybe check carrier protocols?#### + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP search called...\n"); + struct ndpi_packet_struct *packet = &flow->packet; + if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) { + return; + } + /*NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP detection...\n"); + if (flow->packet_counter > 10) { + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. mandatory header not found!\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); + return; + } + ####This block drops flows with over 10 packets. Why? Probably just an auto-drop in case nothing else catches it. Necessary for SOME/IP? Good question.#### + */ + + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "====>>>> SOME/IP Service ID: %02x%02x%02x%02x [len: %u]\n", + packet->payload[3], packet->payload[2], packet->payload[1], packet->payload[0], packet->payload_packet_len); + //####I switched the endianity on these since the Message ID is 32 bit. Might be a wrong move?#### + if (packet->payload_packet_len < 16) { + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. mandatory header not found (not enough data for all fields)\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); + return; + } + /*if (packet->payload_packet_len > 258) { + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. maximum packet size exceeded!\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); + return; + } + ####Maximum packet size in SOMEIP depends on the carrier protocol, and I'm not certain how well enforced it is, so let's leave that for round 2#### + */ + + + + // we extract the remaining length + u_int32_t someip_len = (u_int32_t) (packet->payload[4]+(packet->payload[5]<<8)+(packet->payload[6]<<16)+(packet->payload[7]<<24)); + if (packet->payload_packet_len != (someip_len + 8)) { + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. Length field invalid!\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); + return; + } + + + // check protocol version. ####CHECK IF ENDIANITY IS CORRECT#### + u_int8_t protocol_version = (u_int8_t) (packet->payload[15]); + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP protocol version: [%d]\n",protocol_version); + if (protocol_version != 0x01){ + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. invalid protocol version!\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); + return; + } + + //####Read Interface Version, for later use. CHECK IF ENDIANITY IS CORRECT#### + u_int8_t interface_version = (packet->payload[14]); + + + // we extract the message type. ####CHECK IF ENDIANITY IS CORRECT#### + u_int8_t message_type = (u_int8_t) (packet->payload[13]); + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP message type: [%d]\n",message_type); + if ((message_type != 0x00) && (message_type != 0x01) && (message_type != 0x02) && (message_type != 0x40) && (message_type != 0x41) && + (message_type != 0x42) && (message_type != 0x80) && (message_type != 0x81) && (message_type != 0xc0) && (message_type != 0xc1)) { + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. invalid message type!\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); + return; + } + + // we extract the return code. ####CHECK IF ENDIANITY IS CORRECT#### + u_int8_t return_code = (u_int8_t) (packet->payload[12]); + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP return code: [%d]\n",return_code); + if ((return_code > 0x3f)) { + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. invalid return code!\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); + return; + } + + //we extract the Message ID and Request ID and check for special cases + u_int32_t message_id = (u_int32_t) (packet->payload[0]+(packet->payload[1]<<8)+(packet->payload[2]<<16)+(packet->payload[3]<<24)); + u_int32_t request_id = (u_int32_t) (packet->payload[8]+(packet->payload[9]<<8)+(packet->payload[10]<<16)+(packet->payload[11]<<24)); + + if (message_id == MSG_MAGIC_COOKIE){ + if (someip_len == 0x08) && (request_id == 0xDEADBEEF) && (interface_version == 0x01) && + (message_type == 0x01) && (return_code == 0x00){ + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found Magic Cookie\n",message_type); + ndpi_int_someip_add_connection(ndpi_struct,flow); + return; + } + else{ + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP, invalid header for Magic Cookie\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); + return; + } + } + + if (message_id == MSG_MAGIC_COOKIE_ACK){ + if (someip_len == 0x08) && (request_id == 0xDEADBEEF) && (interface_version == 0x01) && + (message_type == 0x02) && (return_code == 0x00){ + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found Magic Cookie ACK\n",message_type); + ndpi_int_someip_add_connection(ndpi_struct,flow); + return; + } + else{ + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP, invalid header for Magic Cookie ACK\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); + return; + } + } + + if (message_id == MSG_SD){ + //####Service Discovery message. Fill in later!#### + } + + //Filtering by port as per request. This is PURELY for demo purposes and the rest of the check must be filled in later on! + if (packet->l4_protocol == IPPROTO_UDP){ + if ((packet->udp->dest == 30491) || (packet->udp->dest == 30501) || (packet->udp->dest == 30490)) { + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found\n",message_type); + ndpi_int_someip_add_connection(ndpi_struct,flow); + } + } + if (packet->l4_protocol == IPPROTO_TCP){ + if ((packet->tcp->dest == 30491) || (packet->tcp->dest == 30501)) { + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found\n",message_type); + ndpi_int_someip_add_connection(ndpi_struct,flow); + } + } + + + + + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Reached the end without confirming SOME/IP ...\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); + return; +} +/** + * Entry point for the ndpi library + */ +void init_someip_dissector (struct ndpi_detection_module_struct *ndpi_struct, + u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +{ + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP dissector init...\n"); + ndpi_set_bitmask_protocol_detection ("MQTT", ndpi_struct, detection_bitmask, *id, + NDPI_PROTOCOL_SOMEIP, + ndpi_search_someip, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); + *id +=1; +} + +#endif // NDPI_PROTOCOL_SOMEIP + -- cgit v1.2.3 From 87b49c524993bf17de1a207b4473d439c4071b24 Mon Sep 17 00:00:00 2001 From: alexei-argus Date: Wed, 10 May 2017 18:05:27 +0300 Subject: Fix build errors --- src/lib/Makefile.am | 1 + src/lib/protocols/SOMEIP.c | 8 ++++---- 2 files changed, 5 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index 375e9ce48..3bf808f44 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -158,6 +158,7 @@ libndpi_la_SOURCES = ndpi_content_match.c.inc \ protocols/zeromq.c \ protocols/smpp.c \ protocols/tinc.c \ + protocols/someip.c \ third_party/include/actypes.h \ third_party/include/ahocorasick.h \ third_party/include/ndpi_patricia.h \ diff --git a/src/lib/protocols/SOMEIP.c b/src/lib/protocols/SOMEIP.c index 84fdfada7..54c2d568f 100644 --- a/src/lib/protocols/SOMEIP.c +++ b/src/lib/protocols/SOMEIP.c @@ -158,8 +158,8 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, u_int32_t request_id = (u_int32_t) (packet->payload[8]+(packet->payload[9]<<8)+(packet->payload[10]<<16)+(packet->payload[11]<<24)); if (message_id == MSG_MAGIC_COOKIE){ - if (someip_len == 0x08) && (request_id == 0xDEADBEEF) && (interface_version == 0x01) && - (message_type == 0x01) && (return_code == 0x00){ + if ((someip_len == 0x08) && (request_id == 0xDEADBEEF) && (interface_version == 0x01) && + (message_type == 0x01) && (return_code == 0x00)){ NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found Magic Cookie\n",message_type); ndpi_int_someip_add_connection(ndpi_struct,flow); return; @@ -172,8 +172,8 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, } if (message_id == MSG_MAGIC_COOKIE_ACK){ - if (someip_len == 0x08) && (request_id == 0xDEADBEEF) && (interface_version == 0x01) && - (message_type == 0x02) && (return_code == 0x00){ + if ((someip_len == 0x08) && (request_id == 0xDEADBEEF) && (interface_version == 0x01) && + (message_type == 0x02) && (return_code == 0x00)){ NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found Magic Cookie ACK\n",message_type); ndpi_int_someip_add_connection(ndpi_struct,flow); return; -- cgit v1.2.3 From bc7f0b368670f8c067c04c43a3fa9c6c81af77d4 Mon Sep 17 00:00:00 2001 From: "Yoni.Linder" Date: Mon, 15 May 2017 10:18:46 +0300 Subject: endianity for ports --- src/lib/protocols/SOMEIP.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/lib/protocols/SOMEIP.c b/src/lib/protocols/SOMEIP.c index 54c2d568f..62abc1cd0 100644 --- a/src/lib/protocols/SOMEIP.c +++ b/src/lib/protocols/SOMEIP.c @@ -191,13 +191,13 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, //Filtering by port as per request. This is PURELY for demo purposes and the rest of the check must be filled in later on! if (packet->l4_protocol == IPPROTO_UDP){ - if ((packet->udp->dest == 30491) || (packet->udp->dest == 30501) || (packet->udp->dest == 30490)) { + if ((packet->udp->dest == ntohs(30491)) || (packet->udp->dest == ntohs(30501)) || (packet->udp->dest == ntohs(30490))) { NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found\n",message_type); ndpi_int_someip_add_connection(ndpi_struct,flow); } } if (packet->l4_protocol == IPPROTO_TCP){ - if ((packet->tcp->dest == 30491) || (packet->tcp->dest == 30501)) { + if ((packet->tcp->dest == ntohs(30491)) || (packet->tcp->dest == ntohs(30501))) { NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found\n",message_type); ndpi_int_someip_add_connection(ndpi_struct,flow); } @@ -217,7 +217,7 @@ void init_someip_dissector (struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP dissector init...\n"); - ndpi_set_bitmask_protocol_detection ("MQTT", ndpi_struct, detection_bitmask, *id, + ndpi_set_bitmask_protocol_detection ("SOME/IP", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_SOMEIP, ndpi_search_someip, NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD, -- cgit v1.2.3 From 62a65aa4ccea8896890aa11ef5f8f24159d92e3d Mon Sep 17 00:00:00 2001 From: alexei-argus Date: Thu, 18 May 2017 10:40:15 +0300 Subject: Fix case-sensitivity issue --- src/lib/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index 3bf808f44..3af5881b7 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -158,7 +158,7 @@ libndpi_la_SOURCES = ndpi_content_match.c.inc \ protocols/zeromq.c \ protocols/smpp.c \ protocols/tinc.c \ - protocols/someip.c \ + protocols/SOMEIP.c \ third_party/include/actypes.h \ third_party/include/ahocorasick.h \ third_party/include/ndpi_patricia.h \ -- cgit v1.2.3 From 968085c965b1ef74b3a061178d53a62457f66697 Mon Sep 17 00:00:00 2001 From: "Yoni.Linder" Date: Thu, 18 May 2017 15:38:29 +0300 Subject: last updated protocol updated to SOMEIP(228) --- src/include/ndpi_protocol_ids.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index cf474eefa..1e088ceaa 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -268,11 +268,11 @@ #define NDPI_PROTOCOL_DRDA 227 #define NDPI_PROTOCOL_PLAYSTORE 228 /* Google Play Store */ -#define NDPI_PROTOCOL_SOMEIP 228 +#define NDPI_PROTOCOL_SOMEIP 229 /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ -#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_PLAYSTORE +#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_SOMEIP #define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1) #define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL) -- cgit v1.2.3 From ae959f2d78feec6f66d29add46789078199acb93 Mon Sep 17 00:00:00 2001 From: "Yoni.Linder" Date: Fri, 19 May 2017 10:57:27 +0300 Subject: SOMEIP debug + bug fixes --- example/ndpiReader.c | 1 + src/lib/protocols/SOMEIP.c | 52 +++++++++++++++++++++++++++++----------------- 2 files changed, 34 insertions(+), 19 deletions(-) (limited to 'src') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 6d5f5d5ee..ecb023d96 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1114,6 +1114,7 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle) { // enable all protocols NDPI_BITMASK_SET_ALL(all); + printf("Setting up detection..."); ndpi_set_protocol_detection_bitmask2(ndpi_thread_info[thread_id].workflow->ndpi_struct, &all); // clear memory for results diff --git a/src/lib/protocols/SOMEIP.c b/src/lib/protocols/SOMEIP.c index 62abc1cd0..7637cf768 100644 --- a/src/lib/protocols/SOMEIP.c +++ b/src/lib/protocols/SOMEIP.c @@ -80,6 +80,9 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, { //####Maybe check carrier protocols?#### + + printf("trying to SOMEIP 1..."); + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP search called...\n"); struct ndpi_packet_struct *packet = &flow->packet; if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) { @@ -94,9 +97,15 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, ####This block drops flows with over 10 packets. Why? Probably just an auto-drop in case nothing else catches it. Necessary for SOME/IP? Good question.#### */ - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "====>>>> SOME/IP Service ID: %02x%02x%02x%02x [len: %u]\n", - packet->payload[3], packet->payload[2], packet->payload[1], packet->payload[0], packet->payload_packet_len); - //####I switched the endianity on these since the Message ID is 32 bit. Might be a wrong move?#### + //we extract the Message ID and Request ID and check for special cases later + u_int32_t message_id = (u_int32_t) ((packet->payload[0]<<24)+(packet->payload[1]<<16)+(packet->payload[2]<<8)+packet->payload[3]); + u_int32_t request_id = (u_int32_t) ((packet->payload[8]<<24)+(packet->payload[9]<<16)+(packet->payload[10]<<8)+packet->payload[11]); + + + printf("trying to SOMEIP 2..."); + + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "====>>>> SOME/IP Message ID: %08x [len: %u]\n", + message_id, packet->payload_packet_len); if (packet->payload_packet_len < 16) { NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. mandatory header not found (not enough data for all fields)\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); @@ -111,18 +120,19 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, */ - + printf("trying to SOMEIP 3..."); + // we extract the remaining length - u_int32_t someip_len = (u_int32_t) (packet->payload[4]+(packet->payload[5]<<8)+(packet->payload[6]<<16)+(packet->payload[7]<<24)); + u_int32_t someip_len = (u_int32_t) ((packet->payload[4]<<24) + (packet->payload[5]<<16) + (packet->payload[6]<<8) +packet->payload[7]); if (packet->payload_packet_len != (someip_len + 8)) { NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. Length field invalid!\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); return; } + printf("trying to SOMEIP 4..."); - // check protocol version. ####CHECK IF ENDIANITY IS CORRECT#### - u_int8_t protocol_version = (u_int8_t) (packet->payload[15]); + u_int8_t protocol_version = (u_int8_t) (packet->payload[12]); NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP protocol version: [%d]\n",protocol_version); if (protocol_version != 0x01){ NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. invalid protocol version!\n"); @@ -130,12 +140,11 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, return; } - //####Read Interface Version, for later use. CHECK IF ENDIANITY IS CORRECT#### - u_int8_t interface_version = (packet->payload[14]); - + u_int8_t interface_version = (packet->payload[13]); + + printf("trying to SOMEIP 5..."); - // we extract the message type. ####CHECK IF ENDIANITY IS CORRECT#### - u_int8_t message_type = (u_int8_t) (packet->payload[13]); + u_int8_t message_type = (u_int8_t) (packet->payload[14]); NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP message type: [%d]\n",message_type); if ((message_type != 0x00) && (message_type != 0x01) && (message_type != 0x02) && (message_type != 0x40) && (message_type != 0x41) && (message_type != 0x42) && (message_type != 0x80) && (message_type != 0x81) && (message_type != 0xc0) && (message_type != 0xc1)) { @@ -144,18 +153,17 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, return; } - // we extract the return code. ####CHECK IF ENDIANITY IS CORRECT#### - u_int8_t return_code = (u_int8_t) (packet->payload[12]); + printf("trying to SOMEIP 6..."); + + u_int8_t return_code = (u_int8_t) (packet->payload[15]); NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP return code: [%d]\n",return_code); if ((return_code > 0x3f)) { NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. invalid return code!\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); return; } - - //we extract the Message ID and Request ID and check for special cases - u_int32_t message_id = (u_int32_t) (packet->payload[0]+(packet->payload[1]<<8)+(packet->payload[2]<<16)+(packet->payload[3]<<24)); - u_int32_t request_id = (u_int32_t) (packet->payload[8]+(packet->payload[9]<<8)+(packet->payload[10]<<16)+(packet->payload[11]<<24)); + + printf("trying to SOMEIP 7..."); if (message_id == MSG_MAGIC_COOKIE){ if ((someip_len == 0x08) && (request_id == 0xDEADBEEF) && (interface_version == 0x01) && @@ -170,6 +178,8 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, return; } } + + printf("trying to SOMEIP 8..."); if (message_id == MSG_MAGIC_COOKIE_ACK){ if ((someip_len == 0x08) && (request_id == 0xDEADBEEF) && (interface_version == 0x01) && @@ -185,6 +195,8 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, } } + printf("trying to SOMEIP 9..."); + if (message_id == MSG_SD){ //####Service Discovery message. Fill in later!#### } @@ -194,16 +206,18 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, if ((packet->udp->dest == ntohs(30491)) || (packet->udp->dest == ntohs(30501)) || (packet->udp->dest == ntohs(30490))) { NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found\n",message_type); ndpi_int_someip_add_connection(ndpi_struct,flow); + return; } } if (packet->l4_protocol == IPPROTO_TCP){ if ((packet->tcp->dest == ntohs(30491)) || (packet->tcp->dest == ntohs(30501))) { NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found\n",message_type); ndpi_int_someip_add_connection(ndpi_struct,flow); + return; } } - + printf("trying to SOMEIP 10..."); NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Reached the end without confirming SOME/IP ...\n"); -- cgit v1.2.3 From 7d39ba212471cbbfe5bb695dd43bbf4927239817 Mon Sep 17 00:00:00 2001 From: "Yoni.Linder" Date: Fri, 19 May 2017 11:42:57 +0300 Subject: removed debug prints, changed line of documentation --- example/ndpiReader.c | 1 - src/lib/ndpi_main.c | 2 +- src/lib/protocols/SOMEIP.c | 23 ----------------------- 3 files changed, 1 insertion(+), 25 deletions(-) (limited to 'src') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index ecb023d96..6d5f5d5ee 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1114,7 +1114,6 @@ static void setupDetection(u_int16_t thread_id, pcap_t * pcap_handle) { // enable all protocols NDPI_BITMASK_SET_ALL(all); - printf("Setting up detection..."); ndpi_set_protocol_detection_bitmask2(ndpi_thread_info[thread_id].workflow->ndpi_struct, &all); // clear memory for results diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index c18723c87..8ff3855af 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -2696,7 +2696,7 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* MQTT */ init_mqtt_dissector(ndpi_struct, &a, detection_bitmask); - /* MQTT */ + /* SOME/IP */ init_someip_dissector(ndpi_struct, &a, detection_bitmask); /* RX */ diff --git a/src/lib/protocols/SOMEIP.c b/src/lib/protocols/SOMEIP.c index 7637cf768..e857371f9 100644 --- a/src/lib/protocols/SOMEIP.c +++ b/src/lib/protocols/SOMEIP.c @@ -81,8 +81,6 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, //####Maybe check carrier protocols?#### - printf("trying to SOMEIP 1..."); - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP search called...\n"); struct ndpi_packet_struct *packet = &flow->packet; if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) { @@ -101,9 +99,6 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, u_int32_t message_id = (u_int32_t) ((packet->payload[0]<<24)+(packet->payload[1]<<16)+(packet->payload[2]<<8)+packet->payload[3]); u_int32_t request_id = (u_int32_t) ((packet->payload[8]<<24)+(packet->payload[9]<<16)+(packet->payload[10]<<8)+packet->payload[11]); - - printf("trying to SOMEIP 2..."); - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "====>>>> SOME/IP Message ID: %08x [len: %u]\n", message_id, packet->payload_packet_len); if (packet->payload_packet_len < 16) { @@ -119,9 +114,6 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, ####Maximum packet size in SOMEIP depends on the carrier protocol, and I'm not certain how well enforced it is, so let's leave that for round 2#### */ - - printf("trying to SOMEIP 3..."); - // we extract the remaining length u_int32_t someip_len = (u_int32_t) ((packet->payload[4]<<24) + (packet->payload[5]<<16) + (packet->payload[6]<<8) +packet->payload[7]); if (packet->payload_packet_len != (someip_len + 8)) { @@ -130,8 +122,6 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, return; } - printf("trying to SOMEIP 4..."); - u_int8_t protocol_version = (u_int8_t) (packet->payload[12]); NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP protocol version: [%d]\n",protocol_version); if (protocol_version != 0x01){ @@ -142,8 +132,6 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, u_int8_t interface_version = (packet->payload[13]); - printf("trying to SOMEIP 5..."); - u_int8_t message_type = (u_int8_t) (packet->payload[14]); NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP message type: [%d]\n",message_type); if ((message_type != 0x00) && (message_type != 0x01) && (message_type != 0x02) && (message_type != 0x40) && (message_type != 0x41) && @@ -153,8 +141,6 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, return; } - printf("trying to SOMEIP 6..."); - u_int8_t return_code = (u_int8_t) (packet->payload[15]); NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP return code: [%d]\n",return_code); if ((return_code > 0x3f)) { @@ -162,8 +148,6 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); return; } - - printf("trying to SOMEIP 7..."); if (message_id == MSG_MAGIC_COOKIE){ if ((someip_len == 0x08) && (request_id == 0xDEADBEEF) && (interface_version == 0x01) && @@ -178,8 +162,6 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, return; } } - - printf("trying to SOMEIP 8..."); if (message_id == MSG_MAGIC_COOKIE_ACK){ if ((someip_len == 0x08) && (request_id == 0xDEADBEEF) && (interface_version == 0x01) && @@ -195,8 +177,6 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, } } - printf("trying to SOMEIP 9..."); - if (message_id == MSG_SD){ //####Service Discovery message. Fill in later!#### } @@ -217,9 +197,6 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, } } - printf("trying to SOMEIP 10..."); - - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Reached the end without confirming SOME/IP ...\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); return; -- cgit v1.2.3 From 6029510ee7623ec55a28d0505db4b5b3ad4ec931 Mon Sep 17 00:00:00 2001 From: alexei-argus Date: Fri, 19 May 2017 13:36:39 +0300 Subject: Add CR comments --- src/lib/protocols/SOMEIP.c | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) (limited to 'src') diff --git a/src/lib/protocols/SOMEIP.c b/src/lib/protocols/SOMEIP.c index e857371f9..9c12343e8 100644 --- a/src/lib/protocols/SOMEIP.c +++ b/src/lib/protocols/SOMEIP.c @@ -24,6 +24,7 @@ #include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_SOMEIP +// CR: these MQTT references are no longer relevant, rigth? /** * The type of control messages in mqtt version 3.1.1 * see http://docs.oasis-open.org/mqtt/mqtt/v3.1.1 @@ -82,10 +83,13 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, //####Maybe check carrier protocols?#### NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP search called...\n"); + // CR: can packet be const? struct ndpi_packet_struct *packet = &flow->packet; if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) { return; } + // CR: let's reach a decision in this issue. + /*NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP detection...\n"); if (flow->packet_counter > 10) { NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. mandatory header not found!\n"); @@ -115,6 +119,7 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, */ // we extract the remaining length + // CR: cast the payload to unsigned int, then use ntohl u_int32_t someip_len = (u_int32_t) ((packet->payload[4]<<24) + (packet->payload[5]<<16) + (packet->payload[6]<<8) +packet->payload[7]); if (packet->payload_packet_len != (someip_len + 8)) { NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. Length field invalid!\n"); @@ -124,6 +129,7 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, u_int8_t protocol_version = (u_int8_t) (packet->payload[12]); NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP protocol version: [%d]\n",protocol_version); + // CR: don't use magic numbers, convert this to a constant instead if (protocol_version != 0x01){ NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. invalid protocol version!\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); @@ -134,6 +140,8 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, u_int8_t message_type = (u_int8_t) (packet->payload[14]); NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP message type: [%d]\n",message_type); + + // CR: don't use magic numbers, convert these to constants instead if ((message_type != 0x00) && (message_type != 0x01) && (message_type != 0x02) && (message_type != 0x40) && (message_type != 0x41) && (message_type != 0x42) && (message_type != 0x80) && (message_type != 0x81) && (message_type != 0xc0) && (message_type != 0xc1)) { NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. invalid message type!\n"); @@ -142,7 +150,8 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, } u_int8_t return_code = (u_int8_t) (packet->payload[15]); - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP return code: [%d]\n",return_code); + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP return code: [%d]\n", return_code); + // CR: don't use magic numbers, convert this to a constant instead if ((return_code > 0x3f)) { NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. invalid return code!\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); @@ -150,10 +159,11 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, } if (message_id == MSG_MAGIC_COOKIE){ + // CR: don't use magic numbers, convert these to constants instead if ((someip_len == 0x08) && (request_id == 0xDEADBEEF) && (interface_version == 0x01) && (message_type == 0x01) && (return_code == 0x00)){ NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found Magic Cookie\n",message_type); - ndpi_int_someip_add_connection(ndpi_struct,flow); + ndpi_int_someip_add_connection(ndpi_struct, flow); return; } else{ @@ -164,10 +174,11 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, } if (message_id == MSG_MAGIC_COOKIE_ACK){ + // CR: don't use magic numbers, convert these to constants instead if ((someip_len == 0x08) && (request_id == 0xDEADBEEF) && (interface_version == 0x01) && (message_type == 0x02) && (return_code == 0x00)){ NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found Magic Cookie ACK\n",message_type); - ndpi_int_someip_add_connection(ndpi_struct,flow); + ndpi_int_someip_add_connection(ndpi_struct, flow); return; } else{ @@ -178,21 +189,26 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, } if (message_id == MSG_SD){ + // CR: let's talk about this (i.e. what should be here right now? what documentation should we leave behind?) //####Service Discovery message. Fill in later!#### } + // CR: while this is for demo purposes, the port numbers are as specified in the SOME/IP document, so we should change the + // comment to reflect this. + // Also, don't use magic numbers, use constants. + //Filtering by port as per request. This is PURELY for demo purposes and the rest of the check must be filled in later on! if (packet->l4_protocol == IPPROTO_UDP){ if ((packet->udp->dest == ntohs(30491)) || (packet->udp->dest == ntohs(30501)) || (packet->udp->dest == ntohs(30490))) { NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found\n",message_type); - ndpi_int_someip_add_connection(ndpi_struct,flow); + ndpi_int_someip_add_connection(ndpi_struct, flow); return; } } if (packet->l4_protocol == IPPROTO_TCP){ if ((packet->tcp->dest == ntohs(30491)) || (packet->tcp->dest == ntohs(30501))) { NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found\n",message_type); - ndpi_int_someip_add_connection(ndpi_struct,flow); + ndpi_int_someip_add_connection(ndpi_struct, flow); return; } } -- cgit v1.2.3 From 0aa5ebde5d0a03dbc4c941f129efb42a8c010457 Mon Sep 17 00:00:00 2001 From: "Yoni.Linder" Date: Fri, 19 May 2017 14:16:21 +0300 Subject: CR comments and fixes --- src/lib/protocols/SOMEIP.c | 79 +++++++++++++++++++++++++++------------------- 1 file changed, 47 insertions(+), 32 deletions(-) (limited to 'src') diff --git a/src/lib/protocols/SOMEIP.c b/src/lib/protocols/SOMEIP.c index 9c12343e8..a0d347417 100644 --- a/src/lib/protocols/SOMEIP.c +++ b/src/lib/protocols/SOMEIP.c @@ -24,11 +24,7 @@ #include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_SOMEIP -// CR: these MQTT references are no longer relevant, rigth? -/** - * The type of control messages in mqtt version 3.1.1 - * see http://docs.oasis-open.org/mqtt/mqtt/v3.1.1 - */ +// CR: these MQTT references are no longer relevant, rigth? ANS: true. enum SOMEIP_MESSAGE_TYPES { REQUEST = 0x00, REQUEST_NO_RETURN = 0x01, @@ -53,7 +49,8 @@ enum SOMEIP_RETURN_CODES { E_WRONG_PROTOCOL_VERSION = 0x07, E_WRONG_INTERFACE_VERSION = 0x08, E_MALFORMED_MESSAGE = 0x09, - E_WRONG_MESSAGE_TYPE = 0x0a + E_WRONG_MESSAGE_TYPE = 0x0a, + E_RETURN_CODE_LEGAL_THRESHOLD = 0x40 //return codes from 0x40 (inclusive) and upwards are illegal. }; enum SPECIAL_MESSAGE_IDS { @@ -62,6 +59,21 @@ enum SPECIAL_MESSAGE_IDS { MSG_SD = 0xffff8100 }; +enum PROTOCOL_VERSION{ + LEGAL_PROTOCOL_VERSION = 0x01 +}; + +enum MAGIC_COOKIE_CONSTANTS{ + MC_REQUEST_ID = 0xDEADBEEF, + MC_LENGTH = 0x08, + MC_INTERFACE_VERSION = 0x01 +}; + +enum DEFAULT_PROTOCOL_PORTS{ + PORT_DEFAULT_CLIENT = 30491, + PORT_DEFAULT_SERVER = 30501, + PORT_DEFAULT_SD = 30490 +}; /** * Entry point when protocol is identified. @@ -83,12 +95,12 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, //####Maybe check carrier protocols?#### NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP search called...\n"); - // CR: can packet be const? - struct ndpi_packet_struct *packet = &flow->packet; + // CR: can packet be const? ANS: Probably yeah, needs testing but I changed it. + struct const ndpi_packet_struct *packet = &flow->packet; if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) { return; } - // CR: let's reach a decision in this issue. + // CR: let's reach a decision in this issue. ANS: I think it's unnecessary and would get dropped on length checks or whatever, so we can remove this. /*NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP detection...\n"); if (flow->packet_counter > 10) { @@ -100,8 +112,8 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, */ //we extract the Message ID and Request ID and check for special cases later - u_int32_t message_id = (u_int32_t) ((packet->payload[0]<<24)+(packet->payload[1]<<16)+(packet->payload[2]<<8)+packet->payload[3]); - u_int32_t request_id = (u_int32_t) ((packet->payload[8]<<24)+(packet->payload[9]<<16)+(packet->payload[10]<<8)+packet->payload[11]); + u_int32_t message_id = ntohl(*((u_int32_t *)packet->payload[0])); + u_int32_t request_id = ntohl(*((u_int32_t *)packet->payload[8])); NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "====>>>> SOME/IP Message ID: %08x [len: %u]\n", message_id, packet->payload_packet_len); @@ -119,8 +131,8 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, */ // we extract the remaining length - // CR: cast the payload to unsigned int, then use ntohl - u_int32_t someip_len = (u_int32_t) ((packet->payload[4]<<24) + (packet->payload[5]<<16) + (packet->payload[6]<<8) +packet->payload[7]); + // CR: cast the payload to unsigned int, then use ntohl ANS: done + u_int32_t someip_len = ntohl(*((u_int32_t *)packet->payload[4])); if (packet->payload_packet_len != (someip_len + 8)) { NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. Length field invalid!\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); @@ -129,8 +141,8 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, u_int8_t protocol_version = (u_int8_t) (packet->payload[12]); NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP protocol version: [%d]\n",protocol_version); - // CR: don't use magic numbers, convert this to a constant instead - if (protocol_version != 0x01){ + // CR: don't use magic numbers, convert this to a constant instead ANS: done + if (protocol_version != LEGAL_PROTOCOL_VERSION){ NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. invalid protocol version!\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); return; @@ -141,9 +153,10 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, u_int8_t message_type = (u_int8_t) (packet->payload[14]); NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP message type: [%d]\n",message_type); - // CR: don't use magic numbers, convert these to constants instead - if ((message_type != 0x00) && (message_type != 0x01) && (message_type != 0x02) && (message_type != 0x40) && (message_type != 0x41) && - (message_type != 0x42) && (message_type != 0x80) && (message_type != 0x81) && (message_type != 0xc0) && (message_type != 0xc1)) { + // CR: don't use magic numbers, convert these to constants instead ANS: done + if ((message_type != REQUEST) && (message_type != REQUEST_NO_RETURN) && (message_type != NOTIFICATION) && (message_type != REQUEST_ACK) && + (message_type != REQUEST_NO_RETURN_ACK) && (message_type != NOTIFICATION_ACK) && (message_type != RESPONSE) && + (message_type != ERROR) && (message_type != RESPONSE_ACK) && (message_type != ERROR_ACK)) { NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. invalid message type!\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); return; @@ -151,17 +164,17 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, u_int8_t return_code = (u_int8_t) (packet->payload[15]); NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP return code: [%d]\n", return_code); - // CR: don't use magic numbers, convert this to a constant instead - if ((return_code > 0x3f)) { + // CR: don't use magic numbers, convert this to a constant instead ANS: done + if ((return_code >= E_RETURN_CODE_LEGAL_THRESHOLD)) { NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. invalid return code!\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); return; } if (message_id == MSG_MAGIC_COOKIE){ - // CR: don't use magic numbers, convert these to constants instead - if ((someip_len == 0x08) && (request_id == 0xDEADBEEF) && (interface_version == 0x01) && - (message_type == 0x01) && (return_code == 0x00)){ + // CR: don't use magic numbers, convert these to constants instead ANS:done + if ((someip_len == MC_LENGTH) && (request_id == MC_REQUEST_ID) && (interface_version == MC_INTERFACE_VERSION) && + (message_type == REQUEST_NO_RETURN\) && (return_code == E_OK)){ NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found Magic Cookie\n",message_type); ndpi_int_someip_add_connection(ndpi_struct, flow); return; @@ -174,9 +187,9 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, } if (message_id == MSG_MAGIC_COOKIE_ACK){ - // CR: don't use magic numbers, convert these to constants instead - if ((someip_len == 0x08) && (request_id == 0xDEADBEEF) && (interface_version == 0x01) && - (message_type == 0x02) && (return_code == 0x00)){ + // CR: don't use magic numbers, convert these to constants instead ANS: done + if ((someip_len == MC_LENGTH) && (request_id == MC_REQUEST_ID) && (interface_version == MC_INTERFACE_VERSION\) && + (message_type == REQUEST_NO_RETURN) && (return_code == E_OK)){ NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found Magic Cookie ACK\n",message_type); ndpi_int_someip_add_connection(ndpi_struct, flow); return; @@ -189,24 +202,26 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, } if (message_id == MSG_SD){ - // CR: let's talk about this (i.e. what should be here right now? what documentation should we leave behind?) + // CR: let's talk about this (i.e. what should be here right now? what documentation should we leave behind?) ANS: a TON of stuff. SD is basically another protocol built ontop SOMEIP. at the very least I expect it to be as long as everything else we've done already. //####Service Discovery message. Fill in later!#### } // CR: while this is for demo purposes, the port numbers are as specified in the SOME/IP document, so we should change the - // comment to reflect this. - // Also, don't use magic numbers, use constants. + // comment to reflect this. ANS: done + // Also, don't use magic numbers, use constants. ANS: done - //Filtering by port as per request. This is PURELY for demo purposes and the rest of the check must be filled in later on! + //Filtering by port. + //This check is NOT a 100% thing - these ports are mentioned in the documentation but the documentation also states they haven't been approved by IANA yet, and that the user is free to use different ports. + //This is is PURELY for demo purposes and the rest of the check must be filled in later on! if (packet->l4_protocol == IPPROTO_UDP){ - if ((packet->udp->dest == ntohs(30491)) || (packet->udp->dest == ntohs(30501)) || (packet->udp->dest == ntohs(30490))) { + if ((packet->udp->dest == ntohs(PORT_DEFAULT_CLIENT)) || (packet->udp->dest == ntohs(PORT_DEFAULT_SERVER)) || (packet->udp->dest == ntohs(PORT_DEFAULT_SD))) { NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found\n",message_type); ndpi_int_someip_add_connection(ndpi_struct, flow); return; } } if (packet->l4_protocol == IPPROTO_TCP){ - if ((packet->tcp->dest == ntohs(30491)) || (packet->tcp->dest == ntohs(30501))) { + if ((packet->tcp->dest == ntohs(PORT_DEFAULT_CLIENT)) || (packet->tcp->dest == ntohs(PORT_DEFAULT_SERVER))) { NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found\n",message_type); ndpi_int_someip_add_connection(ndpi_struct, flow); return; -- cgit v1.2.3 From 8ec286743361a0e7944c24c90f600a2b842df661 Mon Sep 17 00:00:00 2001 From: alexei-argus Date: Fri, 19 May 2017 14:33:05 +0300 Subject: CR fixes --- src/lib/protocols/SOMEIP.c | 40 ++++++---------------------------------- 1 file changed, 6 insertions(+), 34 deletions(-) (limited to 'src') diff --git a/src/lib/protocols/SOMEIP.c b/src/lib/protocols/SOMEIP.c index a0d347417..7e33048c8 100644 --- a/src/lib/protocols/SOMEIP.c +++ b/src/lib/protocols/SOMEIP.c @@ -24,7 +24,6 @@ #include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_SOMEIP -// CR: these MQTT references are no longer relevant, rigth? ANS: true. enum SOMEIP_MESSAGE_TYPES { REQUEST = 0x00, REQUEST_NO_RETURN = 0x01, @@ -95,25 +94,14 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, //####Maybe check carrier protocols?#### NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP search called...\n"); - // CR: can packet be const? ANS: Probably yeah, needs testing but I changed it. struct const ndpi_packet_struct *packet = &flow->packet; if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) { return; } - // CR: let's reach a decision in this issue. ANS: I think it's unnecessary and would get dropped on length checks or whatever, so we can remove this. - - /*NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP detection...\n"); - if (flow->packet_counter > 10) { - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. mandatory header not found!\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); - return; - } - ####This block drops flows with over 10 packets. Why? Probably just an auto-drop in case nothing else catches it. Necessary for SOME/IP? Good question.#### - */ //we extract the Message ID and Request ID and check for special cases later - u_int32_t message_id = ntohl(*((u_int32_t *)packet->payload[0])); - u_int32_t request_id = ntohl(*((u_int32_t *)packet->payload[8])); + u_int32_t message_id = ntohl(*((u_int32_t *)&packet->payload[0])); + u_int32_t request_id = ntohl(*((u_int32_t *)&packet->payload[8])); NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "====>>>> SOME/IP Message ID: %08x [len: %u]\n", message_id, packet->payload_packet_len); @@ -122,17 +110,11 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); return; } - /*if (packet->payload_packet_len > 258) { - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. maximum packet size exceeded!\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); - return; - } - ####Maximum packet size in SOMEIP depends on the carrier protocol, and I'm not certain how well enforced it is, so let's leave that for round 2#### - */ + + //####Maximum packet size in SOMEIP depends on the carrier protocol, and I'm not certain how well enforced it is, so let's leave that for round 2#### // we extract the remaining length - // CR: cast the payload to unsigned int, then use ntohl ANS: done - u_int32_t someip_len = ntohl(*((u_int32_t *)packet->payload[4])); + u_int32_t someip_len = ntohl(*((u_int32_t *)&packet->payload[4])); if (packet->payload_packet_len != (someip_len + 8)) { NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. Length field invalid!\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); @@ -141,7 +123,6 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, u_int8_t protocol_version = (u_int8_t) (packet->payload[12]); NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP protocol version: [%d]\n",protocol_version); - // CR: don't use magic numbers, convert this to a constant instead ANS: done if (protocol_version != LEGAL_PROTOCOL_VERSION){ NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. invalid protocol version!\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); @@ -153,7 +134,6 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, u_int8_t message_type = (u_int8_t) (packet->payload[14]); NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP message type: [%d]\n",message_type); - // CR: don't use magic numbers, convert these to constants instead ANS: done if ((message_type != REQUEST) && (message_type != REQUEST_NO_RETURN) && (message_type != NOTIFICATION) && (message_type != REQUEST_ACK) && (message_type != REQUEST_NO_RETURN_ACK) && (message_type != NOTIFICATION_ACK) && (message_type != RESPONSE) && (message_type != ERROR) && (message_type != RESPONSE_ACK) && (message_type != ERROR_ACK)) { @@ -164,7 +144,6 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, u_int8_t return_code = (u_int8_t) (packet->payload[15]); NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP return code: [%d]\n", return_code); - // CR: don't use magic numbers, convert this to a constant instead ANS: done if ((return_code >= E_RETURN_CODE_LEGAL_THRESHOLD)) { NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. invalid return code!\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); @@ -172,7 +151,6 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, } if (message_id == MSG_MAGIC_COOKIE){ - // CR: don't use magic numbers, convert these to constants instead ANS:done if ((someip_len == MC_LENGTH) && (request_id == MC_REQUEST_ID) && (interface_version == MC_INTERFACE_VERSION) && (message_type == REQUEST_NO_RETURN\) && (return_code == E_OK)){ NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found Magic Cookie\n",message_type); @@ -187,7 +165,6 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, } if (message_id == MSG_MAGIC_COOKIE_ACK){ - // CR: don't use magic numbers, convert these to constants instead ANS: done if ((someip_len == MC_LENGTH) && (request_id == MC_REQUEST_ID) && (interface_version == MC_INTERFACE_VERSION\) && (message_type == REQUEST_NO_RETURN) && (return_code == E_OK)){ NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found Magic Cookie ACK\n",message_type); @@ -202,14 +179,9 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, } if (message_id == MSG_SD){ - // CR: let's talk about this (i.e. what should be here right now? what documentation should we leave behind?) ANS: a TON of stuff. SD is basically another protocol built ontop SOMEIP. at the very least I expect it to be as long as everything else we've done already. - //####Service Discovery message. Fill in later!#### + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP-SD currently not supported\n", message_type); } - // CR: while this is for demo purposes, the port numbers are as specified in the SOME/IP document, so we should change the - // comment to reflect this. ANS: done - // Also, don't use magic numbers, use constants. ANS: done - //Filtering by port. //This check is NOT a 100% thing - these ports are mentioned in the documentation but the documentation also states they haven't been approved by IANA yet, and that the user is free to use different ports. //This is is PURELY for demo purposes and the rest of the check must be filled in later on! -- cgit v1.2.3 From d4ca57884b6e85590dc71053f23b10ebfbbed2af Mon Sep 17 00:00:00 2001 From: alexei-argus Date: Fri, 19 May 2017 14:38:44 +0300 Subject: CR fixes #2 --- src/lib/protocols/SOMEIP.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/lib/protocols/SOMEIP.c b/src/lib/protocols/SOMEIP.c index 7e33048c8..adffb0c33 100644 --- a/src/lib/protocols/SOMEIP.c +++ b/src/lib/protocols/SOMEIP.c @@ -94,7 +94,7 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, //####Maybe check carrier protocols?#### NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP search called...\n"); - struct const ndpi_packet_struct *packet = &flow->packet; + const struct ndpi_packet_struct *packet = &flow->packet; if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) { return; } @@ -152,7 +152,7 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, if (message_id == MSG_MAGIC_COOKIE){ if ((someip_len == MC_LENGTH) && (request_id == MC_REQUEST_ID) && (interface_version == MC_INTERFACE_VERSION) && - (message_type == REQUEST_NO_RETURN\) && (return_code == E_OK)){ + (message_type == REQUEST_NO_RETURN) && (return_code == E_OK)){ NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found Magic Cookie\n",message_type); ndpi_int_someip_add_connection(ndpi_struct, flow); return; @@ -165,7 +165,7 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, } if (message_id == MSG_MAGIC_COOKIE_ACK){ - if ((someip_len == MC_LENGTH) && (request_id == MC_REQUEST_ID) && (interface_version == MC_INTERFACE_VERSION\) && + if ((someip_len == MC_LENGTH) && (request_id == MC_REQUEST_ID) && (interface_version == MC_INTERFACE_VERSION) && (message_type == REQUEST_NO_RETURN) && (return_code == E_OK)){ NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found Magic Cookie ACK\n",message_type); ndpi_int_someip_add_connection(ndpi_struct, flow); -- cgit v1.2.3 From ac5cb53066adf584da95b96e04e3e7e838c97a4a Mon Sep 17 00:00:00 2001 From: Luca Date: Thu, 15 Jun 2017 05:25:27 -0400 Subject: mDNS improvemennts to recognize reponses senst to non multicast addresses --- src/lib/protocols/mdns.c | 37 ++++++++++++++++++++----------------- 1 file changed, 20 insertions(+), 17 deletions(-) (limited to 'src') diff --git a/src/lib/protocols/mdns.c b/src/lib/protocols/mdns.c index 0692b3252..a47e9b72a 100644 --- a/src/lib/protocols/mdns.c +++ b/src/lib/protocols/mdns.c @@ -1,7 +1,7 @@ /* * mdns.c * - * Copyright (C) 2016 - ntop.org + * Copyright (C) 2016-17 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -26,6 +26,10 @@ #define NDPI_MAX_MDNS_REQUESTS 128 +PACK_ON +struct mdns_header { + u_int16_t transaction_id, flags, questions, answers, authority_rr, additional_rr; +} PACK_OFF; /** MDNS header is similar to dns header @@ -48,27 +52,26 @@ static void ndpi_int_mdns_add_connection(struct ndpi_detection_module_struct - *ndpi_struct, struct ndpi_flow_struct *flow) -{ + *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MDNS, NDPI_PROTOCOL_UNKNOWN); } static int ndpi_int_check_mdns_payload(struct ndpi_detection_module_struct - *ndpi_struct, struct ndpi_flow_struct *flow) -{ + *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - - if((packet->payload[2] & 0x80) == 0 && - ntohs(get_u_int16_t(packet->payload, 4)) <= NDPI_MAX_MDNS_REQUESTS && - ntohs(get_u_int16_t(packet->payload, 6)) <= NDPI_MAX_MDNS_REQUESTS) { - + struct mdns_header *h = (struct mdns_header*)packet->payload; + u_int16_t questions = ntohs(h->questions), answers = ntohs(h->answers); + + if(((packet->payload[2] & 0x80) == 0) + && (questions <= NDPI_MAX_MDNS_REQUESTS) + && (answers <= NDPI_MAX_MDNS_REQUESTS)) { NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, NDPI_LOG_DEBUG, "found MDNS with question query.\n"); return 1; } - else if((packet->payload[2] & 0x80) != 0 && - ntohs(get_u_int16_t(packet->payload, 4)) == 0 && - ntohs(get_u_int16_t(packet->payload, 6)) <= NDPI_MAX_MDNS_REQUESTS && - ntohs(get_u_int16_t(packet->payload, 6)) != 0) { + else if(((packet->payload[2] & 0x80) != 0) + && (questions == 0) + && (answers <= NDPI_MAX_MDNS_REQUESTS) + && (answers != 0)) { char answer[256]; int i, j, len; @@ -77,7 +80,7 @@ static int ndpi_int_check_mdns_payload(struct ndpi_detection_module_struct answer[j] = '\0'; - /* printf("==> [%d] %s\n", j, answer); */ + printf("==> [%d] %s\n", j, answer); len = ndpi_min(sizeof(flow->protos.mdns.answer)-1, j); strncpy(flow->protos.mdns.answer, (const char *)answer, len); @@ -107,7 +110,7 @@ void ndpi_search_mdns(struct ndpi_detection_module_struct *ndpi_struct, struct n /* check standard MDNS ON port 5353 */ if(dport == 5353 && packet->payload_packet_len >= 12) { /* mdns protocol must have destination address 224.0.0.251 */ - if(packet->iph != NULL && ntohl(packet->iph->daddr) == 0xe00000fb) { + if(packet->iph != NULL /* && ntohl(packet->iph->daddr) == 0xe00000fb */) { NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, NDPI_LOG_DEBUG, "found MDNS with destination address 224.0.0.251 (=0xe00000fb)\n"); @@ -120,7 +123,7 @@ void ndpi_search_mdns(struct ndpi_detection_module_struct *ndpi_struct, struct n #ifdef NDPI_DETECTION_SUPPORT_IPV6 if(packet->iphv6 != NULL) { const u_int32_t *daddr = packet->iphv6->ip6_dst.u6_addr.u6_addr32; - if(daddr[0] == htonl(0xff020000) && daddr[1] == 0 && daddr[2] == 0 && daddr[3] == htonl(0xfb)) { + if(daddr[0] == htonl(0xff020000) /* && daddr[1] == 0 && daddr[2] == 0 && daddr[3] == htonl(0xfb) */) { NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, NDPI_LOG_DEBUG, "found MDNS with destination address ff02::fb\n"); -- cgit v1.2.3 From be749e75a502b14e249143eb4353e0a0cea764aa Mon Sep 17 00:00:00 2001 From: Luca Date: Thu, 15 Jun 2017 07:13:29 -0400 Subject: Removed tracing --- src/lib/protocols/mdns.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/lib/protocols/mdns.c b/src/lib/protocols/mdns.c index a47e9b72a..d805a0bca 100644 --- a/src/lib/protocols/mdns.c +++ b/src/lib/protocols/mdns.c @@ -80,7 +80,7 @@ static int ndpi_int_check_mdns_payload(struct ndpi_detection_module_struct answer[j] = '\0'; - printf("==> [%d] %s\n", j, answer); + /* printf("==> [%d] %s\n", j, answer); */ len = ndpi_min(sizeof(flow->protos.mdns.answer)-1, j); strncpy(flow->protos.mdns.answer, (const char *)answer, len); -- cgit v1.2.3 From 68f1653dec9bdffa96479c8245529c76c604c30a Mon Sep 17 00:00:00 2001 From: Campus Date: Mon, 19 Jun 2017 20:39:36 +0200 Subject: fix lync detection --- src/lib/protocols/stun.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'src') diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index 421ed5d75..8c42f56c9 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -98,6 +98,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * case 0x8054: /* Candidate Identifier */ if((len == 4) + && ((payload[offset+4] == 0x31) || (payload[offset+4] == 0x34)) && (payload[offset+5] == 0x00) && (payload[offset+6] == 0x00) && (payload[offset+7] == 0x00)) { @@ -258,16 +259,15 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n if(ndpi_int_check_stun(ndpi_struct, flow, packet->payload + 2, packet->payload_packet_len - 2, &is_whatsapp, &is_lync) == NDPI_IS_STUN) { - if(is_lync) { - NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "Found MS Lync\n"); - ndpi_int_stun_add_connection(ndpi_struct, NDPI_PROTOCOL_MS_LYNC, flow); - } else { - NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "found UDP stun.\n"); - ndpi_int_stun_add_connection(ndpi_struct, - is_whatsapp ? NDPI_PROTOCOL_WHATSAPP_VOICE : NDPI_PROTOCOL_STUN, flow); - } - - return; + if(is_lync) { + NDPI_LOG(NDPI_PROTOCOL_MS_LYNC, ndpi_struct, NDPI_LOG_DEBUG, "Found MS Lync\n"); + ndpi_int_stun_add_connection(ndpi_struct, NDPI_PROTOCOL_MS_LYNC, flow); + } else { + NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "found UDP stun.\n"); + ndpi_int_stun_add_connection(ndpi_struct, + is_whatsapp ? NDPI_PROTOCOL_WHATSAPP_VOICE : NDPI_PROTOCOL_STUN, flow); + } + return; } } } -- cgit v1.2.3 From 592b769f67a0257582f49e079e2b49db772eeb7a Mon Sep 17 00:00:00 2001 From: MaYuming Date: Sun, 25 Jun 2017 11:15:59 +0800 Subject: fix lync over ICE detection --- src/lib/protocols/stun.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'src') diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index 8c42f56c9..37feb2871 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -98,7 +98,6 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * case 0x8054: /* Candidate Identifier */ if((len == 4) - && ((payload[offset+4] == 0x31) || (payload[offset+4] == 0x34)) && (payload[offset+5] == 0x00) && (payload[offset+6] == 0x00) && (payload[offset+7] == 0x00)) { @@ -266,7 +265,7 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "found UDP stun.\n"); ndpi_int_stun_add_connection(ndpi_struct, is_whatsapp ? NDPI_PROTOCOL_WHATSAPP_VOICE : NDPI_PROTOCOL_STUN, flow); - } + } return; } } -- cgit v1.2.3 From dbb9724c4ef528cb329c4518d496940b0e640913 Mon Sep 17 00:00:00 2001 From: Campus Date: Tue, 27 Jun 2017 11:38:44 +0200 Subject: added fix protocol https://github.com/ntop/nDPI/issues/372 --- src/include/ndpi_define.h | 10 +++--- src/include/ndpi_protocol_ids.h | 5 +-- src/include/ndpi_protocols.h | 2 ++ src/lib/Makefile.am | 1 + src/lib/ndpi_main.c | 8 +++++ src/lib/protocols/fix.c | 73 ++++++++++++++++++++++++++++++++++++++++ tests/pcap/fix.pcap | Bin 0 -> 135714 bytes tests/result/fix.pcap.out | 14 ++++++++ 8 files changed, 106 insertions(+), 7 deletions(-) create mode 100644 src/lib/protocols/fix.c create mode 100644 tests/pcap/fix.pcap create mode 100644 tests/result/fix.pcap.out (limited to 'src') diff --git a/src/include/ndpi_define.h b/src/include/ndpi_define.h index b632712a1..4878ff748 100644 --- a/src/include/ndpi_define.h +++ b/src/include/ndpi_define.h @@ -1,6 +1,6 @@ /* * - * Copyright (C) 2011-16 - ntop.org + * Copyright (C) 2011-17 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -180,15 +180,15 @@ #define NDPI_SOULSEEK_CONNECTION_IP_TICK_TIMEOUT 600 #ifdef NDPI_ENABLE_DEBUG_MESSAGES -#define NDPI_LOG(proto, m, log_level, args...) \ - { \ +#define NDPI_LOG(proto, m, log_level, args...) \ + { \ struct ndpi_detection_module_struct *mod = (struct ndpi_detection_module_struct*) m; \ - if(mod != NULL) { \ + if(mod != NULL) { \ mod->ndpi_debug_print_file=__FILE__; \ mod->ndpi_debug_print_function=__FUNCTION__; \ mod->ndpi_debug_print_line=__LINE__; \ (*(mod->ndpi_debug_printf))(proto, mod, log_level, args); \ - } \ + } \ } #else /* NDPI_ENABLE_DEBUG_MESSAGES */ #ifdef WIN32 diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 1e088ceaa..4c5d6539c 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -267,12 +267,13 @@ #define NDPI_PROTOCOL_GIT 226 #define NDPI_PROTOCOL_DRDA 227 #define NDPI_PROTOCOL_PLAYSTORE 228 /* Google Play Store */ - #define NDPI_PROTOCOL_SOMEIP 229 +#define NDPI_PROTOCOL_FIX 230 + /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ -#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_SOMEIP +#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_FIX #define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1) #define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL) diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index 2ac9485ab..65a2bb116 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -197,6 +197,7 @@ void ndpi_search_drda(struct ndpi_detection_module_struct *ndpi_struct, struct n void ndpi_search_bjnp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_smpp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_tinc(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); +void ndpi_search_fix(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); /* --- INIT FUNCTIONS --- */ void init_afp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_aimini_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); @@ -341,4 +342,5 @@ void init_drda_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int void init_bjnp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_smpp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_tinc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); +void init_fix_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); #endif /* __NDPI_PROTOCOLS_H__ */ diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index 3af5881b7..14288d3a3 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -45,6 +45,7 @@ libndpi_la_SOURCES = ndpi_content_match.c.inc \ protocols/edonkey.c \ protocols/fasttrack.c \ protocols/fiesta.c \ + protocols/fix.c \ protocols/filetopia.c \ protocols/florensia.c \ protocols/ftp_control.c \ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 8ff3855af..18d96394f 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1626,6 +1626,11 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "TINC", NDPI_PROTOCOL_CATEGORY_VPN, ndpi_build_default_ports(ports_a, 655, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 655, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_FIX, + no_master, + no_master, "FIX", NDPI_PROTOCOL_CATEGORY_RPC, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); /* calling function for host and content matched protocols */ init_string_based_protocols(ndpi_mod); @@ -2720,6 +2725,9 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* TINC */ init_tinc_dissector(ndpi_struct, &a, detection_bitmask); + /* FIX */ + init_fix_dissector(ndpi_struct, &a, detection_bitmask); + /*** Put false-positive sensitive protocols at the end ***/ /* SKYPE */ diff --git a/src/lib/protocols/fix.c b/src/lib/protocols/fix.c new file mode 100644 index 000000000..b96454c3f --- /dev/null +++ b/src/lib/protocols/fix.c @@ -0,0 +1,73 @@ +/* + * fix.c + * + * Copyright (C) 2017 - ntop.org + * + * This file is part of nDPI, an open source deep packet inspection + * library based on the OpenDPI and PACE technology by ipoque GmbH + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ +#include "ndpi_protocols.h" + +#ifdef NDPI_PROTOCOL_FIX + +void ndpi_search_fix(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) +{ + struct ndpi_packet_struct *packet = &flow->packet; + + if(packet->tcp) { + // 8= + if(packet->payload[0] == 0x38 && packet->payload[1] == 0x3d) { + // FIX. + if(packet->payload[2] == 0x46 && + packet->payload[3] == 0x49 && + packet->payload[4] == 0x58 && + packet->payload[5] == 0x2e) { + + NDPI_LOG(NDPI_PROTOCOL_FIX, ndpi_struct, NDPI_LOG_DEBUG, "FIX detected.\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_FIX, NDPI_PROTOCOL_UNKNOWN); + return; + } + // 0. 9= + if(packet->payload[2] == 0x4f && + packet->payload[3] == 0x01 && + packet->payload[4] == 0x39 && + packet->payload[5] == 0x3d) { + + NDPI_LOG(NDPI_PROTOCOL_FIX, ndpi_struct, NDPI_LOG_DEBUG, "FIX detected.\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_FIX, NDPI_PROTOCOL_UNKNOWN); + return; + } + } + } + /* exclude FIX */ + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_FIX); +} + + +void init_fix_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +{ + ndpi_set_bitmask_protocol_detection("FIX", ndpi_struct, detection_bitmask, *id, + NDPI_PROTOCOL_FIX, + ndpi_search_fix, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, + ADD_TO_DETECTION_BITMASK); + *id += 1; +} + + +#endif diff --git a/tests/pcap/fix.pcap b/tests/pcap/fix.pcap new file mode 100644 index 000000000..0b6b37b55 Binary files /dev/null and b/tests/pcap/fix.pcap differ diff --git a/tests/result/fix.pcap.out b/tests/result/fix.pcap.out new file mode 100644 index 000000000..66707122e --- /dev/null +++ b/tests/result/fix.pcap.out @@ -0,0 +1,14 @@ +FIX 1261 115514 12 + + 1 TCP 8.17.22.31:4000 <-> 192.168.0.20:40918 [proto: 230/FIX][18 pkts/1938 bytes <-> 18 pkts/1358 bytes] + 2 TCP 8.17.22.31:4000 <-> 192.168.0.20:40928 [proto: 230/FIX][4 pkts/342 bytes <-> 2 pkts/303 bytes] + 3 TCP 217.192.86.32:4000 <-> 192.168.0.20:53330 [proto: 230/FIX][6 pkts/456 bytes <-> 5 pkts/551 bytes] + 4 TCP 8.17.22.31:4000 <-> 192.168.0.20:43594 [proto: 230/FIX][111 pkts/16881 bytes <-> 111 pkts/7680 bytes] + 5 TCP 8.17.22.31:4000 <-> 192.168.0.20:47968 [proto: 230/FIX][201 pkts/21246 bytes <-> 200 pkts/13460 bytes] + 6 TCP 8.17.22.31:4000 <-> 192.168.0.20:47952 [proto: 230/FIX][5 pkts/577 bytes <-> 5 pkts/484 bytes] + 7 TCP 8.17.22.31:4000 <-> 192.168.0.20:47962 [proto: 230/FIX][6 pkts/513 bytes <-> 4 pkts/522 bytes] + 8 TCP 208.245.107.3:4000 <-> 192.168.0.20:38652 [proto: 230/FIX][9 pkts/961 bytes <-> 9 pkts/700 bytes] + 9 TCP 208.245.107.3:4000 <-> 192.168.0.20:38646 [proto: 230/FIX][6 pkts/441 bytes <-> 4 pkts/477 bytes] + 10 TCP 208.245.107.3:4000 <-> 192.168.0.20:39094 [proto: 230/FIX][6 pkts/456 bytes <-> 5 pkts/551 bytes] + 11 TCP 208.245.107.3:4000 <-> 192.168.0.20:45578 [proto: 230/FIX][228 pkts/26333 bytes <-> 228 pkts/13920 bytes] + 12 TCP 208.245.107.3:4000 <-> 192.168.0.20:45584 [proto: 230/FIX][35 pkts/3022 bytes <-> 35 pkts/2342 bytes] -- cgit v1.2.3 From 4a1ced37099d32867cf531b8eb1bb31f9f3db558 Mon Sep 17 00:00:00 2001 From: Simone Mainardi Date: Tue, 27 Jun 2017 12:10:50 +0200 Subject: Removes invalid char in SOME/IP proto name --- src/lib/ndpi_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 18d96394f..a2f957ce9 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1573,7 +1573,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SOMEIP, no_master, - no_master, "SOME/IP", NDPI_PROTOCOL_CATEGORY_RPC, + no_master, "SOMEIP", NDPI_PROTOCOL_CATEGORY_RPC, ndpi_build_default_ports(ports_a, 30491, 30501, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 30491, 30501, 30490, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RX, -- cgit v1.2.3 From 9bfab472e4a40db84768952d11f0866e181d0b65 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Thu, 6 Jul 2017 08:29:21 +0200 Subject: Win fix --- src/include/ndpi_win32.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src') diff --git a/src/include/ndpi_win32.h b/src/include/ndpi_win32.h index 175ecd57d..8a952b293 100644 --- a/src/include/ndpi_win32.h +++ b/src/include/ndpi_win32.h @@ -63,6 +63,8 @@ typedef unsigned __int64 u_int64_t; #define gmtime_r(a, b) memcpy(b, gmtime(a), sizeof(struct tm)) +#define in_addr_t unsigned long + extern unsigned long waitForNextEvent(unsigned long ulDelay /* ms */); #define sleep(a /* sec */) waitForNextEvent(1000*a /* ms */) -- cgit v1.2.3 From d66e473a2c1d336e024c4d8bcefb3785e16ffd5e Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Thu, 6 Jul 2017 09:28:15 +0200 Subject: Code cleanup Updated test results Renamed SOMEIP -> someip --- example/ndpiReader.c | 451 +++++++++++++++--------------- src/lib/Makefile.am | 2 +- src/lib/protocols/SOMEIP.c | 223 --------------- src/lib/protocols/someip.c | 223 +++++++++++++++ tests/result/KakaoTalk_talk.pcap.out | 4 +- tests/result/http_ipv6.pcap.out | 8 +- tests/result/mpeg.pcap.out | 2 +- tests/result/ocs.pcap.out | 5 +- tests/result/quickplay.pcap.out | 12 +- tests/result/skype.pcap.out | 314 ++++++++++----------- tests/result/wechat.pcap.out | 19 +- tests/result/whatsapp_login_call.pcap.out | 6 +- 12 files changed, 635 insertions(+), 634 deletions(-) delete mode 100644 src/lib/protocols/SOMEIP.c create mode 100644 src/lib/protocols/someip.c (limited to 'src') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 4f54e4793..a93147421 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -95,16 +95,16 @@ static time_t capture_until = 0; static u_int32_t num_flows; struct info_pair{ - char addr[48]; - char proto[48]; /*app level protocol*/ - int count; + char addr[48]; + char proto[48]; /*app level protocol*/ + int count; }; typedef struct node_a{ - char addr[48]; - int count; - char proto[48]; /*app level protocol*/ - struct node_a *left, *right; + char addr[48]; + int count; + char proto[48]; /*app level protocol*/ + struct node_a *left, *right; }addr_node; struct port_stats { @@ -436,7 +436,7 @@ static void parseOptions(int argc, char **argv) { pcap_analysis_duration = atol(optarg); break; - case 'x': + case 'x': #ifndef HAVE_JSON_C printf("WARNING: this copy of ndpiReader has been compiled without JSON-C: json export disabled\n"); #else @@ -552,7 +552,7 @@ static void parseOptions(int argc, char **argv) { } } - if(!bpf_filter_flag){ + if(!bpf_filter_flag) { if(do_capture) { quiet_mode = 1; @@ -847,7 +847,7 @@ static void node_proto_guess_walker(const void *node, ndpi_VISIT which, int dept /* *********************************************** */ -void updateScanners(struct single_flow_info **scanners, const char *saddr, u_int32_t dport){ +void updateScanners(struct single_flow_info **scanners, const char *saddr, u_int32_t dport) { struct single_flow_info *f; HASH_FIND_STR(*scanners, saddr, f); @@ -874,7 +874,7 @@ void updateScanners(struct single_flow_info **scanners, const char *saddr, u_int HASH_FIND_INT(f->ports, &dport, pp); - if(pp == NULL){ + if(pp == NULL) { pp = (struct port_flow_info*)malloc(sizeof(struct port_flow_info)); if(!pp) return; pp->port = dport; @@ -897,7 +897,7 @@ int updateIpTree(const char *key, addr_node **vrootp, const char *proto) { return 0; while (*rootp != (addr_node *)0) { /* Knuth's T1: */ - if((r = strcmp(key, ((*rootp)->addr))) == 0){ /* T2: */ + if((r = strcmp(key, ((*rootp)->addr))) == 0) { /* T2: */ return ++((*rootp)->count); } @@ -940,48 +940,48 @@ void freeIpTree(addr_node *root) { /* *********************************************** */ -void updateTopIpAddress(const char *addr, const char *proto, int count, struct info_pair top[], int size){ - int update = 0; - int r; - int i; - int min_i = 0; - int min = count; - struct info_pair pair; +void updateTopIpAddress(const char *addr, const char *proto, int count, struct info_pair top[], int size) { + int update = 0; + int r; + int i; + int min_i = 0; + int min = count; + struct info_pair pair; - if(count == 0) return; + if(count == 0) return; - strncpy(pair.addr, addr, sizeof(pair.addr)); - strncpy(pair.proto, proto, sizeof(pair.proto)); - pair.count = count; + strncpy(pair.addr, addr, sizeof(pair.addr)); + strncpy(pair.proto, proto, sizeof(pair.proto)); + pair.count = count; - for(i=0; inum_addr++; if(count) { - s->cumulative_addr++; - updateTopIpAddress(addr, proto, count, s->top_ip_addrs, MAX_NUM_IP_ADDRESS); + s->cumulative_addr++; + updateTopIpAddress(addr, proto, count, s->top_ip_addrs, MAX_NUM_IP_ADDRESS); } s->num_pkts += num_pkts, s->num_bytes += num_bytes, s->num_flows++; @@ -1030,7 +1030,7 @@ static void updatePortStats(struct port_stats **stats, u_int32_t port, /* *********************************************** */ -static void deleteScanners(struct single_flow_info *scanners){ +static void deleteScanners(struct single_flow_info *scanners) { struct single_flow_info *s, *tmp; struct port_flow_info *p, *tmp2; @@ -1064,33 +1064,33 @@ static void deletePortsStats(struct port_stats *stats) { */ static void port_stats_walker(const void *node, ndpi_VISIT which, int depth, void *user_data) { if((which == ndpi_preorder) || (which == ndpi_leaf)) { /* Avoid walking the same node multiple times */ - struct ndpi_flow_info *flow = *(struct ndpi_flow_info **) node; - u_int16_t sport, dport; - char saddr[48], daddr[48]; - char proto[48]; - u_int16_t thread_id = *(int *)user_data; - int r; + struct ndpi_flow_info *flow = *(struct ndpi_flow_info **) node; + u_int16_t sport, dport; + char saddr[48], daddr[48]; + char proto[48]; + u_int16_t thread_id = *(int *)user_data; + int r; - sport = ntohs(flow->src_port), dport = ntohs(flow->dst_port); - strncpy(saddr, flow->src_name, sizeof(saddr)); - strncpy(daddr, flow->dst_name, sizeof(daddr)); + sport = ntohs(flow->src_port), dport = ntohs(flow->dst_port); + strncpy(saddr, flow->src_name, sizeof(saddr)); + strncpy(daddr, flow->dst_name, sizeof(daddr)); - /* get app level protocol */ - if(flow->detected_protocol.master_protocol) - ndpi_protocol2name(ndpi_thread_info[thread_id].workflow->ndpi_struct, - flow->detected_protocol, proto, sizeof(proto)); - else - strncpy(proto, ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, - flow->detected_protocol.app_protocol),sizeof(proto)); + /* get app level protocol */ + if(flow->detected_protocol.master_protocol) + ndpi_protocol2name(ndpi_thread_info[thread_id].workflow->ndpi_struct, + flow->detected_protocol, proto, sizeof(proto)); + else + strncpy(proto, ndpi_get_proto_name(ndpi_thread_info[thread_id].workflow->ndpi_struct, + flow->detected_protocol.app_protocol),sizeof(proto)); - if(((r = strcmp(ipProto2Name(flow->protocol), "TCP")) == 0) - && (flow->src2dst_packets == 1) && (flow->dst2src_packets == 0)){ + if(((r = strcmp(ipProto2Name(flow->protocol), "TCP")) == 0) + && (flow->src2dst_packets == 1) && (flow->dst2src_packets == 0)) { - updateScanners(&scannerHosts, saddr, dport); - } + updateScanners(&scannerHosts, saddr, dport); + } - updatePortStats(&srcStats, sport, saddr, flow->src2dst_packets, flow->src2dst_bytes, proto); - updatePortStats(&dstStats, dport, daddr, flow->dst2src_packets, flow->dst2src_bytes, proto); + updatePortStats(&srcStats, sport, saddr, flow->src2dst_packets, flow->src2dst_bytes, proto); + updatePortStats(&dstStats, dport, daddr, flow->dst2src_packets, flow->dst2src_bytes, proto); } } @@ -1135,7 +1135,7 @@ static void on_protocol_discovered(struct ndpi_workflow * workflow, const u_int16_t thread_id = (uintptr_t) udata; - if(verbose > 1){ + if(verbose > 1) { if(enable_protocol_guess) { if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) { flow->detected_protocol.app_protocol = node_guess_undetected_protocol(thread_id, flow), @@ -1299,13 +1299,13 @@ static void json_init() { } static void json_open_stats_file() { - if((file_first_time && ((stats_fp = fopen(_statsFilePath,"w")) == NULL)) - || - (!file_first_time && (stats_fp = fopen(_statsFilePath,"a")) == NULL)) { - printf("Error creating/opening file %s\n", _statsFilePath); - stats_flag = 0; - } - else file_first_time = 0; + if((file_first_time && ((stats_fp = fopen(_statsFilePath,"w")) == NULL)) + || + (!file_first_time && (stats_fp = fopen(_statsFilePath,"a")) == NULL)) { + printf("Error creating/opening file %s\n", _statsFilePath); + stats_flag = 0; + } + else file_first_time = 0; } static void json_close_stats_file() { @@ -1375,10 +1375,10 @@ static int scanners_port_sort(void *_a, void *_b) { static int info_pair_cmp (const void *_a, const void *_b) { - struct info_pair *a = (struct info_pair *)_a; - struct info_pair *b = (struct info_pair *)_b; + struct info_pair *a = (struct info_pair *)_a; + struct info_pair *b = (struct info_pair *)_b; - return b->count - a->count; + return b->count - a->count; } /* *********************************************** */ @@ -1406,14 +1406,14 @@ static void deleteTopStats(struct top_stats *stats) { /** * @brief Get port based top statistics */ -static int getTopStats(struct top_stats **topStats, struct port_stats *stats){ +static int getTopStats(struct top_stats **topStats, struct port_stats *stats) { struct top_stats *s; struct port_stats *sp, *tmp; struct info_pair inf; u_int64_t total_ip_addrs = 0; /* stats are ordered by packet number */ - HASH_ITER(hh, stats, sp, tmp){ + HASH_ITER(hh, stats, sp, tmp) { s = (struct top_stats *)malloc(sizeof(struct top_stats)); memset(s, 0, sizeof(struct top_stats)); @@ -1425,7 +1425,7 @@ static int getTopStats(struct top_stats **topStats, struct port_stats *stats){ qsort(&sp->top_ip_addrs[0], MAX_NUM_IP_ADDRESS, sizeof(struct info_pair), info_pair_cmp); inf = sp->top_ip_addrs[0]; - if(((inf.count * 100.0)/sp->cumulative_addr) > AGGRESSIVE_PERCENT){ + if(((inf.count * 100.0)/sp->cumulative_addr) > AGGRESSIVE_PERCENT) { strncpy(s->top_ip, inf.addr, sizeof(s->top_ip)); strncpy(s->proto, inf.proto, sizeof(s->proto)); } @@ -1442,7 +1442,7 @@ static int getTopStats(struct top_stats **topStats, struct port_stats *stats){ /* *********************************************** */ #ifdef HAVE_JSON_C -static void saveScannerStats(json_object **jObj_group, struct single_flow_info *scanners){ +static void saveScannerStats(json_object **jObj_group, struct single_flow_info *scanners) { struct single_flow_info *s, *tmp; struct port_flow_info *p, *tmp2; json_object *jArray_stats = json_object_new_array(); @@ -1496,7 +1496,7 @@ static void saveTopStats(json_object **jObj_group, struct top_stats *stats, int direction, u_int64_t total_flow_count, - u_int64_t total_ip_addr){ + u_int64_t total_ip_addr) { struct top_stats *s, *tmp; json_object *jArray_stats = json_object_new_array(); @@ -1505,14 +1505,14 @@ static void saveTopStats(json_object **jObj_group, /* stats for packet burst diagnose */ HASH_ITER(hh, stats, s, tmp) { - if(s->top_ip[0] != '\0'){ + if(s->top_ip[0] != '\0') { json_object *jObj_stat = json_object_new_object(); json_object_object_add(jObj_stat,"port",json_object_new_int(s->port)); json_object_object_add(jObj_stat,"packets.number",json_object_new_int64(s->num_pkts)); json_object_object_add(jObj_stat,"flows.number",json_object_new_double(s->num_flows)); json_object_object_add(jObj_stat,"flows.percent",json_object_new_double((s->num_flows*100.0)/total_flow_count)); if(s->num_pkts) json_object_object_add(jObj_stat,"flows/packets", - json_object_new_double(((double)s->num_flows)/s->num_pkts)); + json_object_new_double(((double)s->num_flows)/s->num_pkts)); else json_object_object_add(jObj_stat,"flows.num_packets",json_object_new_double(0.0)); json_object_object_add(jObj_stat,"aggressive.ip",json_object_new_string(s->top_ip)); @@ -1526,7 +1526,7 @@ static void saveTopStats(json_object **jObj_group, } json_object_object_add(*jObj_group, (direction == DIR_SRC) ? - "top.src.pkts.stats" : "top.dst.pkts.stats", jArray_stats); + "top.src.pkts.stats" : "top.dst.pkts.stats", jArray_stats); jArray_stats = json_object_new_array(); i=0; @@ -1550,7 +1550,7 @@ static void saveTopStats(json_object **jObj_group, } json_object_object_add(*jObj_group, (direction == DIR_SRC) ? - "top.src.ip.stats" : "top.dst.ip.stats", jArray_stats); + "top.src.ip.stats" : "top.dst.ip.stats", jArray_stats); } #endif @@ -1568,10 +1568,10 @@ void printPortStats(struct port_stats *stats) { qsort(&s->top_ip_addrs[0], MAX_NUM_IP_ADDRESS, sizeof(struct info_pair), info_pair_cmp); for(j=0; jtop_ip_addrs[j].count != 0) { - printf("\t\t%-36s ~ %.2f%%\n", s->top_ip_addrs[j].addr, - ((s->top_ip_addrs[j].count) * 100.0) / s->cumulative_addr); - } + if(s->top_ip_addrs[j].count != 0) { + printf("\t\t%-36s ~ %.2f%%\n", s->top_ip_addrs[j].addr, + ((s->top_ip_addrs[j].count) * 100.0) / s->cumulative_addr); + } } printf("\n"); @@ -1879,9 +1879,9 @@ static void printResults(u_int64_t tot_usec) { #endif } - if(verbose == 3 || stats_flag){ - deletePortsStats(srcStats), deletePortsStats(dstStats); - srcStats = NULL, dstStats = NULL; + if(verbose == 3 || stats_flag) { + deletePortsStats(srcStats), deletePortsStats(dstStats); + srcStats = NULL, dstStats = NULL; } @@ -2164,7 +2164,7 @@ void * processing_thread(void *_thread_id) { if((!json_flag) && (!quiet_mode)) printf("Running thread %ld...\n", thread_id); pcap_loop: - runPcapLoop(thread_id); + runPcapLoop(thread_id); if(playlist_fp[thread_id] != NULL) { /* playlist: read next file */ char filename[256]; @@ -2242,11 +2242,11 @@ void test_lib() { /* Printing cumulative results */ printResults(tot_usec); -if(stats_flag){ + if(stats_flag) { #ifdef HAVE_JSON_C - json_close_stats_file(); + json_close_stats_file(); #endif -} + } for(thread_id = 0; thread_id < num_threads; thread_id++) { if(ndpi_thread_info[thread_id].workflow->pcap_handle != NULL) @@ -2275,40 +2275,39 @@ void automataUnitTest() { * save it in .json format */ #ifdef HAVE_JSON_C -void bpf_filter_produce_filter(int port_array[], int p_size, const char *host_array[48], int h_size, char *filePath){ +void bpf_filter_produce_filter(int port_array[], int p_size, const char *host_array[48], int h_size, char *filePath) { FILE *fp = NULL; char *prefix = "bpf_filter_"; char _filterFilePath[1024]; char *fileName; char filter[2048]; - char portBuf[10]; - char hostBuf[64]; int produced = 0; int i = 0; - printf("producing bpf filter...\n"); - - - if(port_array[0] != INIT_VAL){ - + if(port_array[0] != INIT_VAL) { + int l; + strcpy(filter, "not (src port "); - while(i < p_size && port_array[i] != INIT_VAL){ + while(i < p_size && port_array[i] != INIT_VAL) { + l = strlen(filter); + if(i+1 == p_size || port_array[i+1] == INIT_VAL) - snprintf(portBuf, sizeof(portBuf), "%d", port_array[i]); + snprintf(&filter[l], sizeof(filter)-l, "%d", port_array[i]); else - snprintf(portBuf, sizeof(portBuf), "%d or ", port_array[i]); - strncat(filter, portBuf, sizeof(portBuf)); + snprintf(&filter[l], sizeof(filter)-l, "%d or ", port_array[i]); i++; } - strncat(filter, ")", sizeof(")")); + l = strlen(filter); + snprintf(&filter[l], sizeof(filter)-l, "%s", ")"); produced = 1; } - if(host_array[0] != NULL){ - + if(host_array[0] != NULL) { + int l; + if(port_array[0] != INIT_VAL) strncat(filter, " and not (host ", sizeof(" and not (host ")); else @@ -2316,40 +2315,40 @@ void bpf_filter_produce_filter(int port_array[], int p_size, const char *host_ar i=0; - while(i < h_size && host_array[i] != NULL){ + while(i < h_size && host_array[i] != NULL) { + l = strlen(filter); + if(i+1 == h_size || host_array[i+1] == NULL) - snprintf(hostBuf, sizeof(hostBuf), "%s", host_array[i]); + snprintf(&filter[l], sizeof(filter)-l, "%s", host_array[i]); else - snprintf(hostBuf, sizeof(hostBuf), "%s or ", host_array[i]); - strncat(filter, hostBuf, sizeof(hostBuf)); + snprintf(&filter[l], sizeof(filter)-l, "%s or ", host_array[i]); + i++; } - - strncat(filter, ")", sizeof(")")); + + l = strlen(filter); + snprintf(&filter[l], sizeof(filter)-l, "%s", ")"); produced = 1; } - fileName = basename(filePath); - snprintf(_filterFilePath, sizeof(_filterFilePath), "%s%s", prefix, fileName); + snprintf(_filterFilePath, sizeof(_filterFilePath), "%s.bpf", filePath); if((fp = fopen(_filterFilePath,"w")) == NULL) { printf("Error creating .json file %s\n", _filterFilePath); exit(-1); } - json_object *jObj_bpfFilter = json_object_new_object(); if(produced) - json_object_object_add(jObj_bpfFilter, "filter", json_object_new_string(filter)); + json_object_object_add(jObj_bpfFilter, "filter", json_object_new_string(filter)); else json_object_object_add(jObj_bpfFilter, "filter", json_object_new_string("")); fprintf(fp,"%s\n",json_object_to_json_string(jObj_bpfFilter)); fclose(fp); - printf("created: %s\n", _filterFilePath); } #endif @@ -2359,7 +2358,7 @@ void bpf_filter_produce_filter(int port_array[], int p_size, const char *host_ar * @brief Initialize port array */ -void bpf_filter_port_array_init(int array[], int size){ +void bpf_filter_port_array_init(int array[], int size) { int i; for(i=0; i FLOWS_PACKETS_TRESHOLD) && (flows_percent >= FLOWS_PERCENT_TRESHOLD)){ - if((res = json_object_object_get_ex(src_pkts_stat, "port", &jObj_port)) == 0){ - fprintf(stderr, "ERROR: can't get \"port\", use -x flag only with .json files generated by ndpiReader -b flag.\n"); - exit(-1); - } - int port = json_object_get_int(jObj_port); - bpf_filter_port_array_add(srcPortArray, size, port); + if((flows_packets > FLOWS_PACKETS_TRESHOLD) && (flows_percent >= FLOWS_PERCENT_TRESHOLD)) { + if((res = json_object_object_get_ex(src_pkts_stat, "port", &jObj_port)) == 0) { + fprintf(stderr, "ERROR: can't get \"port\", use -x flag only with .json files generated by ndpiReader -b flag.\n"); + exit(-1); } + int port = json_object_get_int(jObj_port); + + bpf_filter_port_array_add(srcPortArray, size, port); } + } } #endif @@ -2471,33 +2470,33 @@ void getPacketBasedSourcePortsToFilter(struct json_object *jObj_stat, int srcPor * flows per second to the srcHostArray to filter */ #ifdef HAVE_JSON_C -void getScannerHostsToFilter(struct json_object *jObj_stat, int duration, const char *srcHostArray[48], int size){ - int j; +void getScannerHostsToFilter(struct json_object *jObj_stat, int duration, const char *srcHostArray[48], int size) { + int j; - for(j=0; j 1000){ - if((res = json_object_object_get_ex(scanner_stat, "ip.address", &jObj_host_address)) == 0){ - fprintf(stderr, "ERROR: can't get \"ip.address\", use -x flag only with .json files generated by ndpiReader -b flag.\n"); - exit(-1); - } - const char *host_address = json_object_get_string(jObj_host_address); + if((tot_flows_number/duration) > 1000) { + if((res = json_object_object_get_ex(scanner_stat, "ip.address", &jObj_host_address)) == 0) { + fprintf(stderr, "ERROR: can't get \"ip.address\", use -x flag only with .json files generated by ndpiReader -b flag.\n"); + exit(-1); + } + const char *host_address = json_object_get_string(jObj_host_address); - bpf_filter_host_array_add(srcHostArray, size, host_address); + bpf_filter_host_array_add(srcHostArray, size, host_address); - } } + } } #endif @@ -2508,39 +2507,39 @@ void getScannerHostsToFilter(struct json_object *jObj_stat, int duration, const * second to the srcHostArray to filter */ #ifdef HAVE_JSON_C -void getHostBasedSourcePortsToFilter(struct json_object *jObj_stat, int duration, int srcPortArray[], int size){ - int j; +void getHostBasedSourcePortsToFilter(struct json_object *jObj_stat, int duration, int srcPortArray[], int size) { + int j; - for(j=0; j 1000){ - if((res = json_object_object_get_ex(src_pkts_stat, "port", &jObj_port)) == 0){ - fprintf(stderr, "ERROR: can't get \"port\", use -x flag only with .json files generated by ndpiReader -b flag.\n"); - exit(-1); - } - int port = json_object_get_int(jObj_port); - bpf_filter_port_array_add(srcPortArray, size, port); + if((flows_number/duration) > 1000) { + if((res = json_object_object_get_ex(src_pkts_stat, "port", &jObj_port)) == 0) { + fprintf(stderr, "ERROR: can't get \"port\", use -x flag only with .json files generated by ndpiReader -b flag.\n"); + exit(-1); } + int port = json_object_get_int(jObj_port); + + bpf_filter_port_array_add(srcPortArray, size, port); } + } } #endif /* *********************************************** */ #ifdef HAVE_JSON_C -static void produceBpfFilter(char *filePath){ +static void produceBpfFilter(char *filePath) { int fsock; struct stat statbuf; void *fmap; @@ -2556,40 +2555,40 @@ static void produceBpfFilter(char *filePath){ int i; - if((fsock = open(filePath, O_RDONLY)) == -1){ - fprintf(stderr,"error opening file %s\n", filePath); - exit(-1); + if((fsock = open(filePath, O_RDONLY)) == -1) { + fprintf(stderr,"error opening file %s\n", filePath); + exit(-1); } - if(fstat(fsock, &statbuf) == -1){ - fprintf(stderr,"error getting file stat\n"); - exit(-1); + if(fstat(fsock, &statbuf) == -1) { + fprintf(stderr,"error getting file stat\n"); + exit(-1); } - if((fmap = mmap(NULL, statbuf.st_size, PROT_READ, MAP_PRIVATE, fsock, 0)) == MAP_FAILED){ - fprintf(stderr,"error mmap is failed\n"); - exit(-1); + if((fmap = mmap(NULL, statbuf.st_size, PROT_READ, MAP_PRIVATE, fsock, 0)) == MAP_FAILED) { + fprintf(stderr,"error mmap is failed\n"); + exit(-1); } - if((jObj = json_tokener_parse(fmap)) == NULL){ + if((jObj = json_tokener_parse(fmap)) == NULL) { fprintf(stderr,"ERROR: invalid json file. Use -x flag only with .json files generated by ndpiReader -b flag.\n"); exit(-1); } - if((res = json_object_object_get_ex(jObj, "duration.in.seconds", &jObj_duration)) == 0){ + if((res = json_object_object_get_ex(jObj, "duration.in.seconds", &jObj_duration)) == 0) { fprintf(stderr,"ERROR: can't get \"duration.in.seconds\", use -x flag only with .json files generated by ndpiReader -b flag.\n"); exit(-1); } duration = json_object_get_int(jObj_duration); - if((res = json_object_object_get_ex(jObj, "statistics", &jObj_statistics)) == 0){ + if((res = json_object_object_get_ex(jObj, "statistics", &jObj_statistics)) == 0) { fprintf(stderr,"ERROR: can't get \"statistics\", use -x flag only with .json files generated by ndpiReader -b flag.\n"); exit(-1); } - if((typeCheck = json_object_is_type(jObj_statistics, json_type_array)) == 0){ + if((typeCheck = json_object_is_type(jObj_statistics, json_type_array)) == 0) { fprintf(stderr,"ERROR: invalid json file. Use -x flag only with .json files generated by ndpiReader -b flag.\n"); exit(-1); } @@ -2600,25 +2599,25 @@ static void produceBpfFilter(char *filePath){ bpf_filter_host_array_init(filterSrcHosts, HOST_ARRAY_SIZE); - for(i=0; i - * - * This file is part of nDPI, an open source deep packet inspection - * library based on the OpenDPI and PACE technology by ipoque GmbH - * - * nDPI is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your omessage_typeion) any later version. - * - * nDPI is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with nDPI. If not, see . - * - */ - -#include "ndpi_protocols.h" -#ifdef NDPI_PROTOCOL_SOMEIP - -enum SOMEIP_MESSAGE_TYPES { - REQUEST = 0x00, - REQUEST_NO_RETURN = 0x01, - NOTIFICATION = 0x02, - REQUEST_ACK = 0x40, - REQUEST_NO_RETURN_ACK = 0x41, - NOTIFICATION_ACK = 0x42, - RESPONSE = 0x80, - ERROR = 0x81, - RESPONSE_ACK = 0xc0, - ERROR_ACK = 0xc1 -}; - -enum SOMEIP_RETURN_CODES { - E_OK = 0x00, - E_NOT_OK = 0x01, - E_UNKNOWN_SERVICE = 0x02, - E_UNKNOWN_METHOD = 0x03, - E_NOT_READY = 0x04, - E_NOT_REACHABLE = 0x05, - E_TIMEOUT = 0x06, - E_WRONG_PROTOCOL_VERSION = 0x07, - E_WRONG_INTERFACE_VERSION = 0x08, - E_MALFORMED_MESSAGE = 0x09, - E_WRONG_MESSAGE_TYPE = 0x0a, - E_RETURN_CODE_LEGAL_THRESHOLD = 0x40 //return codes from 0x40 (inclusive) and upwards are illegal. -}; - -enum SPECIAL_MESSAGE_IDS { - MSG_MAGIC_COOKIE = 0xffff0000, - MSG_MAGIC_COOKIE_ACK = 0xffff8000, - MSG_SD = 0xffff8100 -}; - -enum PROTOCOL_VERSION{ - LEGAL_PROTOCOL_VERSION = 0x01 -}; - -enum MAGIC_COOKIE_CONSTANTS{ - MC_REQUEST_ID = 0xDEADBEEF, - MC_LENGTH = 0x08, - MC_INTERFACE_VERSION = 0x01 -}; - -enum DEFAULT_PROTOCOL_PORTS{ - PORT_DEFAULT_CLIENT = 30491, - PORT_DEFAULT_SERVER = 30501, - PORT_DEFAULT_SD = 30490 -}; - -/** - * Entry point when protocol is identified. - */ -static void ndpi_int_someip_add_connection (struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow) -{ - ndpi_set_detected_protocol(ndpi_struct,flow,NDPI_PROTOCOL_SOMEIP,NDPI_PROTOCOL_UNKNOWN); - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found.\n"); -} - -/** - * Dissector function that searches SOME/IP headers - */ -void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow) -{ - - //####Maybe check carrier protocols?#### - - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP search called...\n"); - const struct ndpi_packet_struct *packet = &flow->packet; - if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) { - return; - } - - //we extract the Message ID and Request ID and check for special cases later - u_int32_t message_id = ntohl(*((u_int32_t *)&packet->payload[0])); - u_int32_t request_id = ntohl(*((u_int32_t *)&packet->payload[8])); - - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "====>>>> SOME/IP Message ID: %08x [len: %u]\n", - message_id, packet->payload_packet_len); - if (packet->payload_packet_len < 16) { - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. mandatory header not found (not enough data for all fields)\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); - return; - } - - //####Maximum packet size in SOMEIP depends on the carrier protocol, and I'm not certain how well enforced it is, so let's leave that for round 2#### - - // we extract the remaining length - u_int32_t someip_len = ntohl(*((u_int32_t *)&packet->payload[4])); - if (packet->payload_packet_len != (someip_len + 8)) { - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. Length field invalid!\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); - return; - } - - u_int8_t protocol_version = (u_int8_t) (packet->payload[12]); - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP protocol version: [%d]\n",protocol_version); - if (protocol_version != LEGAL_PROTOCOL_VERSION){ - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. invalid protocol version!\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); - return; - } - - u_int8_t interface_version = (packet->payload[13]); - - u_int8_t message_type = (u_int8_t) (packet->payload[14]); - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP message type: [%d]\n",message_type); - - if ((message_type != REQUEST) && (message_type != REQUEST_NO_RETURN) && (message_type != NOTIFICATION) && (message_type != REQUEST_ACK) && - (message_type != REQUEST_NO_RETURN_ACK) && (message_type != NOTIFICATION_ACK) && (message_type != RESPONSE) && - (message_type != ERROR) && (message_type != RESPONSE_ACK) && (message_type != ERROR_ACK)) { - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. invalid message type!\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); - return; - } - - u_int8_t return_code = (u_int8_t) (packet->payload[15]); - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP return code: [%d]\n", return_code); - if ((return_code >= E_RETURN_CODE_LEGAL_THRESHOLD)) { - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. invalid return code!\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); - return; - } - - if (message_id == MSG_MAGIC_COOKIE){ - if ((someip_len == MC_LENGTH) && (request_id == MC_REQUEST_ID) && (interface_version == MC_INTERFACE_VERSION) && - (message_type == REQUEST_NO_RETURN) && (return_code == E_OK)){ - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found Magic Cookie\n",message_type); - ndpi_int_someip_add_connection(ndpi_struct, flow); - return; - } - else{ - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP, invalid header for Magic Cookie\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); - return; - } - } - - if (message_id == MSG_MAGIC_COOKIE_ACK){ - if ((someip_len == MC_LENGTH) && (request_id == MC_REQUEST_ID) && (interface_version == MC_INTERFACE_VERSION) && - (message_type == REQUEST_NO_RETURN) && (return_code == E_OK)){ - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found Magic Cookie ACK\n",message_type); - ndpi_int_someip_add_connection(ndpi_struct, flow); - return; - } - else{ - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP, invalid header for Magic Cookie ACK\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); - return; - } - } - - if (message_id == MSG_SD){ - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP-SD currently not supported\n", message_type); - } - - //Filtering by port. - //This check is NOT a 100% thing - these ports are mentioned in the documentation but the documentation also states they haven't been approved by IANA yet, and that the user is free to use different ports. - //This is is PURELY for demo purposes and the rest of the check must be filled in later on! - if (packet->l4_protocol == IPPROTO_UDP){ - if ((packet->udp->dest == ntohs(PORT_DEFAULT_CLIENT)) || (packet->udp->dest == ntohs(PORT_DEFAULT_SERVER)) || (packet->udp->dest == ntohs(PORT_DEFAULT_SD))) { - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found\n",message_type); - ndpi_int_someip_add_connection(ndpi_struct, flow); - return; - } - } - if (packet->l4_protocol == IPPROTO_TCP){ - if ((packet->tcp->dest == ntohs(PORT_DEFAULT_CLIENT)) || (packet->tcp->dest == ntohs(PORT_DEFAULT_SERVER))) { - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found\n",message_type); - ndpi_int_someip_add_connection(ndpi_struct, flow); - return; - } - } - - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Reached the end without confirming SOME/IP ...\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); - return; -} -/** - * Entry point for the ndpi library - */ -void init_someip_dissector (struct ndpi_detection_module_struct *ndpi_struct, - u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) -{ - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP dissector init...\n"); - ndpi_set_bitmask_protocol_detection ("SOME/IP", ndpi_struct, detection_bitmask, *id, - NDPI_PROTOCOL_SOMEIP, - ndpi_search_someip, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD, - SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); - *id +=1; -} - -#endif // NDPI_PROTOCOL_SOMEIP - diff --git a/src/lib/protocols/someip.c b/src/lib/protocols/someip.c new file mode 100644 index 000000000..714648417 --- /dev/null +++ b/src/lib/protocols/someip.c @@ -0,0 +1,223 @@ +/* + * someip.c + * + * Copyright (C) 2016 Sorin Zamfir + * + * This file is part of nDPI, an open source deep packet inspection + * library based on the OpenDPI and PACE technology by ipoque GmbH + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your omessage_typeion) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ + +#include "ndpi_protocols.h" +#ifdef NDPI_PROTOCOL_SOMEIP + +enum SOMEIP_MESSAGE_TYPES { + SOMEIP_REQUEST = 0x00, + SOMEIP_REQUEST_NO_RETURN = 0x01, + SOMEIP_NOTIFICATION = 0x02, + SOMEIP_REQUEST_ACK = 0x40, + SOMEIP_REQUEST_NO_RETURN_ACK = 0x41, + SOMEIP_NOTIFICATION_ACK = 0x42, + SOMEIP_RESPONSE = 0x80, + SOMEIP_ERROR = 0x81, + SOMEIP_RESPONSE_ACK = 0xc0, + SOMEIP_ERROR_ACK = 0xc1 +}; + +enum SOMEIP_RETURN_CODES { + E_OK = 0x00, + E_NOT_OK = 0x01, + E_UNKNOWN_SERVICE = 0x02, + E_UNKNOWN_METHOD = 0x03, + E_NOT_READY = 0x04, + E_NOT_REACHABLE = 0x05, + E_TIMEOUT = 0x06, + E_WRONG_PROTOCOL_VERSION = 0x07, + E_WRONG_INTERFACE_VERSION = 0x08, + E_MALFORMED_MESSAGE = 0x09, + E_WRONG_MESSAGE_TYPE = 0x0a, + E_RETURN_CODE_LEGAL_THRESHOLD = 0x40 //return codes from 0x40 (inclusive) and upwards are illegal. +}; + +enum SPECIAL_MESSAGE_IDS { + MSG_MAGIC_COOKIE = 0xffff0000, + MSG_MAGIC_COOKIE_ACK = 0xffff8000, + MSG_SD = 0xffff8100 +}; + +enum PROTOCOL_VERSION{ + LEGAL_PROTOCOL_VERSION = 0x01 +}; + +enum MAGIC_COOKIE_CONSTANTS{ + MC_REQUEST_ID = 0xDEADBEEF, + MC_LENGTH = 0x08, + MC_INTERFACE_VERSION = 0x01 +}; + +enum DEFAULT_PROTOCOL_PORTS{ + PORT_DEFAULT_CLIENT = 30491, + PORT_DEFAULT_SERVER = 30501, + PORT_DEFAULT_SD = 30490 +}; + +/** + * Entry point when protocol is identified. + */ +static void ndpi_int_someip_add_connection (struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) +{ + ndpi_set_detected_protocol(ndpi_struct,flow,NDPI_PROTOCOL_SOMEIP,NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found.\n"); +} + +/** + * Dissector function that searches SOME/IP headers + */ +void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) +{ + + //####Maybe check carrier protocols?#### + + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP search called...\n"); + const struct ndpi_packet_struct *packet = &flow->packet; + if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) { + return; + } + + //we extract the Message ID and Request ID and check for special cases later + u_int32_t message_id = ntohl(*((u_int32_t *)&packet->payload[0])); + u_int32_t request_id = ntohl(*((u_int32_t *)&packet->payload[8])); + + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "====>>>> SOME/IP Message ID: %08x [len: %u]\n", + message_id, packet->payload_packet_len); + if (packet->payload_packet_len < 16) { + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. mandatory header not found (not enough data for all fields)\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); + return; + } + + //####Maximum packet size in SOMEIP depends on the carrier protocol, and I'm not certain how well enforced it is, so let's leave that for round 2#### + + // we extract the remaining length + u_int32_t someip_len = ntohl(*((u_int32_t *)&packet->payload[4])); + if (packet->payload_packet_len != (someip_len + 8)) { + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. Length field invalid!\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); + return; + } + + u_int8_t protocol_version = (u_int8_t) (packet->payload[12]); + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP protocol version: [%d]\n",protocol_version); + if (protocol_version != LEGAL_PROTOCOL_VERSION){ + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. invalid protocol version!\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); + return; + } + + u_int8_t interface_version = (packet->payload[13]); + + u_int8_t message_type = (u_int8_t) (packet->payload[14]); + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP message type: [%d]\n",message_type); + + if ((message_type != SOMEIP_REQUEST) && (message_type != SOMEIP_REQUEST_NO_RETURN) && (message_type != SOMEIP_NOTIFICATION) && (message_type != SOMEIP_REQUEST_ACK) && + (message_type != SOMEIP_REQUEST_NO_RETURN_ACK) && (message_type != SOMEIP_NOTIFICATION_ACK) && (message_type != SOMEIP_RESPONSE) && + (message_type != SOMEIP_ERROR) && (message_type != SOMEIP_RESPONSE_ACK) && (message_type != SOMEIP_ERROR_ACK)) { + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. invalid message type!\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); + return; + } + + u_int8_t return_code = (u_int8_t) (packet->payload[15]); + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP return code: [%d]\n", return_code); + if ((return_code >= E_RETURN_CODE_LEGAL_THRESHOLD)) { + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. invalid return code!\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); + return; + } + + if (message_id == MSG_MAGIC_COOKIE){ + if ((someip_len == MC_LENGTH) && (request_id == MC_REQUEST_ID) && (interface_version == MC_INTERFACE_VERSION) && + (message_type == SOMEIP_REQUEST_NO_RETURN) && (return_code == E_OK)){ + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found Magic Cookie\n",message_type); + ndpi_int_someip_add_connection(ndpi_struct, flow); + return; + } + else{ + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP, invalid header for Magic Cookie\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); + return; + } + } + + if (message_id == MSG_MAGIC_COOKIE_ACK){ + if ((someip_len == MC_LENGTH) && (request_id == MC_REQUEST_ID) && (interface_version == MC_INTERFACE_VERSION) && + (message_type == SOMEIP_REQUEST_NO_RETURN) && (return_code == E_OK)){ + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found Magic Cookie ACK\n",message_type); + ndpi_int_someip_add_connection(ndpi_struct, flow); + return; + } + else{ + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP, invalid header for Magic Cookie ACK\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); + return; + } + } + + if (message_id == MSG_SD){ + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP-SD currently not supported\n", message_type); + } + + //Filtering by port. + //This check is NOT a 100% thing - these ports are mentioned in the documentation but the documentation also states they haven't been approved by IANA yet, and that the user is free to use different ports. + //This is is PURELY for demo purposes and the rest of the check must be filled in later on! + if (packet->l4_protocol == IPPROTO_UDP){ + if ((packet->udp->dest == ntohs(PORT_DEFAULT_CLIENT)) || (packet->udp->dest == ntohs(PORT_DEFAULT_SERVER)) || (packet->udp->dest == ntohs(PORT_DEFAULT_SD))) { + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found\n",message_type); + ndpi_int_someip_add_connection(ndpi_struct, flow); + return; + } + } + if (packet->l4_protocol == IPPROTO_TCP){ + if ((packet->tcp->dest == ntohs(PORT_DEFAULT_CLIENT)) || (packet->tcp->dest == ntohs(PORT_DEFAULT_SERVER))) { + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found\n",message_type); + ndpi_int_someip_add_connection(ndpi_struct, flow); + return; + } + } + + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Reached the end without confirming SOME/IP ...\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); + return; +} +/** + * Entry point for the ndpi library + */ +void init_someip_dissector (struct ndpi_detection_module_struct *ndpi_struct, + u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +{ + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP dissector init...\n"); + ndpi_set_bitmask_protocol_detection ("SOME/IP", ndpi_struct, detection_bitmask, *id, + NDPI_PROTOCOL_SOMEIP, + ndpi_search_someip, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); + *id +=1; +} + +#endif // NDPI_PROTOCOL_SOMEIP + diff --git a/tests/result/KakaoTalk_talk.pcap.out b/tests/result/KakaoTalk_talk.pcap.out index 61611d734..c01c64475 100644 --- a/tests/result/KakaoTalk_talk.pcap.out +++ b/tests/result/KakaoTalk_talk.pcap.out @@ -1,4 +1,5 @@ HTTP 5 280 1 +QQ 15 1727 1 SSL_No_Cert 74 14132 2 RTP 2991 398751 2 SSL 5 1198 1 @@ -8,7 +9,6 @@ HTTP_Proxy 16 1838 2 Tor 40 10538 1 Amazon 4 396 1 KakaoTalk_Voice 44 6196 2 -WeChat 15 1727 1 1 TCP 120.28.26.242:80 <-> 10.24.82.188:34533 [proto: 7/HTTP][3 pkts/168 bytes <-> 2 pkts/112 bytes] 2 TCP 10.24.82.188:58916 <-> 54.255.185.236:5222 [proto: 178/Amazon][2 pkts/225 bytes <-> 2 pkts/171 bytes] @@ -23,7 +23,7 @@ WeChat 15 1727 1 11 TCP 10.24.82.188:34686 -> 173.194.72.188:5228 [proto: 126/Google][1 pkts/164 bytes -> 0 pkts/0 bytes] 12 TCP 10.24.82.188:58857 <-> 110.76.143.50:9001 [proto: 163/Tor][22 pkts/5326 bytes <-> 18 pkts/5212 bytes] 13 TCP 173.252.122.1:443 -> 10.24.82.188:52123 [proto: 91.119/SSL.Facebook][1 pkts/56 bytes -> 0 pkts/0 bytes] - 14 TCP 10.24.82.188:48489 <-> 203.205.147.215:80 [proto: 7.197/HTTP.WeChat][8 pkts/1117 bytes <-> 7 pkts/610 bytes][Host: hkminorshort.weixin.qq.com] + 14 TCP 10.24.82.188:48489 <-> 203.205.147.215:80 [proto: 7.48/HTTP.QQ][8 pkts/1117 bytes <-> 7 pkts/610 bytes][Host: hkminorshort.weixin.qq.com] 15 UDP 10.24.82.188:10269 <-> 1.201.1.174:23047 [proto: 194/KakaoTalk_Voice][12 pkts/1692 bytes <-> 10 pkts/1420 bytes] 16 UDP 10.24.82.188:10268 <-> 1.201.1.174:23046 [proto: 87/RTP][746 pkts/93906 bytes <-> 742 pkts/104604 bytes] 17 UDP 10.24.82.188:11321 <-> 1.201.1.174:23045 [proto: 194/KakaoTalk_Voice][11 pkts/1542 bytes <-> 11 pkts/1542 bytes] diff --git a/tests/result/http_ipv6.pcap.out b/tests/result/http_ipv6.pcap.out index 4c3856606..8d2a0b46c 100644 --- a/tests/result/http_ipv6.pcap.out +++ b/tests/result/http_ipv6.pcap.out @@ -5,10 +5,10 @@ QUIC 3 502 1 ntop 80 36401 4 1 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:33062 <-> [2a00:1450:400b:c02::9a]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] - 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37486 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.229/SSL.ntop][11 pkts/1292 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] - 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37488 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.229/SSL.ntop][10 pkts/1206 bytes <-> 7 pkts/5636 bytes][client: www.ntop.org] - 4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37494 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.229/SSL.ntop][10 pkts/1206 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] - 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37506 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.229/SSL.ntop][14 pkts/3969 bytes <-> 12 pkts/11648 bytes][client: www.ntop.org] + 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37486 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.232/SSL.ntop][11 pkts/1292 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] + 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37488 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.232/SSL.ntop][10 pkts/1206 bytes <-> 7 pkts/5636 bytes][client: www.ntop.org] + 4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37494 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.232/SSL.ntop][10 pkts/1206 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] + 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37506 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.232/SSL.ntop][14 pkts/3969 bytes <-> 12 pkts/11648 bytes][client: www.ntop.org] 6 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:40526 <-> [2a00:1450:4006:804::200e]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] 7 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:41776 <-> [2a00:1450:4001:803::1017]:443 [proto: 91/SSL][7 pkts/860 bytes <-> 7 pkts/1353 bytes] 8 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53132 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/SSL.Facebook][7 pkts/960 bytes <-> 5 pkts/4227 bytes][client: s-static.ak.facebook.com] diff --git a/tests/result/mpeg.pcap.out b/tests/result/mpeg.pcap.out index 7e8dbf91c..1252983a7 100644 --- a/tests/result/mpeg.pcap.out +++ b/tests/result/mpeg.pcap.out @@ -1,3 +1,3 @@ ntop 19 10643 1 - 1 TCP 192.168.80.160:55804 <-> 46.101.157.119:80 [proto: 7.229/HTTP.ntop][9 pkts/754 bytes <-> 10 pkts/9889 bytes][Host: luca.ntop.org] + 1 TCP 192.168.80.160:55804 <-> 46.101.157.119:80 [proto: 7.232/HTTP.ntop][9 pkts/754 bytes <-> 10 pkts/9889 bytes][Host: luca.ntop.org] diff --git a/tests/result/ocs.pcap.out b/tests/result/ocs.pcap.out index 6281738ec..d16dc31de 100644 --- a/tests/result/ocs.pcap.out +++ b/tests/result/ocs.pcap.out @@ -2,15 +2,16 @@ Unknown 6 360 1 DNS 3 214 3 HTTP 13 1019 2 SSL 20 2715 1 -Google 41 5525 6 +Google 40 5453 5 OCS 863 57552 7 +PlayStore 1 72 1 1 TCP 192.168.180.2:42590 -> 178.248.208.210:80 [proto: 7.218/HTTP.OCS][83 pkts/5408 bytes -> 0 pkts/0 bytes][Host: www.ocs.fr] 2 TCP 192.168.180.2:48250 -> 178.248.208.54:80 [proto: 7.218/HTTP.OCS][6 pkts/1092 bytes -> 0 pkts/0 bytes][Host: ocu03.labgency.ws] 3 TCP 192.168.180.2:41223 -> 216.58.208.46:443 [proto: 91.126/SSL.Google][13 pkts/1448 bytes -> 0 pkts/0 bytes] 4 UDP 192.168.180.2:38472 -> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/63 bytes -> 0 pkts/0 bytes][Host: ocu03.labgency.ws] 5 TCP 192.168.180.2:39263 -> 23.21.230.199:443 [proto: 91/SSL][20 pkts/2715 bytes -> 0 pkts/0 bytes][client: settings.crashlytics.com] - 6 UDP 192.168.180.2:48770 -> 8.8.8.8:53 [proto: 5.126/DNS.Google][1 pkts/72 bytes -> 0 pkts/0 bytes][Host: android.clients.google.com] + 6 UDP 192.168.180.2:48770 -> 8.8.8.8:53 [proto: 5.228/DNS.PlayStore][1 pkts/72 bytes -> 0 pkts/0 bytes][Host: android.clients.google.com] 7 TCP 192.168.180.2:47803 -> 64.233.166.95:443 [proto: 91.126/SSL.Google][12 pkts/1608 bytes -> 0 pkts/0 bytes] 8 UDP 192.168.180.2:1291 -> 8.8.8.8:53 [proto: 5/DNS][1 pkts/67 bytes -> 0 pkts/0 bytes][Host: api.eu01.capptain.com] 9 UDP 192.168.180.2:2589 -> 8.8.8.8:53 [proto: 5.218/DNS.OCS][1 pkts/61 bytes -> 0 pkts/0 bytes][Host: ocs.labgency.ws] diff --git a/tests/result/quickplay.pcap.out b/tests/result/quickplay.pcap.out index 71aca873f..87b488520 100644 --- a/tests/result/quickplay.pcap.out +++ b/tests/result/quickplay.pcap.out @@ -1,8 +1,8 @@ +QQ 12 4781 5 Facebook 6 1740 3 Google 2 378 1 Amazon 2 1469 1 QuickPlay 133 96179 11 -WeChat 12 4781 5 1 TCP 10.54.169.250:33277 <-> 120.28.26.231:80 [proto: 7.126/HTTP.Google][1 pkts/241 bytes <-> 1 pkts/137 bytes][Host: clients3.google.com] 2 TCP 10.54.169.250:50669 <-> 120.28.35.41:80 [proto: 7.196/HTTP.QuickPlay][2 pkts/844 bytes <-> 2 pkts/2836 bytes][Host: api-singtelhawk.quickplay.com] @@ -11,8 +11,8 @@ WeChat 12 4781 5 5 TCP 10.54.169.250:52017 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][5 pkts/2510 bytes <-> 3 pkts/3522 bytes][Host: vod-singtelhawk.quickplay.com] 6 TCP 10.54.169.250:52019 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][14 pkts/7028 bytes <-> 11 pkts/12578 bytes][Host: vod-singtelhawk.quickplay.com] 7 TCP 10.54.169.250:52021 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][3 pkts/1506 bytes <-> 1 pkts/1248 bytes][Host: vod-singtelhawk.quickplay.com] - 8 TCP 10.54.169.250:35670 <-> 203.205.147.215:80 [proto: 7.197/HTTP.WeChat][1 pkts/681 bytes <-> 1 pkts/262 bytes][Host: hkminorshort.weixin.qq.com] - 9 TCP 10.54.169.250:42762 <-> 203.205.129.101:80 [proto: 7.197/HTTP.WeChat][1 pkts/616 bytes <-> 1 pkts/261 bytes][Host: hkextshort.weixin.qq.com] + 8 TCP 10.54.169.250:35670 <-> 203.205.147.215:80 [proto: 7.48/HTTP.QQ][1 pkts/681 bytes <-> 1 pkts/262 bytes][Host: hkminorshort.weixin.qq.com] + 9 TCP 10.54.169.250:42762 <-> 203.205.129.101:80 [proto: 7.48/HTTP.QQ][1 pkts/616 bytes <-> 1 pkts/261 bytes][Host: hkextshort.weixin.qq.com] 10 TCP 10.54.169.250:52285 <-> 173.252.74.22:80 [proto: 7.119/HTTP.Facebook][1 pkts/243 bytes <-> 1 pkts/339 bytes][Host: www.facebook.com] 11 TCP 10.54.169.250:44793 <-> 31.13.68.49:80 [proto: 7.119/HTTP.Facebook][1 pkts/237 bytes <-> 1 pkts/339 bytes][Host: www.facebook.com] 12 TCP 10.54.169.250:33064 <-> 120.28.5.18:80 [proto: 7.196/HTTP.QuickPlay][1 pkts/358 bytes <-> 1 pkts/109 bytes][Host: api-singtelhawk.quickplay.com] @@ -21,7 +21,7 @@ WeChat 12 4781 5 15 TCP 10.54.169.250:50668 <-> 120.28.35.41:80 [proto: 7.196/HTTP.QuickPlay][2 pkts/733 bytes <-> 2 pkts/2627 bytes][Host: api-singtelhawk.quickplay.com] 16 TCP 10.54.169.250:52018 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][4 pkts/2008 bytes <-> 3 pkts/3040 bytes][Host: vod-singtelhawk.quickplay.com] 17 TCP 10.54.169.250:52022 <-> 120.28.35.40:80 [proto: 7.196/HTTP.QuickPlay][4 pkts/2008 bytes <-> 3 pkts/2276 bytes][Host: vod-singtelhawk.quickplay.com] - 18 TCP 10.54.169.250:42761 <-> 203.205.129.101:80 [proto: 7.197/HTTP.WeChat][1 pkts/380 bytes <-> 1 pkts/261 bytes][Host: hkextshort.weixin.qq.com] + 18 TCP 10.54.169.250:42761 <-> 203.205.129.101:80 [proto: 7.48/HTTP.QQ][1 pkts/380 bytes <-> 1 pkts/261 bytes][Host: hkextshort.weixin.qq.com] 19 TCP 10.54.169.250:52288 <-> 173.252.74.22:80 [proto: 7.119/HTTP.Facebook][1 pkts/243 bytes <-> 1 pkts/339 bytes][Host: www.facebook.com] - 20 TCP 10.54.169.250:54883 <-> 203.205.151.160:80 [proto: 7.197/HTTP.WeChat][2 pkts/1192 bytes <-> 1 pkts/145 bytes][Host: hkextshort.weixin.qq.com] - 21 TCP 10.54.169.250:54885 <-> 203.205.151.160:80 [proto: 7.197/HTTP.WeChat][1 pkts/461 bytes <-> 2 pkts/522 bytes][Host: hkextshort.weixin.qq.com] + 20 TCP 10.54.169.250:54883 <-> 203.205.151.160:80 [proto: 7.48/HTTP.QQ][2 pkts/1192 bytes <-> 1 pkts/145 bytes][Host: hkextshort.weixin.qq.com] + 21 TCP 10.54.169.250:54885 <-> 203.205.151.160:80 [proto: 7.48/HTTP.QQ][1 pkts/461 bytes <-> 2 pkts/522 bytes][Host: hkextshort.weixin.qq.com] diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index 5e5052e66..c2a8d8b77 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -1,13 +1,13 @@ -Unknown 381 48593 15 +Unknown 404 52712 16 DNS 2 267 1 MDNS 8 1736 2 NTP 2 180 1 SSDP 101 38156 6 ICMP 8 656 1 IGMP 5 258 4 -SSL 88 8268 6 +SSL 96 8876 7 Dropbox 38 17948 5 -Skype 1941 297337 246 +Skype 1910 292610 244 Apple 15 2045 2 AppleiCloud 88 20520 2 Spotify 5 430 1 @@ -144,153 +144,152 @@ MS_OneDrive 387 198090 1 129 TCP 192.168.1.34:50087 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][9 pkts/822 bytes <-> 3 pkts/285 bytes] 130 UDP 192.168.1.34:13021 -> 76.185.207.12:45493 [proto: 125/Skype][5 pkts/300 bytes -> 0 pkts/0 bytes] 131 TCP 192.168.1.34:50137 <-> 5.248.186.221:31010 [proto: 125/Skype][14 pkts/1062 bytes <-> 4 pkts/383 bytes] - 132 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 125/Skype][15 pkts/2395 bytes <-> 8 pkts/1724 bytes] - 133 UDP 192.168.1.34:13021 -> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 134 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 135 UDP 192.168.1.34:13021 -> 111.221.74.24:40001 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 136 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 137 UDP 192.168.1.34:13021 -> 111.221.74.12:40031 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 138 UDP 192.168.1.34:13021 -> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 139 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 140 UDP 192.168.1.34:13021 -> 111.221.74.32:40009 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 141 UDP 192.168.1.34:13021 -> 111.221.74.31:40021 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 142 UDP 192.168.1.34:13021 -> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 143 UDP 192.168.1.34:13021 -> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 144 UDP 192.168.1.34:13021 -> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 145 UDP 192.168.1.34:13021 -> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 146 UDP 192.168.1.34:13021 -> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 147 UDP 192.168.1.34:13021 -> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 148 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 149 UDP 192.168.1.34:13021 -> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 150 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][3 pkts/297 bytes <-> 3 pkts/186 bytes] - 151 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/417 bytes <-> 4 pkts/352 bytes] - 152 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/353 bytes <-> 4 pkts/246 bytes] - 153 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][11 pkts/814 bytes <-> 3 pkts/287 bytes] - 154 UDP 192.168.1.34:13021 -> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 155 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 156 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 157 UDP 192.168.1.34:13021 -> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 158 TCP 192.168.1.34:50112 <-> 76.167.161.6:20274 [proto: 125/Skype][11 pkts/843 bytes <-> 4 pkts/411 bytes] - 159 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][187 pkts/42539 bytes <-> 200 pkts/155551 bytes][server: *.gateway.messenger.live.com] - 160 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][11 pkts/1074 bytes <-> 3 pkts/254 bytes] - 161 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][11 pkts/1218 bytes <-> 4 pkts/351 bytes] - 162 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][12 pkts/1151 bytes <-> 3 pkts/260 bytes] - 163 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][12 pkts/1074 bytes <-> 3 pkts/277 bytes] - 164 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][12 pkts/1102 bytes <-> 3 pkts/247 bytes] - 165 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][13 pkts/1554 bytes <-> 3 pkts/200 bytes] - 166 TCP 192.168.1.34:50146 -> 157.56.53.51:443 [proto: 91.125/SSL.Skype][8 pkts/608 bytes -> 0 pkts/0 bytes] - 167 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][11 pkts/1050 bytes <-> 4 pkts/351 bytes] - 168 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][12 pkts/1270 bytes <-> 3 pkts/243 bytes] - 169 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][12 pkts/1305 bytes <-> 3 pkts/285 bytes] - 170 UDP 192.168.1.34:13021 -> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 171 UDP 192.168.1.34:13021 -> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 172 UDP 192.168.1.34:13021 -> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 173 UDP 192.168.1.34:13021 -> 157.56.52.21:40004 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 174 UDP 192.168.1.34:13021 -> 157.56.52.26:40026 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 175 UDP 192.168.1.34:13021 -> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 176 UDP 192.168.1.34:13021 -> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 177 UDP 192.168.1.34:13021 -> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 178 UDP 192.168.1.34:13021 -> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 179 UDP 192.168.1.34:13021 -> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 180 UDP 192.168.1.34:13021 -> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 181 UDP 192.168.1.34:13021 -> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 182 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 183 UDP 192.168.1.34:13021 -> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 184 UDP 192.168.1.34:13021 -> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 185 UDP 192.168.1.34:13021 -> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 186 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 187 UDP 192.168.1.34:13021 -> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 188 UDP 192.168.1.34:13021 -> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 189 UDP 192.168.1.34:13021 -> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 190 UDP 192.168.1.34:13021 -> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 191 UDP 192.168.1.34:13021 -> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 192 UDP 192.168.1.34:13021 -> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 193 UDP 192.168.1.34:13021 -> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 194 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 195 UDP 192.168.1.34:49360 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 196 TCP 192.168.1.34:50132 <-> 149.13.32.15:13392 [proto: 125/Skype][13 pkts/1010 bytes <-> 5 pkts/402 bytes] - 197 UDP 192.168.1.92:57621 -> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes -> 0 pkts/0 bytes] - 198 UDP 192.168.1.34:49990 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 199 UDP 192.168.1.34:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes -> 0 pkts/0 bytes] - 200 UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes -> 0 pkts/0 bytes] - 201 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 202 UDP 192.168.1.34:51802 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] - 203 UDP 192.168.1.34:52714 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] - 204 UDP 192.168.1.34:52850 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] - 205 UDP 192.168.1.34:52742 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] - 206 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][13 pkts/1392 bytes <-> 3 pkts/200 bytes] - 207 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][13 pkts/1176 bytes <-> 3 pkts/200 bytes] - 208 UDP 192.168.1.34:54396 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] - 209 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][12 pkts/948 bytes <-> 4 pkts/407 bytes] - 210 TCP 192.168.1.34:50026 <-> 65.55.223.33:40002 [proto: 125/Skype][13 pkts/971 bytes <-> 4 pkts/399 bytes] - 211 TCP 192.168.1.34:50065 <-> 65.55.223.12:40031 [proto: 125/Skype][13 pkts/1004 bytes <-> 4 pkts/397 bytes] - 212 TCP 192.168.1.34:50098 <-> 65.55.223.15:40026 [proto: 125/Skype][13 pkts/995 bytes <-> 4 pkts/386 bytes] - 213 UDP 192.168.1.34:57288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 214 UDP 192.168.1.34:57406 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] - 215 UDP 192.168.1.34:57726 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 216 UDP 192.168.1.34:13021 -> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 217 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 218 UDP 192.168.1.34:13021 -> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 219 UDP 192.168.1.34:13021 -> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 220 UDP 192.168.1.34:13021 -> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 221 UDP 192.168.1.34:13021 -> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 222 UDP 192.168.1.34:58458 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 223 UDP 192.168.1.34:58368 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] - 224 UDP 192.168.1.34:60288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 225 ICMP 192.168.1.1:0 -> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes -> 0 pkts/0 bytes] - 226 UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][1 pkts/101 bytes <-> 1 pkts/133 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] - 227 UDP 192.168.1.34:63108 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes -> 0 pkts/0 bytes][Host: a.config.skype.trafficmanager.net] - 228 UDP 192.168.1.92:50084 -> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes -> 0 pkts/0 bytes] - 229 UDP 192.168.1.34:51066 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] - 230 UDP 192.168.1.34:65426 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] - 231 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][13 pkts/1000 bytes <-> 4 pkts/380 bytes] - 232 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][11 pkts/820 bytes <-> 5 pkts/416 bytes] - 233 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][16 pkts/3461 bytes <-> 1 pkts/74 bytes][client: apps.skype.com] - 234 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][2 pkts/92 bytes -> 0 pkts/0 bytes] - 235 IGMP 192.168.1.92:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 236 IGMP 192.168.1.1:0 -> 224.0.0.1:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 237 IGMP 192.168.1.34:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes -> 0 pkts/0 bytes] - 238 UDP 192.168.1.34:56886 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] - 239 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][13 pkts/977 bytes <-> 4 pkts/384 bytes] - 240 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][11 pkts/836 bytes <-> 5 pkts/442 bytes] - 241 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][12 pkts/899 bytes <-> 5 pkts/406 bytes] - 242 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][14 pkts/1083 bytes <-> 4 pkts/359 bytes] - 243 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][13 pkts/975 bytes <-> 4 pkts/412 bytes] - 244 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125/Skype][231 pkts/60232 bytes <-> 241 pkts/104395 bytes] - 245 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][13 pkts/989 bytes <-> 4 pkts/323 bytes] - 246 UDP 192.168.1.34:64560 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] - 247 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 248 TCP 192.168.1.34:50115 <-> 86.31.35.30:59621 [proto: 125/Skype][13 pkts/995 bytes <-> 4 pkts/391 bytes] - 249 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][9 pkts/862 bytes <-> 3 pkts/285 bytes] - 250 TCP 192.168.1.34:50030 <-> 65.55.223.33:443 [proto: 91/SSL][11 pkts/960 bytes <-> 4 pkts/351 bytes] - 251 TCP 192.168.1.34:50066 <-> 65.55.223.12:443 [proto: 91/SSL][12 pkts/1221 bytes <-> 3 pkts/231 bytes] - 252 TCP 192.168.1.34:50102 <-> 65.55.223.15:443 [proto: 91/SSL][11 pkts/1140 bytes <-> 3 pkts/250 bytes] - 253 UDP 192.168.0.254:1025 -> 239.255.255.250:1900 [proto: 12/SSDP][79 pkts/29479 bytes -> 0 pkts/0 bytes] - 254 UDP 192.168.1.34:13021 -> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 255 UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes -> 0 pkts/0 bytes] - 256 UDP 192.168.1.34:13021 -> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 257 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 258 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 259 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 260 UDP 192.168.1.34:13021 -> 65.55.223.15:40026 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 261 UDP 192.168.1.34:13021 -> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 262 UDP 192.168.1.34:13021 -> 65.55.223.17:40022 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 263 UDP 192.168.1.34:13021 -> 65.55.223.25:40028 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 264 UDP 192.168.1.34:13021 -> 65.55.223.24:40032 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 265 UDP 192.168.1.34:13021 -> 65.55.223.28:40026 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 266 UDP 192.168.1.34:13021 -> 65.55.223.26:40004 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 267 UDP 192.168.1.34:13021 -> 65.55.223.29:40010 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 268 UDP 192.168.1.34:13021 -> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 269 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][1 pkts/90 bytes <-> 1 pkts/90 bytes] - 270 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][11 pkts/955 bytes <-> 9 pkts/561 bytes] - 271 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][14 pkts/1075 bytes <-> 4 pkts/431 bytes] - 272 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][13 pkts/994 bytes <-> 2 pkts/243 bytes] - 273 TCP 108.160.170.46:443 <-> 192.168.1.34:49445 [proto: 91.121/SSL.Dropbox][8 pkts/1636 bytes <-> 8 pkts/4344 bytes] - 274 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][10 pkts/857 bytes <-> 4 pkts/351 bytes] - 275 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][10 pkts/872 bytes <-> 3 pkts/237 bytes] - 276 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][13 pkts/982 bytes <-> 4 pkts/322 bytes] - 277 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][14 pkts/1100 bytes <-> 5 pkts/395 bytes] - 278 UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][4 pkts/908 bytes -> 0 pkts/0 bytes] + 132 UDP 192.168.1.34:13021 -> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 133 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 134 UDP 192.168.1.34:13021 -> 111.221.74.24:40001 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 135 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 136 UDP 192.168.1.34:13021 -> 111.221.74.12:40031 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 137 UDP 192.168.1.34:13021 -> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 138 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 139 UDP 192.168.1.34:13021 -> 111.221.74.32:40009 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 140 UDP 192.168.1.34:13021 -> 111.221.74.31:40021 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 141 UDP 192.168.1.34:13021 -> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 142 UDP 192.168.1.34:13021 -> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 143 UDP 192.168.1.34:13021 -> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 144 UDP 192.168.1.34:13021 -> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 145 UDP 192.168.1.34:13021 -> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 146 UDP 192.168.1.34:13021 -> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 147 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 148 UDP 192.168.1.34:13021 -> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 149 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][3 pkts/297 bytes <-> 3 pkts/186 bytes] + 150 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/417 bytes <-> 4 pkts/352 bytes] + 151 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/353 bytes <-> 4 pkts/246 bytes] + 152 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][11 pkts/814 bytes <-> 3 pkts/287 bytes] + 153 UDP 192.168.1.34:13021 -> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 154 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 155 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 156 UDP 192.168.1.34:13021 -> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 157 TCP 192.168.1.34:50112 <-> 76.167.161.6:20274 [proto: 125/Skype][11 pkts/843 bytes <-> 4 pkts/411 bytes] + 158 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][187 pkts/42539 bytes <-> 200 pkts/155551 bytes][server: *.gateway.messenger.live.com] + 159 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][11 pkts/1074 bytes <-> 3 pkts/254 bytes] + 160 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][11 pkts/1218 bytes <-> 4 pkts/351 bytes] + 161 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][12 pkts/1151 bytes <-> 3 pkts/260 bytes] + 162 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][12 pkts/1074 bytes <-> 3 pkts/277 bytes] + 163 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][12 pkts/1102 bytes <-> 3 pkts/247 bytes] + 164 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][13 pkts/1554 bytes <-> 3 pkts/200 bytes] + 165 TCP 192.168.1.34:50146 -> 157.56.53.51:443 [proto: 91/SSL][8 pkts/608 bytes -> 0 pkts/0 bytes] + 166 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][11 pkts/1050 bytes <-> 4 pkts/351 bytes] + 167 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][12 pkts/1270 bytes <-> 3 pkts/243 bytes] + 168 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][12 pkts/1305 bytes <-> 3 pkts/285 bytes] + 169 UDP 192.168.1.34:13021 -> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 170 UDP 192.168.1.34:13021 -> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 171 UDP 192.168.1.34:13021 -> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 172 UDP 192.168.1.34:13021 -> 157.56.52.21:40004 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 173 UDP 192.168.1.34:13021 -> 157.56.52.26:40026 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 174 UDP 192.168.1.34:13021 -> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 175 UDP 192.168.1.34:13021 -> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 176 UDP 192.168.1.34:13021 -> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 177 UDP 192.168.1.34:13021 -> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 178 UDP 192.168.1.34:13021 -> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 179 UDP 192.168.1.34:13021 -> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 180 UDP 192.168.1.34:13021 -> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 181 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 182 UDP 192.168.1.34:13021 -> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 183 UDP 192.168.1.34:13021 -> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 184 UDP 192.168.1.34:13021 -> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 185 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 186 UDP 192.168.1.34:13021 -> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 187 UDP 192.168.1.34:13021 -> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 188 UDP 192.168.1.34:13021 -> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 189 UDP 192.168.1.34:13021 -> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 190 UDP 192.168.1.34:13021 -> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 191 UDP 192.168.1.34:13021 -> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 192 UDP 192.168.1.34:13021 -> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 193 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 194 UDP 192.168.1.34:49360 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 195 TCP 192.168.1.34:50132 <-> 149.13.32.15:13392 [proto: 125/Skype][13 pkts/1010 bytes <-> 5 pkts/402 bytes] + 196 UDP 192.168.1.92:57621 -> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes -> 0 pkts/0 bytes] + 197 UDP 192.168.1.34:49990 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 198 UDP 192.168.1.34:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes -> 0 pkts/0 bytes] + 199 UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes -> 0 pkts/0 bytes] + 200 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 201 UDP 192.168.1.34:51802 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] + 202 UDP 192.168.1.34:52714 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] + 203 UDP 192.168.1.34:52850 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] + 204 UDP 192.168.1.34:52742 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] + 205 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][13 pkts/1392 bytes <-> 3 pkts/200 bytes] + 206 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][13 pkts/1176 bytes <-> 3 pkts/200 bytes] + 207 UDP 192.168.1.34:54396 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] + 208 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][12 pkts/948 bytes <-> 4 pkts/407 bytes] + 209 TCP 192.168.1.34:50026 <-> 65.55.223.33:40002 [proto: 125/Skype][13 pkts/971 bytes <-> 4 pkts/399 bytes] + 210 TCP 192.168.1.34:50065 <-> 65.55.223.12:40031 [proto: 125/Skype][13 pkts/1004 bytes <-> 4 pkts/397 bytes] + 211 TCP 192.168.1.34:50098 <-> 65.55.223.15:40026 [proto: 125/Skype][13 pkts/995 bytes <-> 4 pkts/386 bytes] + 212 UDP 192.168.1.34:57288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 213 UDP 192.168.1.34:57406 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] + 214 UDP 192.168.1.34:57726 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 215 UDP 192.168.1.34:13021 -> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 216 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 217 UDP 192.168.1.34:13021 -> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 218 UDP 192.168.1.34:13021 -> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 219 UDP 192.168.1.34:13021 -> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 220 UDP 192.168.1.34:13021 -> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 221 UDP 192.168.1.34:58458 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 222 UDP 192.168.1.34:58368 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] + 223 UDP 192.168.1.34:60288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 224 ICMP 192.168.1.1:0 -> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes -> 0 pkts/0 bytes] + 225 UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][1 pkts/101 bytes <-> 1 pkts/133 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] + 226 UDP 192.168.1.34:63108 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes -> 0 pkts/0 bytes][Host: a.config.skype.trafficmanager.net] + 227 UDP 192.168.1.92:50084 -> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes -> 0 pkts/0 bytes] + 228 UDP 192.168.1.34:51066 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] + 229 UDP 192.168.1.34:65426 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] + 230 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][13 pkts/1000 bytes <-> 4 pkts/380 bytes] + 231 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][11 pkts/820 bytes <-> 5 pkts/416 bytes] + 232 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][16 pkts/3461 bytes <-> 1 pkts/74 bytes][client: apps.skype.com] + 233 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][2 pkts/92 bytes -> 0 pkts/0 bytes] + 234 IGMP 192.168.1.92:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 235 IGMP 192.168.1.1:0 -> 224.0.0.1:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 236 IGMP 192.168.1.34:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes -> 0 pkts/0 bytes] + 237 UDP 192.168.1.34:56886 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] + 238 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][13 pkts/977 bytes <-> 4 pkts/384 bytes] + 239 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][11 pkts/836 bytes <-> 5 pkts/442 bytes] + 240 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][12 pkts/899 bytes <-> 5 pkts/406 bytes] + 241 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][14 pkts/1083 bytes <-> 4 pkts/359 bytes] + 242 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][13 pkts/975 bytes <-> 4 pkts/412 bytes] + 243 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125/Skype][231 pkts/60232 bytes <-> 241 pkts/104395 bytes] + 244 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][13 pkts/989 bytes <-> 4 pkts/323 bytes] + 245 UDP 192.168.1.34:64560 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] + 246 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 247 TCP 192.168.1.34:50115 <-> 86.31.35.30:59621 [proto: 125/Skype][13 pkts/995 bytes <-> 4 pkts/391 bytes] + 248 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][9 pkts/862 bytes <-> 3 pkts/285 bytes] + 249 TCP 192.168.1.34:50030 <-> 65.55.223.33:443 [proto: 91/SSL][11 pkts/960 bytes <-> 4 pkts/351 bytes] + 250 TCP 192.168.1.34:50066 <-> 65.55.223.12:443 [proto: 91/SSL][12 pkts/1221 bytes <-> 3 pkts/231 bytes] + 251 TCP 192.168.1.34:50102 <-> 65.55.223.15:443 [proto: 91/SSL][11 pkts/1140 bytes <-> 3 pkts/250 bytes] + 252 UDP 192.168.0.254:1025 -> 239.255.255.250:1900 [proto: 12/SSDP][79 pkts/29479 bytes -> 0 pkts/0 bytes] + 253 UDP 192.168.1.34:13021 -> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 254 UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes -> 0 pkts/0 bytes] + 255 UDP 192.168.1.34:13021 -> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 256 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 257 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 258 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 259 UDP 192.168.1.34:13021 -> 65.55.223.15:40026 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 260 UDP 192.168.1.34:13021 -> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 261 UDP 192.168.1.34:13021 -> 65.55.223.17:40022 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 262 UDP 192.168.1.34:13021 -> 65.55.223.25:40028 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 263 UDP 192.168.1.34:13021 -> 65.55.223.24:40032 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 264 UDP 192.168.1.34:13021 -> 65.55.223.28:40026 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 265 UDP 192.168.1.34:13021 -> 65.55.223.26:40004 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 266 UDP 192.168.1.34:13021 -> 65.55.223.29:40010 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 267 UDP 192.168.1.34:13021 -> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 268 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][1 pkts/90 bytes <-> 1 pkts/90 bytes] + 269 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][11 pkts/955 bytes <-> 9 pkts/561 bytes] + 270 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][14 pkts/1075 bytes <-> 4 pkts/431 bytes] + 271 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][13 pkts/994 bytes <-> 2 pkts/243 bytes] + 272 TCP 108.160.170.46:443 <-> 192.168.1.34:49445 [proto: 91.121/SSL.Dropbox][8 pkts/1636 bytes <-> 8 pkts/4344 bytes] + 273 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][10 pkts/857 bytes <-> 4 pkts/351 bytes] + 274 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][10 pkts/872 bytes <-> 3 pkts/237 bytes] + 275 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][13 pkts/982 bytes <-> 4 pkts/322 bytes] + 276 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][14 pkts/1100 bytes <-> 5 pkts/395 bytes] + 277 UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][4 pkts/908 bytes -> 0 pkts/0 bytes] Undetected flows: @@ -302,10 +301,11 @@ Undetected flows: 6 TCP 192.168.1.34:50124 <-> 81.133.19.185:44431 [proto: 0/Unknown][11 pkts/854 bytes <-> 11 pkts/782 bytes] 7 TCP 192.168.1.34:50131 <-> 212.161.8.36:13392 [proto: 0/Unknown][11 pkts/4406 bytes <-> 8 pkts/705 bytes] 8 TCP 192.168.1.34:50142 <-> 80.14.46.121:4415 [proto: 0/Unknown][12 pkts/985 bytes <-> 6 pkts/489 bytes] - 9 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 0/Unknown][19 pkts/2797 bytes <-> 13 pkts/2175 bytes] - 10 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][24 pkts/3101 bytes <-> 16 pkts/2508 bytes] - 11 TCP 192.168.1.34:50140 <-> 76.167.161.6:20274 [proto: 0/Unknown][2 pkts/132 bytes <-> 1 pkts/74 bytes] - 12 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][10 pkts/797 bytes <-> 4 pkts/342 bytes] - 13 TCP 192.168.1.34:50145 -> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes -> 0 pkts/0 bytes] - 14 TCP 192.168.1.34:50119 <-> 86.31.35.30:59621 [proto: 0/Unknown][62 pkts/6941 bytes <-> 38 pkts/5325 bytes] - 15 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][16 pkts/1169 bytes <-> 11 pkts/929 bytes] + 9 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 0/Unknown][15 pkts/2395 bytes <-> 8 pkts/1724 bytes] + 10 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 0/Unknown][19 pkts/2797 bytes <-> 13 pkts/2175 bytes] + 11 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][24 pkts/3101 bytes <-> 16 pkts/2508 bytes] + 12 TCP 192.168.1.34:50140 <-> 76.167.161.6:20274 [proto: 0/Unknown][2 pkts/132 bytes <-> 1 pkts/74 bytes] + 13 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][10 pkts/797 bytes <-> 4 pkts/342 bytes] + 14 TCP 192.168.1.34:50145 -> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes -> 0 pkts/0 bytes] + 15 TCP 192.168.1.34:50119 <-> 86.31.35.30:59621 [proto: 0/Unknown][62 pkts/6941 bytes <-> 38 pkts/5325 bytes] + 16 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][16 pkts/1169 bytes <-> 11 pkts/929 bytes] diff --git a/tests/result/wechat.pcap.out b/tests/result/wechat.pcap.out index 426f79c1e..a80680e7c 100644 --- a/tests/result/wechat.pcap.out +++ b/tests/result/wechat.pcap.out @@ -5,13 +5,14 @@ MDNS 116 10672 4 NTP 1 90 1 NetBIOS 12 1579 2 DHCP 1 342 1 +QQ 26 9402 2 IGMP 24 1280 4 SSL 21 1209 3 ICMPV6 3 218 2 -Google 113 24811 15 +YouTube 36 9047 2 +Google 92 20878 15 LLMNR 12 944 6 -WeChat 1277 615827 51 -GoogleDrive 15 5114 2 +WeChat 1251 606425 49 1 UDP 192.168.1.103:33915 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] 2 TCP 192.168.1.103:40740 <-> 203.205.151.211:443 [proto: 91/SSL][4 pkts/216 bytes <-> 4 pkts/253 bytes] @@ -19,7 +20,7 @@ GoogleDrive 15 5114 2 4 UDP 192.168.1.103:42589 -> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes -> 0 pkts/0 bytes][Host: ssl.gstatic.com] 5 UDP 192.168.1.103:43317 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/82 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] 6 UDP 192.168.1.103:43705 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/172 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com.lan] - 7 TCP 192.168.1.103:43850 <-> 203.205.158.34:443 [proto: 91.197/SSL.WeChat][12 pkts/2005 bytes <-> 12 pkts/6787 bytes][client: res.wx.qq.com] + 7 TCP 192.168.1.103:43850 <-> 203.205.158.34:443 [proto: 91.48/SSL.QQ][12 pkts/2005 bytes <-> 12 pkts/6787 bytes][client: res.wx.qq.com] 8 UDP 192.168.1.103:44063 -> 192.168.1.254:53 [proto: 5/DNS][2 pkts/162 bytes -> 0 pkts/0 bytes][Host: 1.debian.pool.ntp.org] 9 UDP [fe80::91f9:3df3:7436:6cd6]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][14 pkts/1428 bytes -> 0 pkts/0 bytes] 10 TCP 192.168.1.103:53220 <-> 172.217.23.78:443 [proto: 91.126/SSL.Google][4 pkts/264 bytes <-> 4 pkts/319 bytes] @@ -51,7 +52,7 @@ GoogleDrive 15 5114 2 36 TCP 192.168.1.103:58226 -> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][6 pkts/396 bytes -> 0 pkts/0 bytes] 37 UDP 192.168.1.103:59567 -> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/79 bytes -> 0 pkts/0 bytes][Host: ssl.gstatic.com.lan] 38 TCP 192.168.1.103:58143 -> 216.58.205.131:443 [proto: 91.126/SSL.Google][3 pkts/1078 bytes -> 0 pkts/0 bytes] - 39 UDP 192.168.1.103:57591 <-> 216.58.198.46:443 [proto: 188.217/QUIC.GoogleDrive][6 pkts/2687 bytes <-> 7 pkts/2125 bytes][Host: docs.google.com] + 39 UDP 192.168.1.103:57591 <-> 216.58.198.46:443 [proto: 188.126/QUIC.Google][6 pkts/2687 bytes <-> 7 pkts/2125 bytes][Host: docs.google.com] 40 UDP 192.168.1.100:57401 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/136 bytes -> 0 pkts/0 bytes][Host: mcztmpkc] 41 TCP 192.168.1.103:34996 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] 42 TCP 192.168.1.103:35000 -> 95.101.34.33:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] @@ -61,7 +62,7 @@ GoogleDrive 15 5114 2 46 UDP [fe80::91f9:3df3:7436:6cd6]:50440 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/180 bytes -> 0 pkts/0 bytes][Host: lbjamwptxz] 47 TCP 192.168.1.103:52020 -> 95.101.180.179:80 [proto: 7/HTTP][8 pkts/528 bytes -> 0 pkts/0 bytes] 48 UDP 192.168.1.103:35601 <-> 172.217.23.67:443 [proto: 188.126/QUIC.Google][5 pkts/2035 bytes <-> 5 pkts/1937 bytes][Host: ssl.gstatic.com] - 49 TCP 192.168.1.103:38657 <-> 172.217.22.14:443 [proto: 91.126/SSL.Google][17 pkts/2413 bytes <-> 17 pkts/6268 bytes][client: safebrowsing.googleusercontent.com] + 49 TCP 192.168.1.103:38657 <-> 172.217.22.14:443 [proto: 91.124/SSL.YouTube][17 pkts/2413 bytes <-> 17 pkts/6268 bytes][client: safebrowsing.googleusercontent.com] 50 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][1 pkts/342 bytes -> 0 pkts/0 bytes][Host: iphonedimonica] 51 UDP 192.168.1.103:37578 -> 193.204.114.233:123 [proto: 9/NTP][1 pkts/90 bytes -> 0 pkts/0 bytes] 52 TCP 192.168.1.103:40741 <-> 203.205.151.211:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/108 bytes] @@ -73,7 +74,7 @@ GoogleDrive 15 5114 2 58 UDP 192.168.1.103:45366 -> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][2 pkts/164 bytes -> 0 pkts/0 bytes][Host: webpush.web.wechat.com] 59 UDP 192.168.1.103:46078 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes <-> 1 pkts/234 bytes][Host: ssl.gstatic.com] 60 UDP 192.168.1.103:51507 <-> 172.217.23.67:443 [proto: 188.126/QUIC.Google][7 pkts/3507 bytes <-> 6 pkts/3329 bytes][Host: ssl.gstatic.com] - 61 UDP 192.168.1.103:53734 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/94 bytes <-> 1 pkts/272 bytes][Host: safebrowsing.googleusercontent.com] + 61 UDP 192.168.1.103:53734 <-> 192.168.1.254:53 [proto: 5.124/DNS.YouTube][1 pkts/94 bytes <-> 1 pkts/272 bytes][Host: safebrowsing.googleusercontent.com] 62 TCP 192.168.1.103:54085 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/132 bytes <-> 1 pkts/66 bytes] 63 TCP 192.168.1.103:54089 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][21 pkts/7826 bytes <-> 20 pkts/18761 bytes][client: web.wechat.com] 64 TCP 192.168.1.103:54091 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][9 pkts/966 bytes <-> 6 pkts/3571 bytes][client: web.wechat.com] @@ -89,7 +90,7 @@ GoogleDrive 15 5114 2 74 TCP 192.168.1.103:54117 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][20 pkts/8397 bytes <-> 16 pkts/6566 bytes][client: web.wechat.com] 75 TCP 192.168.1.103:54119 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][26 pkts/8129 bytes <-> 24 pkts/22836 bytes][client: web.wechat.com] 76 TCP 192.168.1.103:54183 -> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][2 pkts/2508 bytes -> 0 pkts/0 bytes] - 77 UDP 192.168.1.103:55862 <-> 192.168.1.254:53 [proto: 5.217/DNS.GoogleDrive][1 pkts/75 bytes <-> 1 pkts/227 bytes][Host: docs.google.com] + 77 UDP 192.168.1.103:55862 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes <-> 1 pkts/227 bytes][Host: docs.google.com] 78 TCP 192.168.1.103:58037 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][5 pkts/338 bytes <-> 3 pkts/214 bytes] 79 TCP 192.168.1.103:58039 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][13 pkts/866 bytes <-> 4 pkts/280 bytes] 80 TCP 192.168.1.103:58041 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 8 pkts/3711 bytes][client: web.wechat.com] @@ -112,7 +113,7 @@ GoogleDrive 15 5114 2 97 TCP 192.168.1.103:39231 -> 95.101.34.34:80 [proto: 7/HTTP][9 pkts/594 bytes -> 0 pkts/0 bytes] 98 UDP 192.168.1.103:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][44 pkts/3608 bytes -> 0 pkts/0 bytes] 99 UDP 192.168.1.100:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][14 pkts/1148 bytes -> 0 pkts/0 bytes] - 100 UDP 192.168.1.103:19041 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/73 bytes <-> 1 pkts/537 bytes][Host: res.wx.qq.com] + 100 UDP 192.168.1.103:19041 <-> 192.168.1.254:53 [proto: 5.48/DNS.QQ][1 pkts/73 bytes <-> 1 pkts/537 bytes][Host: res.wx.qq.com] 101 UDP [fe80::91f9:3df3:7436:6cd6]:49195 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/176 bytes -> 0 pkts/0 bytes][Host: cansaqcq] 102 UDP [fe80::91f9:3df3:7436:6cd6]:50577 -> [ff02::1:3]:5355 [proto: 154/LLMNR][2 pkts/176 bytes -> 0 pkts/0 bytes][Host: mcztmpkc] diff --git a/tests/result/whatsapp_login_call.pcap.out b/tests/result/whatsapp_login_call.pcap.out index d044c712f..360cbc096 100644 --- a/tests/result/whatsapp_login_call.pcap.out +++ b/tests/result/whatsapp_login_call.pcap.out @@ -8,9 +8,9 @@ Facebook 70 9464 14 Dropbox 4 2176 1 Apple 127 28102 20 WhatsApp 182 25154 2 -AppleiTunes 85 28087 2 Spotify 3 258 1 WhatsAppVoice 706 91156 4 +AppleStore 85 28087 2 1 UDP [fe80::da30:62ff:fe56:1c]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes -> 0 pkts/0 bytes] 2 UDP 192.168.2.1:17500 -> 192.168.2.255:17500 [proto: 121/Dropbox][4 pkts/2176 bytes -> 0 pkts/0 bytes] @@ -26,7 +26,7 @@ WhatsAppVoice 706 91156 4 12 TCP 192.168.2.4:49182 <-> 17.172.100.52:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] 13 TCP 192.168.2.4:49197 <-> 17.167.142.39:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] 14 TCP 192.168.2.4:49180 <-> 17.172.100.59:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 15 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][17 pkts/6166 bytes <-> 15 pkts/3539 bytes][client: p53-buy.itunes.apple.com] + 15 TCP 192.168.2.4:49205 <-> 17.173.66.102:443 [proto: 91.224/SSL.AppleStore][17 pkts/6166 bytes <-> 15 pkts/3539 bytes][client: p53-buy.itunes.apple.com] 16 TCP 192.168.2.4:49172 <-> 23.50.148.228:443 [proto: 91/SSL][3 pkts/174 bytes <-> 2 pkts/217 bytes] 17 UDP 192.168.2.4:51518 <-> 31.13.100.14:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] 18 UDP 192.168.2.4:51518 <-> 31.13.70.48:3478 [proto: 78.119/STUN.Facebook][3 pkts/504 bytes <-> 2 pkts/172 bytes] @@ -62,7 +62,7 @@ WhatsAppVoice 706 91156 4 48 TCP 192.168.2.4:49181 <-> 17.172.100.37:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] 49 TCP 192.168.2.4:49164 <-> 17.167.142.31:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] 50 TCP 192.168.2.4:49165 <-> 17.172.100.55:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/54 bytes] - 51 TCP 192.168.2.4:49204 <-> 17.173.66.102:443 [proto: 91.145/SSL.AppleiTunes][29 pkts/11770 bytes <-> 24 pkts/6612 bytes][client: p53-buy.itunes.apple.com] + 51 TCP 192.168.2.4:49204 <-> 17.173.66.102:443 [proto: 91.224/SSL.AppleStore][29 pkts/11770 bytes <-> 24 pkts/6612 bytes][client: p53-buy.itunes.apple.com] 52 TCP 192.168.2.4:49199 <-> 17.172.100.70:993 [proto: 51.140/IMAPS.Apple][9 pkts/1130 bytes <-> 8 pkts/868 bytes] 53 TCP 192.168.2.4:49193 <-> 17.110.229.14:5223 [proto: 140/Apple][11 pkts/4732 bytes <-> 11 pkts/1194 bytes] 54 UDP 169.254.166.207:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][2 pkts/218 bytes -> 0 pkts/0 bytes] -- cgit v1.2.3 From 0b72c2fce393113fc11f61810326d57047225f63 Mon Sep 17 00:00:00 2001 From: Micah Lyle Date: Fri, 14 Jul 2017 14:55:03 -0700 Subject: Fixed tcp ssl case where client cert got set but server did not --- src/lib/protocols/ssl.c | 63 ++++++++++++++++++++++++++++++------------------- 1 file changed, 39 insertions(+), 24 deletions(-) (limited to 'src') diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c index 5860abed7..d6e1ffd7e 100644 --- a/src/lib/protocols/ssl.c +++ b/src/lib/protocols/ssl.c @@ -47,7 +47,7 @@ static u_int32_t ndpi_ssl_refine_master_protocol(struct ndpi_detection_module_st if(packet->tcp != NULL) { switch(protocol) { - + case NDPI_PROTOCOL_SSL: case NDPI_PROTOCOL_SSL_NO_CERT: { @@ -57,7 +57,7 @@ static u_int32_t ndpi_ssl_refine_master_protocol(struct ndpi_detection_module_st */ u_int16_t sport = ntohs(packet->tcp->source); u_int16_t dport = ntohs(packet->tcp->dest); - + if((sport == 465) || (dport == 465)) protocol = NDPI_PROTOCOL_MAIL_SMTPS; else if((sport == 993) || (dport == 993) @@ -70,7 +70,7 @@ static u_int32_t ndpi_ssl_refine_master_protocol(struct ndpi_detection_module_st break; } } - + return protocol; } @@ -98,14 +98,14 @@ static void ndpi_int_ssl_add_connection(struct ndpi_detection_module_struct *ndp ((ch) >= '{' && (ch) <= '~')) static void stripCertificateTrailer(char *buffer, int buffer_len) { - + int i, is_puny; - + // printf("->%s<-\n", buffer); - + for(i = 0; i < buffer_len; i++) { // printf("%c [%d]\n", buffer[i], buffer[i]); - + if((buffer[i] != '.') && (buffer[i] != '-') && (buffer[i] != '_') @@ -120,12 +120,12 @@ static void stripCertificateTrailer(char *buffer, int buffer_len) { /* check for punycode encoding */ is_puny = check_punycode_string(buffer, buffer_len); - + // not a punycode string - need more checks if(is_puny == 0) { - + if(i > 0) i--; - + while(i > 0) { if(!ndpi_isalpha(buffer[i])) { buffer[i] = '\0'; @@ -134,8 +134,8 @@ static void stripCertificateTrailer(char *buffer, int buffer_len) { } else break; } - - for(i = buffer_len; i > 0; i--) { + + for(i = buffer_len; i > 0; i--) { if(buffer[i] == '.') break; else if(ndpi_isdigit(buffer[i])) buffer[i] = '\0', buffer_len = i; @@ -325,18 +325,21 @@ int sslDetectProtocolFromCertificate(struct ndpi_detection_module_struct *ndpi_s #ifdef CERTIFICATE_DEBUG printf("***** [SSL] %s\n", certificate); #endif - u_int32_t subproto = ndpi_match_host_subprotocol(ndpi_struct, flow, certificate, + /* If we've detected the subprotocol from client certificate but haven't had a chance + * to see the server certificate yet, wait a few more packets */ + if((flow->protos.ssl.client_certificate[0] != '\0') && (flow->protos.ssl.server_certificate[0] == '\0')) { + return (rc); + } + u_int32_t subproto = ndpi_match_host_subprotocol(ndpi_struct, flow, certificate, strlen(certificate), NDPI_PROTOCOL_SSL); - if(subproto != NDPI_PROTOCOL_UNKNOWN) { - ndpi_set_detected_protocol(ndpi_struct, flow, subproto, - ndpi_ssl_refine_master_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SSL)); - return(rc); /* Fix courtesy of Gianluca Costa */ - } - + ndpi_set_detected_protocol(ndpi_struct, flow, subproto, + ndpi_ssl_refine_master_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SSL)); + return(rc); /* Fix courtesy of Gianluca Costa */ + } #ifdef NDPI_PROTOCOL_TOR - if(ndpi_is_ssl_tor(ndpi_struct, flow, certificate) != 0) - return(rc); + if(ndpi_is_ssl_tor(ndpi_struct, flow, certificate) != 0) + return(rc); #endif } @@ -346,11 +349,23 @@ int sslDetectProtocolFromCertificate(struct ndpi_detection_module_struct *ndpi_s && flow->l4.tcp.seen_ack /* We have seen the 3-way handshake */) || (flow->protos.ssl.server_certificate[0] != '\0') /* || (flow->protos.ssl.client_certificate[0] != '\0') */ - ) - ndpi_int_ssl_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_SSL); + ) { + if (flow->protos.ssl.client_certificate[0] != '\0') { + u_int32_t subproto = ndpi_match_host_subprotocol(ndpi_struct, flow, flow->protos.ssl.client_certificate, + strlen(flow->protos.ssl.client_certificate), NDPI_PROTOCOL_SSL); + if (subproto != NDPI_PROTOCOL_UNKNOWN) { + /* We would've only made it here if at some point we went into the if clause above where we wait a + * few packets if we have a subprotocol client cert match but hadn't seen a server cert at that point. */ + ndpi_set_detected_protocol(ndpi_struct, flow, subproto, + ndpi_ssl_refine_master_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SSL)); + return(2); /* Returning 2 is because we had a client certificate match + * (since we use what would've been the return code from getSSLCertificate) */ } } - + ndpi_int_ssl_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_SSL); + } + } + } return(0); } -- cgit v1.2.3 From 6e85b9344298dbba49d06951360c5e3c464d92ba Mon Sep 17 00:00:00 2001 From: Micah Lyle Date: Mon, 17 Jul 2017 18:06:07 -0700 Subject: Implementation for extra packet processing if desired --- example/ndpi_util.c | 40 ++++++++++++--- example/ndpi_util.h | 5 +- src/include/ndpi_api.h | 121 ++++++++++++++++++++++++++------------------ src/include/ndpi_typedefs.h | 6 ++- src/lib/ndpi_main.c | 54 ++++++++++++++++++-- src/lib/protocols/ssl.c | 63 ++++++++++++++++------- 6 files changed, 207 insertions(+), 82 deletions(-) (limited to 'src') diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 75bab6319..b0955d8d4 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -158,10 +158,10 @@ int ndpi_workflow_node_cmp(const void *a, const void *b) { if(fa->hashval < fb->hashval) return(-1); else if(fa->hashval > fb->hashval) return(1); /* Flows have the same hash */ - + if(fa->vlan_id < fb->vlan_id ) return(-1); else { if(fa->vlan_id > fb->vlan_id ) return(1); } if(fa->protocol < fb->protocol ) return(-1); else { if(fa->protocol > fb->protocol ) return(1); } - + if( ( (fa->src_ip == fb->src_ip ) @@ -178,12 +178,12 @@ int ndpi_workflow_node_cmp(const void *a, const void *b) { ) ) return(0); - + if(fa->src_ip < fb->src_ip ) return(-1); else { if(fa->src_ip > fb->src_ip ) return(1); } if(fa->src_port < fb->src_port) return(-1); else { if(fa->src_port > fb->src_port) return(1); } if(fa->dst_ip < fb->dst_ip ) return(-1); else { if(fa->dst_ip > fb->dst_ip ) return(1); } if(fa->dst_port < fb->dst_port) return(-1); else { if(fa->dst_port > fb->dst_port) return(1); } - + return(0); /* notreached */ } @@ -453,7 +453,7 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl } } - if(flow->detection_completed) { + if(flow->detection_completed && !flow->check_extra_packets) { if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) { if (workflow->__flow_giveup_callback != NULL) workflow->__flow_giveup_callback(workflow, flow, workflow->__flow_giveup_udata); @@ -516,7 +516,7 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, flow->src2dst_packets++, flow->src2dst_bytes += rawsize; else flow->dst2src_packets++, flow->dst2src_bytes += rawsize; - + flow->last_seen = time; } else { // flow is NULL workflow->stats.total_discarded_bytes++; @@ -524,7 +524,28 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, } /* Protocol already detected */ - if(flow->detection_completed) return(flow->detected_protocol); + if(flow->detection_completed) { + if(flow->check_extra_packets && ndpi_flow != NULL && ndpi_flow->check_extra_packets) { + if(ndpi_flow->num_extra_packets_checked == 0 && ndpi_flow->max_extra_packets_to_check == 0) { + /* Protocols can set this, but we set it here in case they didn't */ + ndpi_flow->max_extra_packets_to_check = MAX_EXTRA_PACKETS_TO_CHECK; + } + if(ndpi_flow->num_extra_packets_checked < ndpi_flow->max_extra_packets_to_check) { + ndpi_process_extra_packet(workflow->ndpi_struct, ndpi_flow, + iph ? (uint8_t *)iph : (uint8_t *)iph6, + ipsize, time, src, dst); + if (ndpi_flow->check_extra_packets == 0) { + flow->check_extra_packets = 0; + ndpi_free_flow_info_half(flow); + } + } + } else if (ndpi_flow != NULL) { + /* If this wasn't NULL we should do the half free */ + /* TODO: When half_free is deprecated, get rid of this */ + ndpi_free_flow_info_half(flow); + } + return(flow->detected_protocol); + } flow->detected_protocol = ndpi_detection_process_packet(workflow->ndpi_struct, ndpi_flow, iph ? (uint8_t *)iph : (uint8_t *)iph6, @@ -535,12 +556,15 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow, || ((proto == IPPROTO_TCP) && ((flow->src2dst_packets + flow->dst2src_packets) > 10))) { /* New protocol detected or give up */ flow->detection_completed = 1; + /* Check if we should keep checking extra packets */ + if (ndpi_flow->check_extra_packets) + flow->check_extra_packets = 1; if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN) flow->detected_protocol = ndpi_detection_giveup(workflow->ndpi_struct, flow->ndpi_flow); process_ndpi_collected_info(workflow, flow); - } + } return(flow->detected_protocol); } diff --git a/example/ndpi_util.h b/example/ndpi_util.h index f6d315748..45101cf10 100644 --- a/example/ndpi_util.h +++ b/example/ndpi_util.h @@ -36,6 +36,7 @@ #define MAX_IDLE_TIME 30000 #define IDLE_SCAN_BUDGET 1024 #define NUM_ROOTS 512 +#define MAX_EXTRA_PACKETS_TO_CHECK 7 #define MAX_NDPI_FLOWS 200000000 #define TICK_RESOLUTION 1000 #define MAX_NUM_IP_ADDRESS 5 /* len of ip address array */ @@ -56,7 +57,7 @@ typedef struct ndpi_flow_info { u_int32_t dst_ip; u_int16_t src_port; u_int16_t dst_port; - u_int8_t detection_completed, protocol, bidirectional; + u_int8_t detection_completed, protocol, bidirectional, check_extra_packets; u_int16_t vlan_id; struct ndpi_flow_struct *ndpi_flow; char src_name[48], dst_name[48]; @@ -64,7 +65,7 @@ typedef struct ndpi_flow_info { u_int64_t last_seen; u_int64_t src2dst_bytes, dst2src_bytes; u_int32_t src2dst_packets, dst2src_packets; - + // result only, not used for flow identification ndpi_protocol detected_protocol; diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index b2c6b6952..03a73d66b 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -42,20 +42,20 @@ extern "C" { #define SAVE_DETECTION_BITMASK_AS_UNKNOWN 1 #define NO_SAVE_DETECTION_BITMASK_AS_UNKNOWN 0 - + /** * Check if a string is encoded with punycode * ( https://tools.ietf.org/html/rfc3492 ) * * @par buff = pointer to the string to ckeck * @par len = len of the string - * @return 1 if the string is punycoded; + * @return 1 if the string is punycoded; * else 0 * */ int check_punycode_string(char * buff , int len); - + /** * Get the size of the flow struct * @@ -64,16 +64,16 @@ extern "C" { */ u_int32_t ndpi_detection_get_sizeof_ndpi_flow_struct(void); - + /** - * Get the size of the id struct + * Get the size of the id struct * * @return the size of the id struct - * + * */ u_int32_t ndpi_detection_get_sizeof_ndpi_id_struct(void); - + /** * nDPI personal allocation and free functions **/ @@ -98,7 +98,7 @@ extern "C" { */ char* ndpi_strnstr(const char *s, const char *find, size_t slen); - + /** * Returns the nDPI protocol id for IP-based protocol detection * @@ -106,7 +106,7 @@ extern "C" { * @par pin = IP host address (MUST BE in network byte order): * See man(7) ip for details * @return the nDPI protocol ID - * + * */ u_int16_t ndpi_network_ptree_match(struct ndpi_detection_module_struct *ndpi_struct, struct in_addr *pin); @@ -117,9 +117,9 @@ extern "C" { * @par ndpi_mod = the struct created for the protocol detection * @par match = the struct passed to match the protocol * - */ + */ void ndpi_init_protocol_match(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol_match *match); - + /** * Returns a new initialized detection module * @@ -127,7 +127,7 @@ extern "C" { * */ struct ndpi_detection_module_struct *ndpi_init_detection_module(void); - + /** * Frees the memory allocated in the specified flow * @@ -136,7 +136,7 @@ extern "C" { */ void ndpi_free_flow(struct ndpi_flow_struct *flow); - + /** * Enables cache support. * In nDPI is used for some protocol (i.e. Skype) @@ -148,7 +148,7 @@ extern "C" { */ void ndpi_enable_cache(struct ndpi_detection_module_struct *ndpi_mod, char* host, u_int port); - + /** * Destroys the detection module * @@ -180,7 +180,7 @@ extern "C" { const NDPI_SELECTION_BITMASK_PROTOCOL_SIZE ndpi_selection_bitmask, u_int8_t b_save_bitmask_unknow, u_int8_t b_add_detection_bitmask); - + /** * Sets the protocol bitmask2 @@ -192,7 +192,7 @@ extern "C" { void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *ndpi_struct, const NDPI_PROTOCOL_BITMASK * detection_bitmask); - + /** * Function to be called before we give up with detection for a given flow. * This function reduces the NDPI_UNKNOWN_PROTOCOL detection @@ -200,12 +200,35 @@ extern "C" { * @par ndpi_struct = the detection module * @par flow = the flow given for the detection module * @return the detected protocol even if the flow is not completed; - * + * */ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); - + /** + * Processes an extra packet in order to get more information for a given protocol + * (like SSL getting both client and server certificate even if we already know after + * seeing the client certificate what the protocol is) + * + * @par ndpi_struct = the detection module + * @par flow = pointer to the connection state machine + * @par packet = unsigned char pointer to the Layer 3 (IP header) + * @par packetlen = the length of the packet + * @par current_tick = the current timestamp for the packet + * @par src = pointer to the source subscriber state machine + * @par dst = pointer to the destination subscriber state machine + * @return void + * + */ + void ndpi_process_extra_packet(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, + const unsigned char *packet, + const unsigned short packetlen, + const u_int64_t current_tick, + struct ndpi_id_struct *src, + struct ndpi_id_struct *dst); + + /** * Processes one packet and returns the ID of the detected protocol. * This is the MAIN PACKET PROCESSING FUNCTION. @@ -228,7 +251,7 @@ extern "C" { struct ndpi_id_struct *src, struct ndpi_id_struct *dst); - + /** * Get the main protocol of the passed flows for the detected module * @@ -241,13 +264,13 @@ extern "C" { u_int16_t ndpi_get_flow_masterprotocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); - + /** * Query the pointer to the layer 4 packet * * @par l3 = pointer to the layer 3 data * @par l3_len = length of the layer 3 data - * @par l4_return = address to the pointer of the layer 4 data if return value == 0, else undefined + * @par l4_return = address to the pointer of the layer 4 data if return value == 0, else undefined * @par l4_len_return = length of the layer 4 data if return value == 0, else undefined * @par l4_protocol_return = protocol of the layer 4 data if return value == 0, undefined otherwise * @par flags = limit operation on ipv4 or ipv6 packets. Possible values: NDPI_DETECTION_ONLY_IPV4 - NDPI_DETECTION_ONLY_IPV6 - 0 (any) @@ -261,13 +284,13 @@ extern "C" { /** * Search and return the protocol based on matched ports - * + * * @par ndpi_struct = the detection module * @par shost = source address in host byte order * @par sport = source port number * @par dhost = destination address in host byte order * @par dport = destination port number - * @return the struct ndpi_protocol that match the port base protocol + * @return the struct ndpi_protocol that match the port base protocol * */ ndpi_protocol ndpi_find_port_based_protocol(struct ndpi_detection_module_struct *ndpi_struct/* , u_int8_t proto */, @@ -276,17 +299,17 @@ extern "C" { u_int32_t dhost, u_int16_t dport); - + /** * Search and return the protocol guessed that is undetected - * + * * @par ndpi_struct = the detection module * @par proto = the l4 protocol number * @par shost = source address in host byte order * @par sport = source port number * @par dhost = destination address in host byte order * @par dport = destination port number - * @return the struct ndpi_protocol that match the port base protocol + * @return the struct ndpi_protocol that match the port base protocol * */ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct *ndpi_struct, @@ -299,7 +322,7 @@ extern "C" { /** * Check if the string passed match with a protocol - * + * * @par ndpi_struct = the detection module * @par string_to_match = the string to match * @par string_to_match_len = the length of the string @@ -315,7 +338,7 @@ extern "C" { /** * Check if the host passed match with a protocol - * + * * @par ndpi_struct = the detection module * @par flow = the flow where match the host * @par string_to_match = the string to match @@ -333,7 +356,7 @@ extern "C" { /** * Check if the string content passed match with a protocol - * + * * @par ndpi_struct = the detection module * @par flow = the flow where match the host * @par string_to_match = the string to match @@ -348,7 +371,7 @@ extern "C" { u_int string_to_match_len, u_int16_t master_protocol_id); - + /** * Check if the string -bigram_to_match- match with a bigram of -automa- * @@ -358,11 +381,11 @@ extern "C" { * @return 0 * */ - int ndpi_match_bigram(struct ndpi_detection_module_struct *ndpi_struct, + int ndpi_match_bigram(struct ndpi_detection_module_struct *ndpi_struct, ndpi_automa *automa, char *bigram_to_match); - + /** * Write the protocol name in the buffer -buf- as master_protocol.protocol * @@ -392,7 +415,7 @@ extern "C" { * @return the protocol category */ ndpi_protocol_category_t ndpi_get_proto_category(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol proto); - + /** * Get the protocol name associated to the ID * @@ -414,13 +437,13 @@ extern "C" { */ ndpi_protocol_breed_t ndpi_get_proto_breed(struct ndpi_detection_module_struct *ndpi_struct, u_int16_t proto); - + /** * Return the string name of the protocol breed * * @par ndpi_struct = the detection module * @par breed_id = the breed ID associated to the protocol - * @return the string name of the breed ID + * @return the string name of the breed ID * */ char* ndpi_get_proto_breed_name(struct ndpi_detection_module_struct *ndpi_struct, ndpi_protocol_breed_t breed_id); @@ -431,7 +454,7 @@ extern "C" { * * @par ndpi_mod = the detection module * @par proto = the ID of the protocol - * @return the string name of the breed ID + * @return the string name of the breed ID * */ int ndpi_get_protocol_id(struct ndpi_detection_module_struct *ndpi_mod, char *proto); @@ -443,7 +466,7 @@ extern "C" { * @par ndpi_mod = the detection module */ void ndpi_dump_protocols(struct ndpi_detection_module_struct *mod); - + /** * Read a file and load the protocols @@ -467,12 +490,12 @@ extern "C" { * Get the total number of the supported protocols * * @par ndpi_mod = the detection module - * @return the number of protocols + * @return the number of protocols * */ u_int ndpi_get_num_supported_protocols(struct ndpi_detection_module_struct *ndpi_mod); - + /** * Get the nDPI version release * @@ -503,7 +526,7 @@ extern "C" { */ ndpi_http_method ndpi_get_http_method(struct ndpi_detection_module_struct *ndpi_mod, struct ndpi_flow_struct *flow); - + /** * Get the HTTP url * @@ -526,7 +549,7 @@ extern "C" { char* ndpi_get_http_content_type(struct ndpi_detection_module_struct *ndpi_mod, struct ndpi_flow_struct *flow); #endif - + #ifdef NDPI_PROTOCOL_TOR /** * Check if the flow could be detected as TOR protocol @@ -536,7 +559,7 @@ extern "C" { * @par certificate = the ssl certificate * @return 1 if the flow is TOR; * 0 else - * + * */ int ndpi_is_ssl_tor(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, char *certificate); @@ -547,7 +570,7 @@ extern "C" { * Init Aho-Corasick automata * * @return The requested automata, or NULL if an error occurred - * + * */ void* ndpi_init_automa(void); @@ -556,7 +579,7 @@ extern "C" { * Free Aho-Corasick automata allocated with ndpi_init_automa(); * * @par The automata initialized with ndpi_init_automa(); - * + * */ void ndpi_free_automa(void *_automa); @@ -568,7 +591,7 @@ extern "C" { * @par The (sub)string to search * @par The number associated with this string * @return 0 in case of no error, or -1 if an error occurred. - * + * */ int ndpi_add_string_value_to_automa(void *_automa, char *str, unsigned long num); @@ -579,7 +602,7 @@ extern "C" { * @par The automata initialized with ndpi_init_automa(); * @par The (sub)string to search * @return 0 in case of no error, or -1 if an error occurred. - * + * */ int ndpi_add_string_to_automa(void *_automa, char *str); @@ -588,7 +611,7 @@ extern "C" { * Finalize the automa (necessary before start searching) * * @par The automata initialized with ndpi_init_automa(); - * + * */ void ndpi_finalize_automa(void *_automa); @@ -599,7 +622,7 @@ extern "C" { * @par The automata initialized with ndpi_init_automa(); * @par The (sub)string to search * @return 0 in case of match, or -1 if no match, or -2 if an error occurred. - * + * */ int ndpi_match_string(void *_automa, char *string_to_match); @@ -611,7 +634,7 @@ extern "C" { * @par The (sub)string to search * @par The id associated with the matched string or 0 id not found. * @return 0 in case of match, or -1 if no match, or -2 if an error occurred. - * + * */ int ndpi_match_string_id(void *_automa, char *string_to_match, unsigned long *id); diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index c10101d42..dd7bb89d9 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -912,7 +912,7 @@ struct ndpi_flow_struct { /* init parameter, internal used to set up timestamp,... */ u_int16_t guessed_protocol_id, guessed_host_protocol_id; - u_int8_t protocol_id_already_guessed:1, host_already_guessed:1, init_finished:1, setup_packet_direction:1, packet_direction:1; + u_int8_t protocol_id_already_guessed:1, host_already_guessed:1, init_finished:1, setup_packet_direction:1, packet_direction:1, check_extra_packets:1; /* if ndpi_struct->direction_detect_disable == 1 @@ -920,6 +920,10 @@ struct ndpi_flow_struct { */ u_int32_t next_tcp_seq_nr[2]; + u_int8_t max_extra_packets_to_check; + u_int8_t num_extra_packets_checked; + int (*extra_packets_func) (struct ndpi_detection_module_struct *, struct ndpi_flow_struct *flow); + /* the tcp / udp / other l4 value union used to reduce the number of bytes for tcp or udp protocol states diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index a2f957ce9..de8c0cb7b 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1631,7 +1631,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "FIX", NDPI_PROTOCOL_CATEGORY_RPC, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - + /* calling function for host and content matched protocols */ init_string_based_protocols(ndpi_mod); @@ -1650,7 +1650,7 @@ static int ac_match_handler(AC_MATCH_t *m, void *param) { /* Return 1 for stopping to the first match. We might consider searching for the more - specific match, paying more cpu cycles. + specific match, paying more cpu cycles. */ *matching_protocol_id = m->patterns[0].rep.number; @@ -3439,6 +3439,50 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st /* ********************************************************************************* */ +void ndpi_process_extra_packet(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, + const unsigned char *packet, + const unsigned short packetlen, + const u_int64_t current_tick_l, + struct ndpi_id_struct *src, + struct ndpi_id_struct *dst) +{ + if(flow == NULL) + return; + + if(flow->server_id == NULL) flow->server_id = dst; /* Default */ + + /* need at least 20 bytes for ip header */ + if(packetlen < 20) { + return; + } + + flow->packet.tick_timestamp_l = current_tick_l; + flow->packet.tick_timestamp = (u_int32_t)current_tick_l/1000; + + /* parse packet */ + flow->packet.iph = (struct ndpi_iphdr *)packet; + /* we are interested in ipv4 packet */ + + /* set up the packet headers for the extra packet function to use if it wants */ + if(ndpi_init_packet_header(ndpi_struct, flow, packetlen) != 0) + return; + + /* detect traffic for tcp or udp only */ + flow->src = src, flow->dst = dst; + ndpi_connection_tracking(ndpi_struct, flow); + + /* call the extra packet function (which may add more data/info to flow) */ + if (flow->extra_packets_func) { + if ((flow->extra_packets_func(ndpi_struct, flow)) == 0) + flow->check_extra_packets = 0; + } + + flow->num_extra_packets_checked++; +} + +/* ********************************************************************************* */ + ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, const unsigned char *packet, @@ -4635,7 +4679,7 @@ int ndpi_match_prefix(const u_int8_t *payload, size_t payload_len, const char *str, size_t str_len) { int rc = str_len <= payload_len ? memcmp(payload, str, str_len) == 0 : 0; - + return rc; } @@ -4648,7 +4692,7 @@ int ndpi_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_stru AC_TEXT_t ac_input_text; ndpi_automa *automa = is_host_match ? &ndpi_struct->host_automa : &ndpi_struct->content_automa; int rc; - + if((automa->ac_automa == NULL) || (string_to_match_len == 0)) return(NDPI_PROTOCOL_UNKNOWN); if(!automa->ac_automa_finalized) { @@ -4658,7 +4702,7 @@ int ndpi_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_stru ac_input_text.astring = string_to_match, ac_input_text.length = string_to_match_len; ac_automata_search(((AC_AUTOMATA_t*)automa->ac_automa), &ac_input_text, (void*)&matching_protocol_id); - + ac_automata_reset(((AC_AUTOMATA_t*)automa->ac_automa)); return(matching_protocol_id); diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c index d6e1ffd7e..5afca5389 100644 --- a/src/lib/protocols/ssl.c +++ b/src/lib/protocols/ssl.c @@ -306,6 +306,46 @@ int getSSLcertificate(struct ndpi_detection_module_struct *ndpi_struct, return(0); /* Not found */ } +int sslTryAndRetrieveServerCertificate(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { + struct ndpi_packet_struct *packet = &flow->packet; + + /* consider only specific SSL packets (handshake) */ + if((packet->payload_packet_len > 9) && (packet->payload[0] == 0x16)) { + char certificate[64]; + int rc; + certificate[0] = '\0'; + rc = getSSLcertificate(ndpi_struct, flow, certificate, sizeof(certificate)); + packet->ssl_certificate_num_checks++; + if (rc > 0) { + packet->ssl_certificate_detected++; + if (flow->protos.ssl.server_certificate[0] != '\0') + /* 0 means we're done processing extra packets (since we found what we wanted) */ + return 0; + } + /* Client hello, Server Hello, and certificate packets probably all checked in this case */ + if ((packet->ssl_certificate_num_checks >= 3) + && (flow->l4.tcp.seen_syn) + && (flow->l4.tcp.seen_syn_ack) + && (flow->l4.tcp.seen_ack) /* We have seen the 3-way handshake */) + { + /* We're done processing extra packets since we've probably checked all possible cert packets */ + return 0; + } + } + /* 1 means keep looking for more packets */ + return 1; +} + +void sslInitExtraPacketProcessing(int caseNum, struct ndpi_flow_struct *flow) { + flow->check_extra_packets = 1; + /* 0 is the case for waiting for the server certificate */ + if (caseNum == 0) { + /* At most 7 packets should almost always be enough to find the server certificate if it's there */ + flow->max_extra_packets_to_check = 7; + flow->extra_packets_func = sslTryAndRetrieveServerCertificate; + } +} + int sslDetectProtocolFromCertificate(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; @@ -325,14 +365,15 @@ int sslDetectProtocolFromCertificate(struct ndpi_detection_module_struct *ndpi_s #ifdef CERTIFICATE_DEBUG printf("***** [SSL] %s\n", certificate); #endif - /* If we've detected the subprotocol from client certificate but haven't had a chance - * to see the server certificate yet, wait a few more packets */ - if((flow->protos.ssl.client_certificate[0] != '\0') && (flow->protos.ssl.server_certificate[0] == '\0')) { - return (rc); - } u_int32_t subproto = ndpi_match_host_subprotocol(ndpi_struct, flow, certificate, strlen(certificate), NDPI_PROTOCOL_SSL); if(subproto != NDPI_PROTOCOL_UNKNOWN) { + /* If we've detected the subprotocol from client certificate but haven't had a chance + * to see the server certificate yet, set up extra packet processing to wait + * a few more packets. */ + if((flow->protos.ssl.client_certificate[0] != '\0') && (flow->protos.ssl.server_certificate[0] == '\0')) { + sslInitExtraPacketProcessing(0, flow); + } ndpi_set_detected_protocol(ndpi_struct, flow, subproto, ndpi_ssl_refine_master_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SSL)); return(rc); /* Fix courtesy of Gianluca Costa */ @@ -350,18 +391,6 @@ int sslDetectProtocolFromCertificate(struct ndpi_detection_module_struct *ndpi_s || (flow->protos.ssl.server_certificate[0] != '\0') /* || (flow->protos.ssl.client_certificate[0] != '\0') */ ) { - if (flow->protos.ssl.client_certificate[0] != '\0') { - u_int32_t subproto = ndpi_match_host_subprotocol(ndpi_struct, flow, flow->protos.ssl.client_certificate, - strlen(flow->protos.ssl.client_certificate), NDPI_PROTOCOL_SSL); - if (subproto != NDPI_PROTOCOL_UNKNOWN) { - /* We would've only made it here if at some point we went into the if clause above where we wait a - * few packets if we have a subprotocol client cert match but hadn't seen a server cert at that point. */ - ndpi_set_detected_protocol(ndpi_struct, flow, subproto, - ndpi_ssl_refine_master_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SSL)); - return(2); /* Returning 2 is because we had a client certificate match - * (since we use what would've been the return code from getSSLCertificate) */ - } - } ndpi_int_ssl_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_SSL); } } -- cgit v1.2.3 From bab373f9924eb091052bb53a38d44ede5bbe72d8 Mon Sep 17 00:00:00 2001 From: emanuele-f Date: Mon, 24 Jul 2017 12:06:13 +0200 Subject: Add nintendo protocol --- src/include/ndpi_protocol_ids.h | 3 ++- src/lib/ndpi_content_match.c.inc | 3 +++ 2 files changed, 5 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 4c5d6539c..2c12fb69c 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -269,11 +269,12 @@ #define NDPI_PROTOCOL_PLAYSTORE 228 /* Google Play Store */ #define NDPI_PROTOCOL_SOMEIP 229 #define NDPI_PROTOCOL_FIX 230 +#define NDPI_PROTOCOL_NINTENDO 231 /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ -#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_FIX +#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_NINTENDO #define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1) #define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL) diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 528bf84a5..4475d640a 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8239,6 +8239,9 @@ ndpi_protocol_match host_match[] = { { "dnscrypt.org", "DNScrypt", NDPI_PROTOCOL_DNSCRYPT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, { "torrent.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_P2P, NDPI_PROTOCOL_ACCEPTABLE }, + + { ".nintendo.net", "Nintendo", NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".nintendo.com", "Nintendo", NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, { NULL, 0 } }; -- cgit v1.2.3 From 7ec3af2156d48722941655951d363694bdcc5625 Mon Sep 17 00:00:00 2001 From: Luca Date: Tue, 25 Jul 2017 16:45:22 +0200 Subject: Removed reference to ndpi_init_placeholder_proto() that is no longer necessary --- src/lib/ndpi_main.c | 15 --------------- 1 file changed, 15 deletions(-) (limited to 'src') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index a2f957ce9..21e43a8d3 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -684,21 +684,6 @@ static void init_string_based_protocols(struct ndpi_detection_module_struct *ndp /* ******************************************************************** */ -static void ndpi_init_placeholder_proto(struct ndpi_detection_module_struct *ndpi_mod, - ndpi_port_range *ports_a, - ndpi_port_range *ports_b, - u_int16_t *no_master, - u_int16_t proto_id) -{ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, proto_id, - no_master, - no_master, "Placeholder", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ -} - -/* ******************************************************************** */ - /* This function is used to map protocol name and default ports and it MUST be updated whenever a new protocol is added to NDPI. -- cgit v1.2.3 From c15f2bda97df15d7c225fe04cd1ef4d453b098b5 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 26 Jul 2017 19:59:46 +0200 Subject: Implemented support for Nintendo (switch) gaming protocol --- src/include/ndpi_protocols.h | 2 ++ src/lib/Makefile.am | 1 + src/lib/ndpi_main.c | 13 ++++++-- src/lib/protocols/nintendo.c | 68 ++++++++++++++++++++++++++++++++++++++++ tests/pcap/nintendo.pcap | Bin 0 -> 349345 bytes tests/result/http_ipv6.pcap.out | 8 ++--- tests/result/mpeg.pcap.out | 2 +- tests/result/nintendo.pcap.out | 25 +++++++++++++++ 8 files changed, 111 insertions(+), 8 deletions(-) create mode 100644 src/lib/protocols/nintendo.c create mode 100644 tests/pcap/nintendo.pcap create mode 100644 tests/result/nintendo.pcap.out (limited to 'src') diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index 65a2bb116..c585a6551 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -343,4 +343,6 @@ void init_bjnp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int void init_smpp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_tinc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_fix_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); +void init_nintendo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); + #endif /* __NDPI_PROTOCOLS_H__ */ diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index ce9424232..90eb38ecd 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -85,6 +85,7 @@ libndpi_la_SOURCES = ndpi_content_match.c.inc \ protocols/mysql.c \ protocols/netbios.c \ protocols/netflow.c \ + protocols/nintendo.c \ protocols/nfs.c \ protocols/noe.c \ protocols/non_tcp_udp.c \ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 21e43a8d3..d79eb3c20 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1556,11 +1556,11 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "MQTT", NDPI_PROTOCOL_CATEGORY_RPC, ndpi_build_default_ports(ports_a, 1883, 8883, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SOMEIP, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SOMEIP, no_master, no_master, "SOMEIP", NDPI_PROTOCOL_CATEGORY_RPC, ndpi_build_default_ports(ports_a, 30491, 30501, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 30491, 30501, 30490, 0, 0)); /* UDP */ + ndpi_build_default_ports(ports_b, 30491, 30501, 30490, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RX, no_master, no_master, "RX", NDPI_PROTOCOL_CATEGORY_RPC, @@ -1616,6 +1616,11 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "FIX", NDPI_PROTOCOL_CATEGORY_RPC, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NINTENDO, + no_master, + no_master, "Nintendo", NDPI_PROTOCOL_CATEGORY_GAME, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); /* calling function for host and content matched protocols */ init_string_based_protocols(ndpi_mod); @@ -2724,8 +2729,10 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* AMQP */ init_amqp_dissector(ndpi_struct, &a, detection_bitmask); - /* ----------------------------------------------------------------- */ + /* NINTENDO */ + init_nintendo_dissector(ndpi_struct, &a, detection_bitmask); + /* ----------------------------------------------------------------- */ ndpi_struct->callback_buffer_size = a; diff --git a/src/lib/protocols/nintendo.c b/src/lib/protocols/nintendo.c new file mode 100644 index 000000000..d4f289d66 --- /dev/null +++ b/src/lib/protocols/nintendo.c @@ -0,0 +1,68 @@ +/* + * nintendo.c + * + * Copyright (C) 2017 by ntop.org + * + * This file is part of nDPI, an open source deep packet inspection + * library based on the OpenDPI and PACE technology by ipoque GmbH + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ + + +#include "ndpi_api.h" + +#ifdef NDPI_PROTOCOL_NINTENDO + +static void ndpi_int_nintendo_add_connection(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, + u_int8_t due_to_correlation) { + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_UNKNOWN); +} + + +void ndpi_search_nintendo(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { + struct ndpi_packet_struct *packet = &flow->packet; + u_int32_t payload_len = packet->payload_packet_len; + + if(packet->udp != NULL) { + if(payload_len > 48) { + const char *payload = (const char *)packet->payload; + const char nintendo_pattern[] = { 0x32, 0xab, 0x98, 0x64, 0x02 }; + + if(memcmp(payload, nintendo_pattern, 5) == 0) { + NDPI_LOG(NDPI_PROTOCOL_NINTENDO, ndpi_struct, NDPI_LOG_DEBUG, "Found nintendo.\n"); + ndpi_int_nintendo_add_connection(ndpi_struct, flow, 0); + return; + } + } + } + + NDPI_LOG(NDPI_PROTOCOL_NINTENDO, ndpi_struct, NDPI_LOG_DEBUG, "Exclude Nintendo.\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_NINTENDO); +} + +void init_nintendo_dissector(struct ndpi_detection_module_struct *ndpi_struct, + u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { + ndpi_set_bitmask_protocol_detection("Nintendo", ndpi_struct, detection_bitmask, *id, + NDPI_PROTOCOL_NINTENDO, + ndpi_search_nintendo, + NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, + ADD_TO_DETECTION_BITMASK); + *id += 1; +} + +#endif diff --git a/tests/pcap/nintendo.pcap b/tests/pcap/nintendo.pcap new file mode 100644 index 000000000..471fe212c Binary files /dev/null and b/tests/pcap/nintendo.pcap differ diff --git a/tests/result/http_ipv6.pcap.out b/tests/result/http_ipv6.pcap.out index 8d2a0b46c..778097f5f 100644 --- a/tests/result/http_ipv6.pcap.out +++ b/tests/result/http_ipv6.pcap.out @@ -5,10 +5,10 @@ QUIC 3 502 1 ntop 80 36401 4 1 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:33062 <-> [2a00:1450:400b:c02::9a]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] - 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37486 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.232/SSL.ntop][11 pkts/1292 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] - 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37488 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.232/SSL.ntop][10 pkts/1206 bytes <-> 7 pkts/5636 bytes][client: www.ntop.org] - 4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37494 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.232/SSL.ntop][10 pkts/1206 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] - 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37506 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.232/SSL.ntop][14 pkts/3969 bytes <-> 12 pkts/11648 bytes][client: www.ntop.org] + 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37486 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.233/SSL.ntop][11 pkts/1292 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] + 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37488 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.233/SSL.ntop][10 pkts/1206 bytes <-> 7 pkts/5636 bytes][client: www.ntop.org] + 4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37494 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.233/SSL.ntop][10 pkts/1206 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] + 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37506 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.233/SSL.ntop][14 pkts/3969 bytes <-> 12 pkts/11648 bytes][client: www.ntop.org] 6 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:40526 <-> [2a00:1450:4006:804::200e]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] 7 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:41776 <-> [2a00:1450:4001:803::1017]:443 [proto: 91/SSL][7 pkts/860 bytes <-> 7 pkts/1353 bytes] 8 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53132 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/SSL.Facebook][7 pkts/960 bytes <-> 5 pkts/4227 bytes][client: s-static.ak.facebook.com] diff --git a/tests/result/mpeg.pcap.out b/tests/result/mpeg.pcap.out index 1252983a7..ea7c9d606 100644 --- a/tests/result/mpeg.pcap.out +++ b/tests/result/mpeg.pcap.out @@ -1,3 +1,3 @@ ntop 19 10643 1 - 1 TCP 192.168.80.160:55804 <-> 46.101.157.119:80 [proto: 7.232/HTTP.ntop][9 pkts/754 bytes <-> 10 pkts/9889 bytes][Host: luca.ntop.org] + 1 TCP 192.168.80.160:55804 <-> 46.101.157.119:80 [proto: 7.233/HTTP.ntop][9 pkts/754 bytes <-> 10 pkts/9889 bytes][Host: luca.ntop.org] diff --git a/tests/result/nintendo.pcap.out b/tests/result/nintendo.pcap.out new file mode 100644 index 000000000..1b7caa48d --- /dev/null +++ b/tests/result/nintendo.pcap.out @@ -0,0 +1,25 @@ +ICMP 30 2100 2 +Amazon 76 10811 7 +Nintendo 890 320242 12 + + 1 UDP 192.168.12.114:52119 <-> 134.3.248.25:56955 [proto: 231/Nintendo][8 pkts/1040 bytes <-> 7 pkts/922 bytes] + 2 TCP 192.168.12.114:11534 <-> 54.146.242.74:443 [proto: 91.178/SSL.Amazon][1 pkts/54 bytes <-> 1 pkts/54 bytes] + 3 UDP 192.168.12.114:52119 -> 35.158.74.61:33335 [proto: 231/Nintendo][3 pkts/354 bytes -> 0 pkts/0 bytes] + 4 UDP 192.168.12.114:55915 -> 35.158.74.61:33335 [proto: 178/Amazon][3 pkts/318 bytes -> 0 pkts/0 bytes] + 5 UDP 192.168.12.114:52119 -> 52.10.205.177:34343 [proto: 178/Amazon][1 pkts/730 bytes -> 0 pkts/0 bytes] + 6 UDP 192.168.12.114:51035 <-> 192.168.12.1:53 [proto: 5.231/DNS.Nintendo][1 pkts/110 bytes <-> 1 pkts/281 bytes][Host: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] + 7 UDP 192.168.12.114:55915 -> 52.10.205.177:34343 [proto: 178/Amazon][1 pkts/298 bytes -> 0 pkts/0 bytes] + 8 UDP 192.168.12.114:10184 <-> 192.168.12.1:53 [proto: 5.231/DNS.Nintendo][4 pkts/368 bytes <-> 4 pkts/400 bytes][Host: g2df33d01-lp1.p.srv.nintendo.net] + 9 UDP 192.168.12.114:18874 <-> 192.168.12.1:53 [proto: 5.231/DNS.Nintendo][1 pkts/110 bytes <-> 1 pkts/281 bytes][Host: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] + 10 UDP 192.168.12.114:55915 <-> 93.237.131.235:56066 [proto: 231/Nintendo][122 pkts/48332 bytes <-> 35 pkts/5026 bytes] + 11 UDP 192.168.12.114:55915 -> 35.158.74.61:33334 [proto: 178/Amazon][5 pkts/290 bytes -> 0 pkts/0 bytes] + 12 ICMP 151.6.184.100:0 -> 192.168.12.114:0 [proto: 81/ICMP][21 pkts/1470 bytes -> 0 pkts/0 bytes] + 13 ICMP 151.6.184.98:0 -> 192.168.12.114:0 [proto: 81/ICMP][9 pkts/630 bytes -> 0 pkts/0 bytes] + 14 TCP 192.168.12.114:31329 <-> 54.192.27.8:443 [proto: 91.231/SSL.Nintendo][10 pkts/2833 bytes <-> 10 pkts/4866 bytes][client: 5][server: *.baas.nintendo.com] + 15 TCP 192.168.12.114:41517 <-> 54.192.27.217:443 [proto: 91.231/SSL.Nintendo][11 pkts/2898 bytes <-> 10 pkts/4865 bytes][client: 5][server: *.baas.nintendo.com] + 16 UDP 192.168.12.114:52119 <-> 91.8.243.35:49432 [proto: 231/Nintendo][23 pkts/2682 bytes <-> 16 pkts/3408 bytes] + 17 TCP 54.187.10.185:443 <-> 192.168.12.114:48328 [proto: 91.178/SSL.Amazon][34 pkts/4466 bytes <-> 20 pkts/4021 bytes] + 18 UDP 192.168.12.114:55915 <-> 81.61.158.138:51769 [proto: 231/Nintendo][122 pkts/46476 bytes <-> 38 pkts/5268 bytes] + 19 UDP 192.168.12.114:52119 <-> 109.21.255.11:50251 [proto: 231/Nintendo][8 pkts/1024 bytes <-> 8 pkts/1024 bytes] + 20 UDP 192.168.12.114:55915 <-> 185.118.169.65:27520 [proto: 231/Nintendo][169 pkts/61414 bytes <-> 278 pkts/126260 bytes] + 21 UDP 192.168.12.114:55915 <-> 35.158.74.61:10025 [proto: 178/Amazon][5 pkts/290 bytes <-> 5 pkts/290 bytes] -- cgit v1.2.3 From e6b594a626e5cfb5cd0410336f8c1e12966a27cd Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Thu, 27 Jul 2017 00:18:15 +0200 Subject: Fixed TINC bug (cache usage) Merged MS Lync with Skype (Microsoft renamed MS Lync in Skype for Business) Renumbered Nintendo protocols in former MS Lync that was no longer used Fix for #425 --- src/include/ndpi_protocol_ids.h | 8 +- src/include/ndpi_typedefs.h | 7 +- src/lib/ndpi_main.c | 11 +- src/lib/protocols/rtp.c | 4 +- src/lib/protocols/skype.c | 14 +- src/lib/protocols/stun.c | 42 ++- src/lib/protocols/tinc.c | 124 ++++--- src/lib/third_party/src/libcache.c | 7 +- tests/result/1kxun.pcap.out | 4 +- tests/result/http_ipv6.pcap.out | 8 +- tests/result/mpeg.pcap.out | 2 +- tests/result/nintendo.pcap.out | 26 +- tests/result/skype.pcap.out | 588 ++++++++++++++++----------------- tests/result/skype_no_unknown.pcap.out | 290 ++++++++-------- 14 files changed, 568 insertions(+), 567 deletions(-) (limited to 'src') diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 2c12fb69c..c01484b74 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -209,7 +209,8 @@ #define NDPI_PROTOCOL_WHOIS_DAS 170 #define NDPI_PROTOCOL_COLLECTD 171 #define NDPI_PROTOCOL_SOCKS 172 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_MS_LYNC 173 +/* The Lync protocol is now skype for business and this the old id 173 can now be recycled */ +#define NDPI_PROTOCOL_NINTENDO 173 #define NDPI_PROTOCOL_RTMP 174 /* Tomasz Bujlow */ #define NDPI_PROTOCOL_FTP_DATA 175 /* Tomasz Bujlow */ #define NDPI_PROTOCOL_WIKIPEDIA 176 /* Tomasz Bujlow */ @@ -245,7 +246,6 @@ #define NDPI_PROTOCOL_1KXUN 205 #define NDPI_PROTOCOL_IQIYI 206 #define NDPI_PROTOCOL_SMPP 207 /* Damir Franusic */ - #define NDPI_PROTOCOL_DNSCRYPT 208 #define NDPI_PROTOCOL_TINC 209 /* William Guglielmo */ #define NDPI_PROTOCOL_DEEZER 210 @@ -269,12 +269,12 @@ #define NDPI_PROTOCOL_PLAYSTORE 228 /* Google Play Store */ #define NDPI_PROTOCOL_SOMEIP 229 #define NDPI_PROTOCOL_FIX 230 -#define NDPI_PROTOCOL_NINTENDO 231 + /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ -#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_NINTENDO +#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_FIX #define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1) #define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL) diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index c10101d42..93b1b8651 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -335,11 +335,11 @@ struct bt_announce { // 192 bytes #define TINC_CACHE_MAX_SIZE 10 -typedef struct { +PACK_ON struct tinc_cache_entry { u_int32_t src_address; u_int32_t dst_address; u_int16_t dst_port; -} tinc_cache_entry_t; +} PACK_OFF; #endif @@ -1071,10 +1071,9 @@ struct ndpi_flow_struct { #endif #ifdef NDPI_PROTOCOL_TINC u_int8_t tinc_state; - tinc_cache_entry_t tinc_cache_entry; + struct tinc_cache_entry tinc_cache_entry; #endif - /* internal structures to save functions calls */ struct ndpi_packet_struct packet; struct ndpi_flow_struct *flow; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index d79eb3c20..8ed89e3ae 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1536,11 +1536,6 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "UBNTAC2", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 10001, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_MS_LYNC, - no_master, - no_master, "Lync", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_VIBER, no_master, no_master, "Viber", NDPI_PROTOCOL_CATEGORY_CHAT, @@ -2717,6 +2712,9 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* FIX */ init_fix_dissector(ndpi_struct, &a, detection_bitmask); + + /* NINTENDO */ + init_nintendo_dissector(ndpi_struct, &a, detection_bitmask); /*** Put false-positive sensitive protocols at the end ***/ @@ -2729,9 +2727,6 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* AMQP */ init_amqp_dissector(ndpi_struct, &a, detection_bitmask); - /* NINTENDO */ - init_nintendo_dissector(ndpi_struct, &a, detection_bitmask); - /* ----------------------------------------------------------------- */ ndpi_struct->callback_buffer_size = a; diff --git a/src/lib/protocols/rtp.c b/src/lib/protocols/rtp.c index 9bcaec941..80848f5ba 100644 --- a/src/lib/protocols/rtp.c +++ b/src/lib/protocols/rtp.c @@ -96,8 +96,8 @@ static void ndpi_rtp_search(struct ndpi_detection_module_struct *ndpi_struct, && (((payload[0] & 0xFF) == 0x80) || ((payload[0] & 0xFF) == 0xA0)) /* RTP magic byte[1] */ && (payloadType = isValidMSRTPType(payload[1] & 0xFF))) { if(payloadType == 1 /* RTP */) { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "Found MS Lync\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MS_LYNC, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "Found Skype for Business (former MS Lync)\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_UNKNOWN); } else /* RTCP */ { NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "Found MS RTCP\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RTCP, NDPI_PROTOCOL_UNKNOWN); diff --git a/src/lib/protocols/skype.c b/src/lib/protocols/skype.c index 1a4c260c0..19de3c437 100644 --- a/src/lib/protocols/skype.c +++ b/src/lib/protocols/skype.c @@ -27,7 +27,7 @@ static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, s // const u_int8_t *packet_payload = packet->payload; u_int32_t payload_len = packet->payload_packet_len; - + if(flow->host_server_name[0] != '\0') return; @@ -52,7 +52,7 @@ static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, s } NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SKYPE); return; - + // TCP check } else if(packet->tcp != NULL) { flow->l4.tcp.skype_packet_id++; @@ -64,11 +64,15 @@ static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, s && flow->l4.tcp.seen_syn && flow->l4.tcp.seen_syn_ack && flow->l4.tcp.seen_ack) { - if((payload_len == 8) || (payload_len == 3)) { - //printf("[SKYPE] %u/%u\n", ntohs(packet->tcp->source), ntohs(packet->tcp->dest)); + + if((payload_len == 8) || (payload_len == 3) || (payload_len == 17)) { + // printf("[SKYPE] payload_len=%u\n", payload_len); + /* printf("[SKYPE] %u/%u\n", ntohs(packet->tcp->source), ntohs(packet->tcp->dest)); */ NDPI_LOG(NDPI_PROTOCOL_SKYPE, ndpi_struct, NDPI_LOG_DEBUG, "Found skype.\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_UNKNOWN); + } else { + // printf("NO [SKYPE] payload_len=%u\n", payload_len); } /* printf("[SKYPE] [id: %u][len: %d]\n", flow->l4.tcp.skype_packet_id, payload_len); */ @@ -91,7 +95,7 @@ void ndpi_search_skype(struct ndpi_detection_module_struct *ndpi_struct, struct } -void init_skype_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +void init_skype_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { ndpi_set_bitmask_protocol_detection("Skype", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_SKYPE, diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index 37feb2871..d44d9c26e 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -18,7 +18,7 @@ * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public License - * along with nDPI. If not, see . + * along with nDPI. If not, see . * */ #include "ndpi_protocols.h" @@ -49,12 +49,11 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * const u_int8_t * payload, const u_int16_t payload_length, u_int8_t *is_whatsapp, - u_int8_t *is_lync) { + u_int8_t *is_skype) { u_int16_t msg_type, msg_len; struct stun_packet_header *h = (struct stun_packet_header*)payload; u_int8_t can_this_be_whatsapp_voice = 1; - if(payload_length < sizeof(struct stun_packet_header)) { if(flow->num_stun_udp_pkts > 0) { *is_whatsapp = 1; @@ -80,15 +79,21 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * /* This can either be the standard RTCP or Ms Lync RTCP that - later will becomg Ms Lync RTP. In this case we need to + later will become Ms Lync RTP. In this case we need to be careful before deciding about the protocol before dissecting the packet + + MS Lync = Skype + https://en.wikipedia.org/wiki/Skype_for_Business */ while(offset < payload_length) { - u_int16_t attribute = ntohs(*((u_int16_t*)&payload[offset])); u_int16_t len = ntohs(*((u_int16_t*)&payload[offset+2])); + u_int16_t x = (len + 4) % 4; + if(x != 0) + len += 4-x; + switch(attribute) { case 0x0008: /* Message Integrity */ case 0x0020: /* XOR-MAPPED-ADDRESSES */ @@ -101,7 +106,8 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * && (payload[offset+5] == 0x00) && (payload[offset+6] == 0x00) && (payload[offset+7] == 0x00)) { - *is_lync = 1; + /* Either skype for business or "normal" skype with multiparty call */ + *is_skype = 1; return(NDPI_IS_STUN); } break; @@ -111,8 +117,9 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * && (payload[offset+4] == 0x00) && (payload[offset+5] == 0x00) && (payload[offset+6] == 0x00) - && (payload[offset+7] == 0x02)) { - *is_lync = 1; + && ((payload[offset+7] == 0x02) || (payload[offset+7] == 0x03)) + ) { + *is_skype = 1; return(NDPI_IS_STUN); } break; @@ -122,6 +129,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * can_this_be_whatsapp_voice = 0; break; } + offset += len + 4; } goto udp_stun_found; @@ -244,7 +252,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - u_int8_t is_whatsapp = 0, is_lync = 0; + u_int8_t is_whatsapp = 0, is_skype = 0; NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "search stun.\n"); @@ -257,10 +265,10 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n * improved by checking only the STUN packet of given length */ if(ndpi_int_check_stun(ndpi_struct, flow, packet->payload + 2, - packet->payload_packet_len - 2, &is_whatsapp, &is_lync) == NDPI_IS_STUN) { - if(is_lync) { - NDPI_LOG(NDPI_PROTOCOL_MS_LYNC, ndpi_struct, NDPI_LOG_DEBUG, "Found MS Lync\n"); - ndpi_int_stun_add_connection(ndpi_struct, NDPI_PROTOCOL_MS_LYNC, flow); + packet->payload_packet_len - 2, &is_whatsapp, &is_skype) == NDPI_IS_STUN) { + if(is_skype) { + NDPI_LOG(NDPI_PROTOCOL_SKYPE, ndpi_struct, NDPI_LOG_DEBUG, "Found Skype\n"); + ndpi_int_stun_add_connection(ndpi_struct, NDPI_PROTOCOL_SKYPE, flow); } else { NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "found UDP stun.\n"); ndpi_int_stun_add_connection(ndpi_struct, @@ -272,10 +280,10 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n } if(ndpi_int_check_stun(ndpi_struct, flow, packet->payload, - packet->payload_packet_len, &is_whatsapp, &is_lync) == NDPI_IS_STUN) { - if(is_lync) { - NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "Found MS Lync\n"); - ndpi_int_stun_add_connection(ndpi_struct, NDPI_PROTOCOL_MS_LYNC, flow); + packet->payload_packet_len, &is_whatsapp, &is_skype) == NDPI_IS_STUN) { + if(is_skype) { + NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "Found Skype\n"); + ndpi_int_stun_add_connection(ndpi_struct, NDPI_PROTOCOL_SKYPE, flow); } else { NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "found UDP stun.\n"); ndpi_int_stun_add_connection(ndpi_struct, diff --git a/src/lib/protocols/tinc.c b/src/lib/protocols/tinc.c index a69d18759..cdd330bca 100644 --- a/src/lib/protocols/tinc.c +++ b/src/lib/protocols/tinc.c @@ -32,25 +32,25 @@ static void ndpi_check_tinc(struct ndpi_detection_module_struct *ndpi_struct, st if(packet->udp != NULL) { if(ndpi_struct->tinc_cache != NULL) { - tinc_cache_entry_t tinc_cache_entry1 = { + struct tinc_cache_entry tinc_cache_entry1 = { .src_address = packet->iph->saddr, .dst_address = packet->iph->daddr, .dst_port = packet->udp->dest }; - tinc_cache_entry_t tinc_cache_entry2 = { + struct tinc_cache_entry tinc_cache_entry2 = { .src_address = packet->iph->daddr, .dst_address = packet->iph->saddr, .dst_port = packet->udp->source }; - if( cache_remove(ndpi_struct->tinc_cache, &tinc_cache_entry1, sizeof(tinc_cache_entry1)) == CACHE_NO_ERROR || - cache_remove(ndpi_struct->tinc_cache, &tinc_cache_entry2, sizeof(tinc_cache_entry2)) == CACHE_NO_ERROR) - { + if(cache_remove(ndpi_struct->tinc_cache, &tinc_cache_entry1, sizeof(tinc_cache_entry1)) == CACHE_NO_ERROR || + cache_remove(ndpi_struct->tinc_cache, &tinc_cache_entry2, sizeof(tinc_cache_entry2)) == CACHE_NO_ERROR) { + cache_remove(ndpi_struct->tinc_cache, &tinc_cache_entry1, sizeof(tinc_cache_entry1)); cache_remove(ndpi_struct->tinc_cache, &tinc_cache_entry2, sizeof(tinc_cache_entry2)); - // cache_free(ndpi_struct->tinc_cache); + /* cache_free(ndpi_struct->tinc_cache); */ NDPI_LOG(NDPI_PROTOCOL_TINC, ndpi_struct, NDPI_LOG_DEBUG, "Found tinc udp connection\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TINC, NDPI_PROTOCOL_UNKNOWN); @@ -59,9 +59,7 @@ static void ndpi_check_tinc(struct ndpi_detection_module_struct *ndpi_struct, st return; - } - else if(packet->tcp != NULL) { - + } else if(packet->tcp != NULL) { if(payload_len == 0) { if(packet->tcp->syn == 1 && packet->tcp->ack == 0) { flow->tinc_cache_entry.src_address = packet->iph->saddr; @@ -72,58 +70,56 @@ static void ndpi_check_tinc(struct ndpi_detection_module_struct *ndpi_struct, st } switch(flow->tinc_state) { - case 0: - case 1: - if(payload_len > 6 && memcmp(packet_payload, "0 ", 2) == 0 && packet_payload[2] != ' ') { - u_int16_t i = 3; - while(i < payload_len && packet_payload[i++] != ' '); - if(i+3 == payload_len && memcmp((packet_payload+i), "17\n", 3) == 0) { - flow->tinc_state++; - return; - } - } - break; - - case 2: - case 3: - if(payload_len > 11 && memcmp(packet_payload, "1 ", 2) == 0 && packet_payload[2] != ' ') { - u_int16_t i = 3; - u_int8_t numbers_left = 4; - while(numbers_left) { - while(packet_payload[i] >= '0' && packet_payload[i] <= '9') { - i++; - } - - if(packet_payload[i++] == ' ') { - numbers_left--; - } - else break; - } + case 0: + case 1: + if(payload_len > 6 && memcmp(packet_payload, "0 ", 2) == 0 && packet_payload[2] != ' ') { + u_int16_t i = 3; + while(i < payload_len && packet_payload[i++] != ' '); + if(i+3 == payload_len && memcmp((packet_payload+i), "17\n", 3) == 0) { + flow->tinc_state++; + return; + } + } + break; + + case 2: + case 3: + if(payload_len > 11 && memcmp(packet_payload, "1 ", 2) == 0 && packet_payload[2] != ' ') { + u_int16_t i = 3; + u_int8_t numbers_left = 4; + while(numbers_left) { + while(packet_payload[i] >= '0' && packet_payload[i] <= '9') { + i++; + } + + if(packet_payload[i++] == ' ') { + numbers_left--; + } + else break; + } - if(numbers_left) break; + if(numbers_left) break; - while((packet_payload[i] >= '0' && packet_payload[i] <= '9') || - (packet_payload[i] >= 'A' && packet_payload[i] <= 'Z')) { - i++; - } + while((packet_payload[i] >= '0' && packet_payload[i] <= '9') || + (packet_payload[i] >= 'A' && packet_payload[i] <= 'Z')) { + i++; + } - if(packet_payload[i] == '\n') { - if(++flow->tinc_state > 3) { - if(ndpi_struct->tinc_cache == NULL) { - ndpi_struct->tinc_cache = cache_new(TINC_CACHE_MAX_SIZE); - } - - cache_add(ndpi_struct->tinc_cache, &(flow->tinc_cache_entry), sizeof(flow->tinc_cache_entry)); - - NDPI_LOG(NDPI_PROTOCOL_TINC, ndpi_struct, NDPI_LOG_DEBUG, "Found tinc tcp connection\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TINC, NDPI_PROTOCOL_UNKNOWN); - } - return; - } - } - break; + if(packet_payload[i] == '\n') { + if(++flow->tinc_state > 3) { + if(ndpi_struct->tinc_cache == NULL) + ndpi_struct->tinc_cache = cache_new(TINC_CACHE_MAX_SIZE); + + cache_add(ndpi_struct->tinc_cache, &(flow->tinc_cache_entry), sizeof(flow->tinc_cache_entry)); + NDPI_LOG(NDPI_PROTOCOL_TINC, ndpi_struct, NDPI_LOG_DEBUG, "Found tinc tcp connection\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TINC, NDPI_PROTOCOL_UNKNOWN); + } + return; + } + } + break; - default: break; + default: break; } } @@ -136,8 +132,8 @@ void ndpi_search_tinc(struct ndpi_detection_module_struct* ndpi_struct, struct n NDPI_LOG(NDPI_PROTOCOL_TINC, ndpi_struct, NDPI_LOG_DEBUG, "tinc detection...\n"); - if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_TINC) { - if (packet->tcp_retransmission == 0) { + if(packet->detected_protocol_stack[0] != NDPI_PROTOCOL_TINC) { + if(packet->tcp_retransmission == 0) { ndpi_check_tinc(ndpi_struct, flow); } } @@ -146,11 +142,11 @@ void ndpi_search_tinc(struct ndpi_detection_module_struct* ndpi_struct, struct n void init_tinc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { ndpi_set_bitmask_protocol_detection("TINC", ndpi_struct, detection_bitmask, *id, - NDPI_PROTOCOL_TINC, - ndpi_search_tinc, - NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP, - SAVE_DETECTION_BITMASK_AS_UNKNOWN, - ADD_TO_DETECTION_BITMASK); + NDPI_PROTOCOL_TINC, + ndpi_search_tinc, + NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, + ADD_TO_DETECTION_BITMASK); *id += 1; } diff --git a/src/lib/third_party/src/libcache.c b/src/lib/third_party/src/libcache.c index 0a2ce6f6a..af53c9813 100644 --- a/src/lib/third_party/src/libcache.c +++ b/src/lib/third_party/src/libcache.c @@ -130,9 +130,10 @@ cache_result cache_add(cache_t cache, void *item, uint32_t item_size) { if((cache->map)[hash]) { cache_entry_map hash_entry_map = cache->map[hash]; + while(hash_entry_map) { if(item_size == hash_entry_map->entry->item_size && - !memcmp(hash_entry_map->entry->item, item, item_size)) { + !memcmp(hash_entry_map->entry->item, item, item_size)) { break; } @@ -141,7 +142,6 @@ cache_result cache_add(cache_t cache, void *item, uint32_t item_size) { if(hash_entry_map) { cache_touch_entry(cache, hash_entry_map->entry); - return CACHE_NO_ERROR; } } @@ -256,8 +256,7 @@ cache_result cache_remove(cache_t cache, void *item, uint32_t item_size) { hash_entry_map = hash_entry_map->next; } - if(hash_entry_map) { - + if(hash_entry_map) { if(hash_entry_map_prev) { hash_entry_map_prev->next = hash_entry_map->next; } else { diff --git a/tests/result/1kxun.pcap.out b/tests/result/1kxun.pcap.out index 6cbdc3f69..660bc2372 100644 --- a/tests/result/1kxun.pcap.out +++ b/tests/result/1kxun.pcap.out @@ -10,9 +10,9 @@ QQ 28 5216 2 SSL 105 21914 7 DHCPV6 10 980 3 Facebook 19 6840 2 +Skype 2 132 1 Google 3 176 1 LLMNR 89 6799 47 -Lync 2 132 1 1kxun 952 531718 21 1 TCP 119.235.235.84:443 <-> 192.168.5.16:53406 [proto: 91/SSL][13 pkts/6269 bytes <-> 10 pkts/1165 bytes] @@ -48,7 +48,7 @@ Lync 2 132 1 31 UDP 192.168.115.8:54420 <-> 8.8.8.8:53 [proto: 5.48/DNS.QQ][2 pkts/150 bytes <-> 1 pkts/116 bytes][Host: vv.video.qq.com] 32 UDP 192.168.5.48:59797 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/140 bytes -> 0 pkts/0 bytes][Host: kasper-mac] 33 UDP 192.168.5.47:60267 -> 239.255.255.250:1900 [proto: 12/SSDP][8 pkts/1432 bytes -> 0 pkts/0 bytes] - 34 UDP 192.168.5.47:61603 -> 224.0.0.252:5355 [proto: 173/Lync][2 pkts/132 bytes -> 0 pkts/0 bytes] + 34 UDP 192.168.5.47:61603 -> 224.0.0.252:5355 [proto: 125/Skype][2 pkts/132 bytes -> 0 pkts/0 bytes] 35 UDP 192.168.3.236:62069 -> 224.0.0.252:5355 [proto: 154/LLMNR][2 pkts/138 bytes -> 0 pkts/0 bytes][Host: wangs-ltw] 36 UDP [fe80::e034:7be:d8f9:6197]:57143 -> [ff02::1:3]:5355 [proto: 154/LLMNR][1 pkts/91 bytes -> 0 pkts/0 bytes][Host: charming-pc] 37 UDP 192.168.115.8:60724 <-> 8.8.8.8:53 [proto: 5.205/DNS.1kxun][2 pkts/146 bytes <-> 1 pkts/137 bytes][Host: pic.1kxun.com] diff --git a/tests/result/http_ipv6.pcap.out b/tests/result/http_ipv6.pcap.out index 778097f5f..8d2a0b46c 100644 --- a/tests/result/http_ipv6.pcap.out +++ b/tests/result/http_ipv6.pcap.out @@ -5,10 +5,10 @@ QUIC 3 502 1 ntop 80 36401 4 1 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:33062 <-> [2a00:1450:400b:c02::9a]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] - 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37486 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.233/SSL.ntop][11 pkts/1292 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] - 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37488 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.233/SSL.ntop][10 pkts/1206 bytes <-> 7 pkts/5636 bytes][client: www.ntop.org] - 4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37494 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.233/SSL.ntop][10 pkts/1206 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] - 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37506 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.233/SSL.ntop][14 pkts/3969 bytes <-> 12 pkts/11648 bytes][client: www.ntop.org] + 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37486 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.232/SSL.ntop][11 pkts/1292 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] + 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37488 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.232/SSL.ntop][10 pkts/1206 bytes <-> 7 pkts/5636 bytes][client: www.ntop.org] + 4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37494 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.232/SSL.ntop][10 pkts/1206 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] + 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37506 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.232/SSL.ntop][14 pkts/3969 bytes <-> 12 pkts/11648 bytes][client: www.ntop.org] 6 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:40526 <-> [2a00:1450:4006:804::200e]:443 [proto: 91/SSL][1 pkts/86 bytes <-> 1 pkts/86 bytes] 7 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:41776 <-> [2a00:1450:4001:803::1017]:443 [proto: 91/SSL][7 pkts/860 bytes <-> 7 pkts/1353 bytes] 8 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53132 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/SSL.Facebook][7 pkts/960 bytes <-> 5 pkts/4227 bytes][client: s-static.ak.facebook.com] diff --git a/tests/result/mpeg.pcap.out b/tests/result/mpeg.pcap.out index ea7c9d606..1252983a7 100644 --- a/tests/result/mpeg.pcap.out +++ b/tests/result/mpeg.pcap.out @@ -1,3 +1,3 @@ ntop 19 10643 1 - 1 TCP 192.168.80.160:55804 <-> 46.101.157.119:80 [proto: 7.233/HTTP.ntop][9 pkts/754 bytes <-> 10 pkts/9889 bytes][Host: luca.ntop.org] + 1 TCP 192.168.80.160:55804 <-> 46.101.157.119:80 [proto: 7.232/HTTP.ntop][9 pkts/754 bytes <-> 10 pkts/9889 bytes][Host: luca.ntop.org] diff --git a/tests/result/nintendo.pcap.out b/tests/result/nintendo.pcap.out index 1b7caa48d..e75fc17f3 100644 --- a/tests/result/nintendo.pcap.out +++ b/tests/result/nintendo.pcap.out @@ -1,25 +1,25 @@ ICMP 30 2100 2 -Amazon 76 10811 7 Nintendo 890 320242 12 +Amazon 76 10811 7 - 1 UDP 192.168.12.114:52119 <-> 134.3.248.25:56955 [proto: 231/Nintendo][8 pkts/1040 bytes <-> 7 pkts/922 bytes] + 1 UDP 192.168.12.114:52119 <-> 134.3.248.25:56955 [proto: 173/Nintendo][8 pkts/1040 bytes <-> 7 pkts/922 bytes] 2 TCP 192.168.12.114:11534 <-> 54.146.242.74:443 [proto: 91.178/SSL.Amazon][1 pkts/54 bytes <-> 1 pkts/54 bytes] - 3 UDP 192.168.12.114:52119 -> 35.158.74.61:33335 [proto: 231/Nintendo][3 pkts/354 bytes -> 0 pkts/0 bytes] + 3 UDP 192.168.12.114:52119 -> 35.158.74.61:33335 [proto: 173/Nintendo][3 pkts/354 bytes -> 0 pkts/0 bytes] 4 UDP 192.168.12.114:55915 -> 35.158.74.61:33335 [proto: 178/Amazon][3 pkts/318 bytes -> 0 pkts/0 bytes] 5 UDP 192.168.12.114:52119 -> 52.10.205.177:34343 [proto: 178/Amazon][1 pkts/730 bytes -> 0 pkts/0 bytes] - 6 UDP 192.168.12.114:51035 <-> 192.168.12.1:53 [proto: 5.231/DNS.Nintendo][1 pkts/110 bytes <-> 1 pkts/281 bytes][Host: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] + 6 UDP 192.168.12.114:51035 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][1 pkts/110 bytes <-> 1 pkts/281 bytes][Host: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] 7 UDP 192.168.12.114:55915 -> 52.10.205.177:34343 [proto: 178/Amazon][1 pkts/298 bytes -> 0 pkts/0 bytes] - 8 UDP 192.168.12.114:10184 <-> 192.168.12.1:53 [proto: 5.231/DNS.Nintendo][4 pkts/368 bytes <-> 4 pkts/400 bytes][Host: g2df33d01-lp1.p.srv.nintendo.net] - 9 UDP 192.168.12.114:18874 <-> 192.168.12.1:53 [proto: 5.231/DNS.Nintendo][1 pkts/110 bytes <-> 1 pkts/281 bytes][Host: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] - 10 UDP 192.168.12.114:55915 <-> 93.237.131.235:56066 [proto: 231/Nintendo][122 pkts/48332 bytes <-> 35 pkts/5026 bytes] + 8 UDP 192.168.12.114:10184 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][4 pkts/368 bytes <-> 4 pkts/400 bytes][Host: g2df33d01-lp1.p.srv.nintendo.net] + 9 UDP 192.168.12.114:18874 <-> 192.168.12.1:53 [proto: 5.173/DNS.Nintendo][1 pkts/110 bytes <-> 1 pkts/281 bytes][Host: e0d67c509fb203858ebcb2fe3f88c2aa.baas.nintendo.com] + 10 UDP 192.168.12.114:55915 <-> 93.237.131.235:56066 [proto: 173/Nintendo][122 pkts/48332 bytes <-> 35 pkts/5026 bytes] 11 UDP 192.168.12.114:55915 -> 35.158.74.61:33334 [proto: 178/Amazon][5 pkts/290 bytes -> 0 pkts/0 bytes] 12 ICMP 151.6.184.100:0 -> 192.168.12.114:0 [proto: 81/ICMP][21 pkts/1470 bytes -> 0 pkts/0 bytes] 13 ICMP 151.6.184.98:0 -> 192.168.12.114:0 [proto: 81/ICMP][9 pkts/630 bytes -> 0 pkts/0 bytes] - 14 TCP 192.168.12.114:31329 <-> 54.192.27.8:443 [proto: 91.231/SSL.Nintendo][10 pkts/2833 bytes <-> 10 pkts/4866 bytes][client: 5][server: *.baas.nintendo.com] - 15 TCP 192.168.12.114:41517 <-> 54.192.27.217:443 [proto: 91.231/SSL.Nintendo][11 pkts/2898 bytes <-> 10 pkts/4865 bytes][client: 5][server: *.baas.nintendo.com] - 16 UDP 192.168.12.114:52119 <-> 91.8.243.35:49432 [proto: 231/Nintendo][23 pkts/2682 bytes <-> 16 pkts/3408 bytes] + 14 TCP 192.168.12.114:31329 <-> 54.192.27.8:443 [proto: 91.173/SSL.Nintendo][10 pkts/2833 bytes <-> 10 pkts/4866 bytes][client: 5][server: *.baas.nintendo.com] + 15 TCP 192.168.12.114:41517 <-> 54.192.27.217:443 [proto: 91.173/SSL.Nintendo][11 pkts/2898 bytes <-> 10 pkts/4865 bytes][client: 5][server: *.baas.nintendo.com] + 16 UDP 192.168.12.114:52119 <-> 91.8.243.35:49432 [proto: 173/Nintendo][23 pkts/2682 bytes <-> 16 pkts/3408 bytes] 17 TCP 54.187.10.185:443 <-> 192.168.12.114:48328 [proto: 91.178/SSL.Amazon][34 pkts/4466 bytes <-> 20 pkts/4021 bytes] - 18 UDP 192.168.12.114:55915 <-> 81.61.158.138:51769 [proto: 231/Nintendo][122 pkts/46476 bytes <-> 38 pkts/5268 bytes] - 19 UDP 192.168.12.114:52119 <-> 109.21.255.11:50251 [proto: 231/Nintendo][8 pkts/1024 bytes <-> 8 pkts/1024 bytes] - 20 UDP 192.168.12.114:55915 <-> 185.118.169.65:27520 [proto: 231/Nintendo][169 pkts/61414 bytes <-> 278 pkts/126260 bytes] + 18 UDP 192.168.12.114:55915 <-> 81.61.158.138:51769 [proto: 173/Nintendo][122 pkts/46476 bytes <-> 38 pkts/5268 bytes] + 19 UDP 192.168.12.114:52119 <-> 109.21.255.11:50251 [proto: 173/Nintendo][8 pkts/1024 bytes <-> 8 pkts/1024 bytes] + 20 UDP 192.168.12.114:55915 <-> 185.118.169.65:27520 [proto: 173/Nintendo][169 pkts/61414 bytes <-> 278 pkts/126260 bytes] 21 UDP 192.168.12.114:55915 <-> 35.158.74.61:10025 [proto: 178/Amazon][5 pkts/290 bytes <-> 5 pkts/290 bytes] diff --git a/tests/result/skype.pcap.out b/tests/result/skype.pcap.out index c2a8d8b77..2eee5ea71 100644 --- a/tests/result/skype.pcap.out +++ b/tests/result/skype.pcap.out @@ -1,4 +1,4 @@ -Unknown 404 52712 16 +Unknown 175 20913 11 DNS 2 267 1 MDNS 8 1736 2 NTP 2 180 1 @@ -7,305 +7,305 @@ ICMP 8 656 1 IGMP 5 258 4 SSL 96 8876 7 Dropbox 38 17948 5 -Skype 1910 292610 244 +Skype 2139 324409 249 Apple 15 2045 2 AppleiCloud 88 20520 2 Spotify 5 430 1 MS_OneDrive 387 198090 1 1 TCP 192.168.1.34:50114 <-> 5.248.186.221:31010 [proto: 125/Skype][14 pkts/1040 bytes <-> 4 pkts/362 bytes] - 2 UDP 192.168.1.34:13021 -> 111.221.74.15:40024 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 3 UDP 192.168.1.34:13021 -> 111.221.77.160:40028 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 4 UDP 192.168.1.34:13021 -> 111.221.74.48:40008 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 5 UDP 192.168.1.34:13021 -> 111.221.74.42:40024 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 6 UDP 192.168.1.34:13021 -> 111.221.74.25:40028 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 7 UDP 192.168.1.34:13021 -> 111.221.74.17:40022 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 8 UDP 192.168.1.34:13021 -> 111.221.74.16:40032 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 9 UDP 192.168.1.34:13021 -> 111.221.74.28:40014 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 10 UDP 192.168.1.34:13021 -> 111.221.74.40:40018 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 11 UDP 192.168.1.34:13021 -> 111.221.74.29:40024 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 12 UDP 192.168.1.34:13021 -> 111.221.77.153:40024 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 13 UDP 192.168.1.34:13021 -> 111.221.77.141:40020 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 14 UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 15 UDP 192.168.1.34:13021 -> 111.221.77.149:40030 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 16 UDP 192.168.1.34:13021 -> 111.221.77.155:40004 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 17 UDP 192.168.1.34:13021 -> 111.221.77.172:40010 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 18 UDP 192.168.1.34:13021 -> 111.221.77.165:40020 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 19 UDP 192.168.1.34:13021 -> 111.221.77.176:40020 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 20 TCP 192.168.1.34:50110 <-> 91.190.216.125:12350 [proto: 125/Skype][3 pkts/191 bytes <-> 3 pkts/186 bytes] - 21 TCP 192.168.1.34:50126 <-> 91.190.216.23:12350 [proto: 125/Skype][16 pkts/4788 bytes <-> 4 pkts/372 bytes] - 22 UDP 192.168.1.34:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes -> 0 pkts/0 bytes] - 23 UDP 192.168.1.92:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes -> 0 pkts/0 bytes] - 24 TCP 192.168.1.34:50113 <-> 71.238.7.203:18767 [proto: 125/Skype][11 pkts/827 bytes <-> 3 pkts/325 bytes] - 25 TCP 192.168.1.34:50116 <-> 81.83.77.141:17639 [proto: 125/Skype][15 pkts/1138 bytes <-> 4 pkts/372 bytes] - 26 UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 27 TCP 192.168.1.34:50135 <-> 76.167.161.6:20274 [proto: 125/Skype][11 pkts/838 bytes <-> 3 pkts/270 bytes] - 28 TCP 192.168.1.34:50038 <-> 157.55.130.140:443 [proto: 91.125/SSL.Skype][12 pkts/1032 bytes <-> 3 pkts/230 bytes] - 29 TCP 192.168.1.34:50048 <-> 157.55.130.150:443 [proto: 91.125/SSL.Skype][12 pkts/1109 bytes <-> 3 pkts/236 bytes] - 30 TCP 192.168.1.34:50056 <-> 157.55.56.146:443 [proto: 91.125/SSL.Skype][11 pkts/999 bytes <-> 4 pkts/266 bytes] - 31 TCP 192.168.1.34:50072 <-> 157.55.130.170:443 [proto: 91.125/SSL.Skype][12 pkts/1207 bytes <-> 3 pkts/277 bytes] - 32 TCP 192.168.1.34:50080 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][12 pkts/1249 bytes <-> 3 pkts/285 bytes] - 33 TCP 192.168.1.34:50094 <-> 157.55.130.155:443 [proto: 91.125/SSL.Skype][12 pkts/1039 bytes <-> 3 pkts/267 bytes] - 34 TCP 192.168.1.34:50078 <-> 157.55.130.173:443 [proto: 91.125/SSL.Skype][12 pkts/1088 bytes <-> 3 pkts/236 bytes] - 35 UDP 192.168.1.34:13021 -> 157.55.130.155:40020 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 36 UDP 192.168.1.34:13021 -> 157.56.52.28:40009 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 37 UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 38 UDP 192.168.1.34:13021 -> 157.56.52.24:40001 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 39 UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 40 UDP 192.168.1.34:13021 -> 157.56.52.27:40027 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 41 UDP 192.168.1.34:13021 -> 157.56.52.33:40011 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 42 UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 43 UDP 192.168.1.34:13021 -> 157.56.52.47:40029 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 44 UDP 192.168.1.34:13021 -> 157.55.130.144:40034 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 45 UDP 192.168.1.34:13021 -> 157.55.130.146:40026 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 46 UDP 192.168.1.34:13021 -> 157.55.235.145:40022 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 47 UDP 192.168.1.34:13021 -> 157.55.235.147:40020 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 48 UDP 192.168.1.34:13021 -> 157.55.56.148:40010 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 49 UDP 192.168.1.34:13021 -> 157.55.235.176:40022 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 50 UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 51 UDP 192.168.1.34:13021 -> 157.55.56.162:40004 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 52 UDP 192.168.1.34:13021 -> 157.55.56.161:40012 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 53 UDP 192.168.1.34:13021 -> 157.55.235.157:40010 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 54 UDP 192.168.1.34:13021 -> 157.55.130.156:40034 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 55 UDP 192.168.1.34:13021 -> 157.55.56.166:40022 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 56 UDP 192.168.1.34:13021 -> 157.55.130.165:40026 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 57 UDP 192.168.1.34:13021 -> 157.55.56.165:40020 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 58 UDP 192.168.1.34:13021 -> 157.55.235.173:40012 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 59 UDP 192.168.1.34:13021 -> 157.55.56.168:40006 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 60 UDP 192.168.1.34:13021 -> 157.55.235.172:40032 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 61 UDP 192.168.1.34:13021 -> 157.55.235.175:40008 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 62 UDP 192.168.1.34:13021 -> 65.55.223.39:443 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 63 TCP 192.168.1.34:50143 <-> 78.202.226.115:29059 [proto: 125/Skype][12 pkts/935 bytes <-> 2 pkts/197 bytes] - 64 UDP 192.168.1.34:49163 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] - 65 UDP 192.168.1.34:49793 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/532 bytes -> 0 pkts/0 bytes][Host: dsn4.d.skype.net] - 66 UDP 192.168.1.34:49903 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][9 pkts/648 bytes -> 0 pkts/0 bytes][Host: ui.skype.com] - 67 TCP 192.168.1.34:50134 <-> 157.56.53.47:12350 [proto: 125/Skype][11 pkts/1578 bytes <-> 4 pkts/342 bytes] - 68 UDP 192.168.1.34:51879 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] - 69 UDP 192.168.1.34:54343 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] - 70 UDP 192.168.1.34:55159 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes -> 0 pkts/0 bytes][Host: a.config.skype.trafficmanager.net] - 71 UDP 192.168.1.34:55711 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] - 72 UDP 192.168.1.34:55893 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][5 pkts/360 bytes -> 0 pkts/0 bytes][Host: ui.skype.com] - 73 UDP 192.168.1.34:56387 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] - 74 UDP 192.168.1.34:13021 -> 213.199.179.150:40004 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 75 UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 76 UDP 192.168.1.34:13021 -> 213.199.179.143:40022 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 77 UDP 192.168.1.34:13021 -> 213.199.179.155:40004 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 78 UDP 192.168.1.34:13021 -> 213.199.179.154:40034 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 79 UDP 192.168.1.34:13021 -> 213.199.179.168:40006 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 80 UDP 192.168.1.34:58681 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/101 bytes <-> 1 pkts/166 bytes][Host: db3msgr5011709.gateway.messenger.live.com] - 81 TCP 192.168.1.34:50122 <-> 81.133.19.185:44431 [proto: 125/Skype][14 pkts/1090 bytes <-> 6 pkts/534 bytes] - 82 UDP 192.168.1.34:63321 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] - 83 UDP 192.168.1.34:49485 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] - 84 UDP 192.168.1.34:63421 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 85 UDP 192.168.1.34:64085 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e7768.b.akamaiedge.net] - 86 UDP 192.168.1.34:65045 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/532 bytes -> 0 pkts/0 bytes][Host: dsn4.d.skype.net] - 87 UDP 192.168.1.34:65037 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 88 TCP 192.168.1.34:50055 <-> 111.221.74.47:40030 [proto: 125/Skype][11 pkts/866 bytes <-> 5 pkts/396 bytes] - 89 TCP 192.168.1.34:50096 <-> 111.221.74.46:40027 [proto: 125/Skype][11 pkts/822 bytes <-> 4 pkts/390 bytes] - 90 TCP 192.168.1.34:50086 <-> 111.221.77.142:40023 [proto: 125/Skype][11 pkts/841 bytes <-> 5 pkts/429 bytes] - 91 TCP 192.168.1.34:50024 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/60 bytes] - 92 TCP 192.168.1.34:50128 <-> 17.172.100.36:443 [proto: 91.143/SSL.AppleiCloud][43 pkts/9635 bytes <-> 43 pkts/10651 bytes][client: p05-keyvalueservice.icloud.com] - 93 TCP 192.168.1.34:50027 <-> 23.223.73.34:443 [proto: 91.125/SSL.Skype][17 pkts/3605 bytes <-> 1 pkts/74 bytes][client: apps.skypeassets.com] - 94 TCP 192.168.1.34:50090 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][12 pkts/2140 bytes <-> 3 pkts/200 bytes][client: apps.skype.com] - 95 UDP 192.168.1.34:13021 -> 157.55.130.145:443 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 96 TCP 192.168.1.34:50088 <-> 157.55.235.146:33033 [proto: 125/Skype][14 pkts/1085 bytes <-> 4 pkts/315 bytes] - 97 UDP 192.168.1.34:13021 -> 106.188.249.186:15120 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 98 UDP 192.168.1.34:13021 -> 176.26.55.167:63773 [proto: 125/Skype][5 pkts/300 bytes -> 0 pkts/0 bytes] - 99 TCP 17.143.160.22:5223 <-> 192.168.1.34:49447 [proto: 140/Apple][6 pkts/1211 bytes <-> 6 pkts/666 bytes] - 100 TCP 192.168.1.34:50032 <-> 157.56.52.44:40032 [proto: 125/Skype][12 pkts/969 bytes <-> 4 pkts/337 bytes] - 101 TCP 192.168.1.34:50034 <-> 157.55.130.140:40033 [proto: 125/Skype][13 pkts/1010 bytes <-> 4 pkts/390 bytes] - 102 TCP 192.168.1.34:50044 <-> 157.55.130.167:40031 [proto: 125/Skype][13 pkts/993 bytes <-> 4 pkts/360 bytes] - 103 TCP 192.168.1.34:50046 <-> 157.55.130.150:40011 [proto: 125/Skype][11 pkts/843 bytes <-> 4 pkts/386 bytes] - 104 TCP 192.168.1.34:50053 <-> 157.55.56.146:40030 [proto: 125/Skype][12 pkts/940 bytes <-> 5 pkts/415 bytes] - 105 TCP 192.168.1.34:50054 <-> 157.55.130.153:40005 [proto: 125/Skype][13 pkts/1020 bytes <-> 4 pkts/421 bytes] - 106 TCP 192.168.1.34:50074 <-> 157.55.130.173:40003 [proto: 125/Skype][13 pkts/1010 bytes <-> 4 pkts/317 bytes] - 107 TCP 192.168.1.34:50077 <-> 157.55.130.176:40022 [proto: 125/Skype][13 pkts/1004 bytes <-> 4 pkts/334 bytes] - 108 TCP 192.168.1.34:50097 <-> 157.55.235.176:40022 [proto: 125/Skype][13 pkts/1000 bytes <-> 4 pkts/371 bytes] - 109 UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 110 UDP 192.168.1.34:13021 -> 64.4.23.166:40022 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 111 UDP 192.168.1.34:13021 -> 64.4.23.165:40020 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 112 UDP 192.168.1.34:13021 -> 64.4.23.140:40012 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 113 UDP 192.168.1.34:13021 -> 64.4.23.150:40004 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 114 UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 115 UDP 192.168.1.34:13021 -> 64.4.23.141:40004 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 116 UDP 192.168.1.34:13021 -> 64.4.23.148:40010 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 117 UDP 192.168.1.34:13021 -> 64.4.23.145:40024 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 118 UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 119 UDP 192.168.1.34:13021 -> 64.4.23.168:40006 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 120 UDP 192.168.1.34:13021 -> 65.55.223.38:40015 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 121 UDP 192.168.1.34:13021 -> 65.55.223.20:40033 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 122 UDP 192.168.1.34:13021 -> 65.55.223.33:40011 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 123 UDP 192.168.1.34:13021 -> 65.55.223.21:40027 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 124 UDP 192.168.1.34:13021 -> 65.55.223.44:40013 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 125 UDP 192.168.1.34:13021 -> 65.55.223.41:40027 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 126 UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 127 UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 128 TCP 192.168.1.34:50063 <-> 111.221.74.38:443 [proto: 91.125/SSL.Skype][10 pkts/1002 bytes <-> 3 pkts/285 bytes] - 129 TCP 192.168.1.34:50087 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][9 pkts/822 bytes <-> 3 pkts/285 bytes] - 130 UDP 192.168.1.34:13021 -> 76.185.207.12:45493 [proto: 125/Skype][5 pkts/300 bytes -> 0 pkts/0 bytes] - 131 TCP 192.168.1.34:50137 <-> 5.248.186.221:31010 [proto: 125/Skype][14 pkts/1062 bytes <-> 4 pkts/383 bytes] - 132 UDP 192.168.1.34:13021 -> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 133 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 134 UDP 192.168.1.34:13021 -> 111.221.74.24:40001 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 135 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 136 UDP 192.168.1.34:13021 -> 111.221.74.12:40031 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 137 UDP 192.168.1.34:13021 -> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 138 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 139 UDP 192.168.1.34:13021 -> 111.221.74.32:40009 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 140 UDP 192.168.1.34:13021 -> 111.221.74.31:40021 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 141 UDP 192.168.1.34:13021 -> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 142 UDP 192.168.1.34:13021 -> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 143 UDP 192.168.1.34:13021 -> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 144 UDP 192.168.1.34:13021 -> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 145 UDP 192.168.1.34:13021 -> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 146 UDP 192.168.1.34:13021 -> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 147 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 148 UDP 192.168.1.34:13021 -> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 149 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][3 pkts/297 bytes <-> 3 pkts/186 bytes] - 150 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/417 bytes <-> 4 pkts/352 bytes] - 151 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/353 bytes <-> 4 pkts/246 bytes] - 152 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][11 pkts/814 bytes <-> 3 pkts/287 bytes] - 153 UDP 192.168.1.34:13021 -> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 154 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 155 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 156 UDP 192.168.1.34:13021 -> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 157 TCP 192.168.1.34:50112 <-> 76.167.161.6:20274 [proto: 125/Skype][11 pkts/843 bytes <-> 4 pkts/411 bytes] - 158 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][187 pkts/42539 bytes <-> 200 pkts/155551 bytes][server: *.gateway.messenger.live.com] - 159 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][11 pkts/1074 bytes <-> 3 pkts/254 bytes] - 160 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][11 pkts/1218 bytes <-> 4 pkts/351 bytes] - 161 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][12 pkts/1151 bytes <-> 3 pkts/260 bytes] - 162 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][12 pkts/1074 bytes <-> 3 pkts/277 bytes] - 163 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][12 pkts/1102 bytes <-> 3 pkts/247 bytes] - 164 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][13 pkts/1554 bytes <-> 3 pkts/200 bytes] - 165 TCP 192.168.1.34:50146 -> 157.56.53.51:443 [proto: 91/SSL][8 pkts/608 bytes -> 0 pkts/0 bytes] - 166 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][11 pkts/1050 bytes <-> 4 pkts/351 bytes] - 167 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][12 pkts/1270 bytes <-> 3 pkts/243 bytes] - 168 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][12 pkts/1305 bytes <-> 3 pkts/285 bytes] - 169 UDP 192.168.1.34:13021 -> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 170 UDP 192.168.1.34:13021 -> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 171 UDP 192.168.1.34:13021 -> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 172 UDP 192.168.1.34:13021 -> 157.56.52.21:40004 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 173 UDP 192.168.1.34:13021 -> 157.56.52.26:40026 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 174 UDP 192.168.1.34:13021 -> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 175 UDP 192.168.1.34:13021 -> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 176 UDP 192.168.1.34:13021 -> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 177 UDP 192.168.1.34:13021 -> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 178 UDP 192.168.1.34:13021 -> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 179 UDP 192.168.1.34:13021 -> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 180 UDP 192.168.1.34:13021 -> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 181 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 182 UDP 192.168.1.34:13021 -> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 183 UDP 192.168.1.34:13021 -> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 184 UDP 192.168.1.34:13021 -> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 185 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 186 UDP 192.168.1.34:13021 -> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 187 UDP 192.168.1.34:13021 -> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 188 UDP 192.168.1.34:13021 -> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 189 UDP 192.168.1.34:13021 -> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 190 UDP 192.168.1.34:13021 -> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 191 UDP 192.168.1.34:13021 -> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 192 UDP 192.168.1.34:13021 -> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 193 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 194 UDP 192.168.1.34:49360 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 195 TCP 192.168.1.34:50132 <-> 149.13.32.15:13392 [proto: 125/Skype][13 pkts/1010 bytes <-> 5 pkts/402 bytes] - 196 UDP 192.168.1.92:57621 -> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes -> 0 pkts/0 bytes] - 197 UDP 192.168.1.34:49990 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 198 UDP 192.168.1.34:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes -> 0 pkts/0 bytes] - 199 UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes -> 0 pkts/0 bytes] - 200 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 201 UDP 192.168.1.34:51802 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] - 202 UDP 192.168.1.34:52714 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] - 203 UDP 192.168.1.34:52850 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] - 204 UDP 192.168.1.34:52742 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] - 205 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][13 pkts/1392 bytes <-> 3 pkts/200 bytes] - 206 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][13 pkts/1176 bytes <-> 3 pkts/200 bytes] - 207 UDP 192.168.1.34:54396 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] - 208 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][12 pkts/948 bytes <-> 4 pkts/407 bytes] - 209 TCP 192.168.1.34:50026 <-> 65.55.223.33:40002 [proto: 125/Skype][13 pkts/971 bytes <-> 4 pkts/399 bytes] - 210 TCP 192.168.1.34:50065 <-> 65.55.223.12:40031 [proto: 125/Skype][13 pkts/1004 bytes <-> 4 pkts/397 bytes] - 211 TCP 192.168.1.34:50098 <-> 65.55.223.15:40026 [proto: 125/Skype][13 pkts/995 bytes <-> 4 pkts/386 bytes] - 212 UDP 192.168.1.34:57288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] - 213 UDP 192.168.1.34:57406 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] - 214 UDP 192.168.1.34:57726 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 215 UDP 192.168.1.34:13021 -> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 216 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 217 UDP 192.168.1.34:13021 -> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 218 UDP 192.168.1.34:13021 -> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 219 UDP 192.168.1.34:13021 -> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 220 UDP 192.168.1.34:13021 -> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 221 UDP 192.168.1.34:58458 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 222 UDP 192.168.1.34:58368 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] - 223 UDP 192.168.1.34:60288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 224 ICMP 192.168.1.1:0 -> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes -> 0 pkts/0 bytes] - 225 UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][1 pkts/101 bytes <-> 1 pkts/133 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] - 226 UDP 192.168.1.34:63108 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes -> 0 pkts/0 bytes][Host: a.config.skype.trafficmanager.net] - 227 UDP 192.168.1.92:50084 -> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes -> 0 pkts/0 bytes] - 228 UDP 192.168.1.34:51066 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] - 229 UDP 192.168.1.34:65426 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] - 230 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][13 pkts/1000 bytes <-> 4 pkts/380 bytes] - 231 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][11 pkts/820 bytes <-> 5 pkts/416 bytes] - 232 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][16 pkts/3461 bytes <-> 1 pkts/74 bytes][client: apps.skype.com] - 233 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][2 pkts/92 bytes -> 0 pkts/0 bytes] - 234 IGMP 192.168.1.92:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 235 IGMP 192.168.1.1:0 -> 224.0.0.1:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 236 IGMP 192.168.1.34:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes -> 0 pkts/0 bytes] - 237 UDP 192.168.1.34:56886 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] - 238 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][13 pkts/977 bytes <-> 4 pkts/384 bytes] - 239 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][11 pkts/836 bytes <-> 5 pkts/442 bytes] - 240 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][12 pkts/899 bytes <-> 5 pkts/406 bytes] - 241 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][14 pkts/1083 bytes <-> 4 pkts/359 bytes] - 242 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][13 pkts/975 bytes <-> 4 pkts/412 bytes] - 243 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125/Skype][231 pkts/60232 bytes <-> 241 pkts/104395 bytes] - 244 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][13 pkts/989 bytes <-> 4 pkts/323 bytes] - 245 UDP 192.168.1.34:64560 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] - 246 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 247 TCP 192.168.1.34:50115 <-> 86.31.35.30:59621 [proto: 125/Skype][13 pkts/995 bytes <-> 4 pkts/391 bytes] - 248 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][9 pkts/862 bytes <-> 3 pkts/285 bytes] - 249 TCP 192.168.1.34:50030 <-> 65.55.223.33:443 [proto: 91/SSL][11 pkts/960 bytes <-> 4 pkts/351 bytes] - 250 TCP 192.168.1.34:50066 <-> 65.55.223.12:443 [proto: 91/SSL][12 pkts/1221 bytes <-> 3 pkts/231 bytes] - 251 TCP 192.168.1.34:50102 <-> 65.55.223.15:443 [proto: 91/SSL][11 pkts/1140 bytes <-> 3 pkts/250 bytes] - 252 UDP 192.168.0.254:1025 -> 239.255.255.250:1900 [proto: 12/SSDP][79 pkts/29479 bytes -> 0 pkts/0 bytes] - 253 UDP 192.168.1.34:13021 -> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 254 UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes -> 0 pkts/0 bytes] - 255 UDP 192.168.1.34:13021 -> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 256 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 257 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 258 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 259 UDP 192.168.1.34:13021 -> 65.55.223.15:40026 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 260 UDP 192.168.1.34:13021 -> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 261 UDP 192.168.1.34:13021 -> 65.55.223.17:40022 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 262 UDP 192.168.1.34:13021 -> 65.55.223.25:40028 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 263 UDP 192.168.1.34:13021 -> 65.55.223.24:40032 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 264 UDP 192.168.1.34:13021 -> 65.55.223.28:40026 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 265 UDP 192.168.1.34:13021 -> 65.55.223.26:40004 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 266 UDP 192.168.1.34:13021 -> 65.55.223.29:40010 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 267 UDP 192.168.1.34:13021 -> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 268 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][1 pkts/90 bytes <-> 1 pkts/90 bytes] - 269 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][11 pkts/955 bytes <-> 9 pkts/561 bytes] - 270 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][14 pkts/1075 bytes <-> 4 pkts/431 bytes] - 271 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][13 pkts/994 bytes <-> 2 pkts/243 bytes] - 272 TCP 108.160.170.46:443 <-> 192.168.1.34:49445 [proto: 91.121/SSL.Dropbox][8 pkts/1636 bytes <-> 8 pkts/4344 bytes] - 273 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][10 pkts/857 bytes <-> 4 pkts/351 bytes] - 274 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][10 pkts/872 bytes <-> 3 pkts/237 bytes] - 275 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][13 pkts/982 bytes <-> 4 pkts/322 bytes] - 276 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][14 pkts/1100 bytes <-> 5 pkts/395 bytes] - 277 UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][4 pkts/908 bytes -> 0 pkts/0 bytes] + 2 TCP 192.168.1.34:50118 <-> 5.248.186.221:31010 [proto: 125/Skype][18 pkts/2588 bytes <-> 13 pkts/2100 bytes] + 3 UDP 192.168.1.34:13021 -> 111.221.74.15:40024 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 4 UDP 192.168.1.34:13021 -> 111.221.77.160:40028 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 5 UDP 192.168.1.34:13021 -> 111.221.74.48:40008 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 6 UDP 192.168.1.34:13021 -> 111.221.74.42:40024 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 7 UDP 192.168.1.34:13021 -> 111.221.74.25:40028 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 8 UDP 192.168.1.34:13021 -> 111.221.74.17:40022 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 9 UDP 192.168.1.34:13021 -> 111.221.74.16:40032 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 10 UDP 192.168.1.34:13021 -> 111.221.74.28:40014 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 11 UDP 192.168.1.34:13021 -> 111.221.74.40:40018 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 12 UDP 192.168.1.34:13021 -> 111.221.74.29:40024 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 13 UDP 192.168.1.34:13021 -> 111.221.77.153:40024 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 14 UDP 192.168.1.34:13021 -> 111.221.77.141:40020 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 15 UDP 192.168.1.34:13021 -> 111.221.77.143:40022 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 16 UDP 192.168.1.34:13021 -> 111.221.77.149:40030 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 17 UDP 192.168.1.34:13021 -> 111.221.77.155:40004 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 18 UDP 192.168.1.34:13021 -> 111.221.77.172:40010 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 19 UDP 192.168.1.34:13021 -> 111.221.77.165:40020 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 20 UDP 192.168.1.34:13021 -> 111.221.77.176:40020 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 21 TCP 192.168.1.34:50110 <-> 91.190.216.125:12350 [proto: 125/Skype][3 pkts/191 bytes <-> 3 pkts/186 bytes] + 22 TCP 192.168.1.34:50126 <-> 91.190.216.23:12350 [proto: 125/Skype][16 pkts/4788 bytes <-> 4 pkts/372 bytes] + 23 UDP 192.168.1.34:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes -> 0 pkts/0 bytes] + 24 UDP 192.168.1.92:17500 -> 192.168.1.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes -> 0 pkts/0 bytes] + 25 TCP 192.168.1.34:50113 <-> 71.238.7.203:18767 [proto: 125/Skype][11 pkts/827 bytes <-> 3 pkts/325 bytes] + 26 TCP 192.168.1.34:50117 <-> 71.238.7.203:18767 [proto: 125/Skype][24 pkts/3136 bytes <-> 19 pkts/2618 bytes] + 27 TCP 192.168.1.34:50116 <-> 81.83.77.141:17639 [proto: 125/Skype][15 pkts/1138 bytes <-> 4 pkts/372 bytes] + 28 UDP 192.168.1.34:13021 -> 157.56.52.18:33033 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 29 TCP 192.168.1.34:50135 <-> 76.167.161.6:20274 [proto: 125/Skype][11 pkts/838 bytes <-> 3 pkts/270 bytes] + 30 TCP 192.168.1.34:50038 <-> 157.55.130.140:443 [proto: 91.125/SSL.Skype][12 pkts/1032 bytes <-> 3 pkts/230 bytes] + 31 TCP 192.168.1.34:50048 <-> 157.55.130.150:443 [proto: 91.125/SSL.Skype][12 pkts/1109 bytes <-> 3 pkts/236 bytes] + 32 TCP 192.168.1.34:50056 <-> 157.55.56.146:443 [proto: 91.125/SSL.Skype][11 pkts/999 bytes <-> 4 pkts/266 bytes] + 33 TCP 192.168.1.34:50072 <-> 157.55.130.170:443 [proto: 91.125/SSL.Skype][12 pkts/1207 bytes <-> 3 pkts/277 bytes] + 34 TCP 192.168.1.34:50080 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][12 pkts/1249 bytes <-> 3 pkts/285 bytes] + 35 TCP 192.168.1.34:50094 <-> 157.55.130.155:443 [proto: 91.125/SSL.Skype][12 pkts/1039 bytes <-> 3 pkts/267 bytes] + 36 TCP 192.168.1.34:50078 <-> 157.55.130.173:443 [proto: 91.125/SSL.Skype][12 pkts/1088 bytes <-> 3 pkts/236 bytes] + 37 UDP 192.168.1.34:13021 -> 157.55.130.155:40020 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 38 UDP 192.168.1.34:13021 -> 157.56.52.28:40009 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 39 UDP 192.168.1.34:13021 -> 157.56.52.15:40027 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 40 UDP 192.168.1.34:13021 -> 157.56.52.24:40001 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 41 UDP 192.168.1.34:13021 -> 157.56.52.17:40013 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 42 UDP 192.168.1.34:13021 -> 157.56.52.27:40027 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 43 UDP 192.168.1.34:13021 -> 157.56.52.33:40011 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 44 UDP 192.168.1.34:13021 -> 157.55.235.143:40030 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 45 UDP 192.168.1.34:13021 -> 157.56.52.47:40029 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 46 UDP 192.168.1.34:13021 -> 157.55.130.144:40034 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 47 UDP 192.168.1.34:13021 -> 157.55.130.146:40026 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 48 UDP 192.168.1.34:13021 -> 157.55.235.145:40022 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 49 UDP 192.168.1.34:13021 -> 157.55.235.147:40020 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 50 UDP 192.168.1.34:13021 -> 157.55.56.148:40010 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 51 UDP 192.168.1.34:13021 -> 157.55.235.176:40022 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 52 UDP 192.168.1.34:13021 -> 157.55.130.175:40006 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 53 UDP 192.168.1.34:13021 -> 157.55.56.162:40004 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 54 UDP 192.168.1.34:13021 -> 157.55.56.161:40012 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 55 UDP 192.168.1.34:13021 -> 157.55.235.157:40010 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 56 UDP 192.168.1.34:13021 -> 157.55.130.156:40034 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 57 UDP 192.168.1.34:13021 -> 157.55.56.166:40022 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 58 UDP 192.168.1.34:13021 -> 157.55.130.165:40026 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 59 UDP 192.168.1.34:13021 -> 157.55.56.165:40020 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 60 UDP 192.168.1.34:13021 -> 157.55.235.173:40012 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 61 UDP 192.168.1.34:13021 -> 157.55.56.168:40006 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 62 UDP 192.168.1.34:13021 -> 157.55.235.172:40032 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 63 UDP 192.168.1.34:13021 -> 157.55.235.175:40008 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 64 UDP 192.168.1.34:13021 -> 65.55.223.39:443 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 65 TCP 192.168.1.34:50143 <-> 78.202.226.115:29059 [proto: 125/Skype][12 pkts/935 bytes <-> 2 pkts/197 bytes] + 66 UDP 192.168.1.34:49163 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] + 67 UDP 192.168.1.34:49793 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/532 bytes -> 0 pkts/0 bytes][Host: dsn4.d.skype.net] + 68 UDP 192.168.1.34:49903 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][9 pkts/648 bytes -> 0 pkts/0 bytes][Host: ui.skype.com] + 69 TCP 192.168.1.34:50134 <-> 157.56.53.47:12350 [proto: 125/Skype][11 pkts/1578 bytes <-> 4 pkts/342 bytes] + 70 UDP 192.168.1.34:51879 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] + 71 UDP 192.168.1.34:54343 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] + 72 UDP 192.168.1.34:55159 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes -> 0 pkts/0 bytes][Host: a.config.skype.trafficmanager.net] + 73 UDP 192.168.1.34:55711 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] + 74 UDP 192.168.1.34:55893 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][5 pkts/360 bytes -> 0 pkts/0 bytes][Host: ui.skype.com] + 75 UDP 192.168.1.34:56387 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] + 76 UDP 192.168.1.34:13021 -> 213.199.179.150:40004 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 77 UDP 192.168.1.34:13021 -> 213.199.179.146:40030 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 78 UDP 192.168.1.34:13021 -> 213.199.179.143:40022 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 79 UDP 192.168.1.34:13021 -> 213.199.179.155:40004 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 80 UDP 192.168.1.34:13021 -> 213.199.179.154:40034 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 81 UDP 192.168.1.34:13021 -> 213.199.179.168:40006 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 82 UDP 192.168.1.34:58681 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/101 bytes <-> 1 pkts/166 bytes][Host: db3msgr5011709.gateway.messenger.live.com] + 83 TCP 192.168.1.34:50122 <-> 81.133.19.185:44431 [proto: 125/Skype][14 pkts/1090 bytes <-> 6 pkts/534 bytes] + 84 UDP 192.168.1.34:63321 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] + 85 UDP 192.168.1.34:49485 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] + 86 UDP 192.168.1.34:63421 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 87 UDP 192.168.1.34:64085 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e7768.b.akamaiedge.net] + 88 UDP 192.168.1.34:65045 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/532 bytes -> 0 pkts/0 bytes][Host: dsn4.d.skype.net] + 89 UDP 192.168.1.34:65037 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 90 TCP 192.168.1.34:50055 <-> 111.221.74.47:40030 [proto: 125/Skype][11 pkts/866 bytes <-> 5 pkts/396 bytes] + 91 TCP 192.168.1.34:50096 <-> 111.221.74.46:40027 [proto: 125/Skype][11 pkts/822 bytes <-> 4 pkts/390 bytes] + 92 TCP 192.168.1.34:50086 <-> 111.221.77.142:40023 [proto: 125/Skype][11 pkts/841 bytes <-> 5 pkts/429 bytes] + 93 TCP 192.168.1.34:50024 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][2 pkts/108 bytes <-> 1 pkts/60 bytes] + 94 TCP 192.168.1.34:50128 <-> 17.172.100.36:443 [proto: 91.143/SSL.AppleiCloud][43 pkts/9635 bytes <-> 43 pkts/10651 bytes][client: p05-keyvalueservice.icloud.com] + 95 TCP 192.168.1.34:50027 <-> 23.223.73.34:443 [proto: 91.125/SSL.Skype][17 pkts/3605 bytes <-> 1 pkts/74 bytes][client: apps.skypeassets.com] + 96 TCP 192.168.1.34:50090 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][12 pkts/2140 bytes <-> 3 pkts/200 bytes][client: apps.skype.com] + 97 UDP 192.168.1.34:13021 -> 157.55.130.145:443 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 98 TCP 192.168.1.34:50088 <-> 157.55.235.146:33033 [proto: 125/Skype][14 pkts/1085 bytes <-> 4 pkts/315 bytes] + 99 UDP 192.168.1.34:13021 -> 106.188.249.186:15120 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 100 UDP 192.168.1.34:13021 -> 176.26.55.167:63773 [proto: 125/Skype][5 pkts/300 bytes -> 0 pkts/0 bytes] + 101 TCP 17.143.160.22:5223 <-> 192.168.1.34:49447 [proto: 140/Apple][6 pkts/1211 bytes <-> 6 pkts/666 bytes] + 102 TCP 192.168.1.34:50032 <-> 157.56.52.44:40032 [proto: 125/Skype][12 pkts/969 bytes <-> 4 pkts/337 bytes] + 103 TCP 192.168.1.34:50034 <-> 157.55.130.140:40033 [proto: 125/Skype][13 pkts/1010 bytes <-> 4 pkts/390 bytes] + 104 TCP 192.168.1.34:50044 <-> 157.55.130.167:40031 [proto: 125/Skype][13 pkts/993 bytes <-> 4 pkts/360 bytes] + 105 TCP 192.168.1.34:50046 <-> 157.55.130.150:40011 [proto: 125/Skype][11 pkts/843 bytes <-> 4 pkts/386 bytes] + 106 TCP 192.168.1.34:50053 <-> 157.55.56.146:40030 [proto: 125/Skype][12 pkts/940 bytes <-> 5 pkts/415 bytes] + 107 TCP 192.168.1.34:50054 <-> 157.55.130.153:40005 [proto: 125/Skype][13 pkts/1020 bytes <-> 4 pkts/421 bytes] + 108 TCP 192.168.1.34:50074 <-> 157.55.130.173:40003 [proto: 125/Skype][13 pkts/1010 bytes <-> 4 pkts/317 bytes] + 109 TCP 192.168.1.34:50077 <-> 157.55.130.176:40022 [proto: 125/Skype][13 pkts/1004 bytes <-> 4 pkts/334 bytes] + 110 TCP 192.168.1.34:50097 <-> 157.55.235.176:40022 [proto: 125/Skype][13 pkts/1000 bytes <-> 4 pkts/371 bytes] + 111 UDP 192.168.1.34:13021 -> 65.55.223.18:33033 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 112 UDP 192.168.1.34:13021 -> 64.4.23.166:40022 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 113 UDP 192.168.1.34:13021 -> 64.4.23.165:40020 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 114 UDP 192.168.1.34:13021 -> 64.4.23.140:40012 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 115 UDP 192.168.1.34:13021 -> 64.4.23.150:40004 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 116 UDP 192.168.1.34:13021 -> 64.4.23.143:40018 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 117 UDP 192.168.1.34:13021 -> 64.4.23.141:40004 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 118 UDP 192.168.1.34:13021 -> 64.4.23.148:40010 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 119 UDP 192.168.1.34:13021 -> 64.4.23.145:40024 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 120 UDP 192.168.1.34:13021 -> 64.4.23.155:40004 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 121 UDP 192.168.1.34:13021 -> 64.4.23.168:40006 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 122 UDP 192.168.1.34:13021 -> 65.55.223.38:40015 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 123 UDP 192.168.1.34:13021 -> 65.55.223.20:40033 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 124 UDP 192.168.1.34:13021 -> 65.55.223.33:40011 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 125 UDP 192.168.1.34:13021 -> 65.55.223.21:40027 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 126 UDP 192.168.1.34:13021 -> 65.55.223.44:40013 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 127 UDP 192.168.1.34:13021 -> 65.55.223.41:40027 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 128 UDP 192.168.1.34:13021 -> 111.221.74.18:33033 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 129 UDP 192.168.1.34:13021 -> 111.221.77.146:33033 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 130 TCP 192.168.1.34:50063 <-> 111.221.74.38:443 [proto: 91.125/SSL.Skype][10 pkts/1002 bytes <-> 3 pkts/285 bytes] + 131 TCP 192.168.1.34:50087 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][9 pkts/822 bytes <-> 3 pkts/285 bytes] + 132 UDP 192.168.1.34:13021 -> 76.185.207.12:45493 [proto: 125/Skype][5 pkts/300 bytes -> 0 pkts/0 bytes] + 133 TCP 192.168.1.34:50137 <-> 5.248.186.221:31010 [proto: 125/Skype][14 pkts/1062 bytes <-> 4 pkts/383 bytes] + 134 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 125/Skype][15 pkts/2395 bytes <-> 8 pkts/1724 bytes] + 135 UDP 192.168.1.34:13021 -> 111.221.77.142:40023 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 136 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 137 UDP 192.168.1.34:13021 -> 111.221.74.24:40001 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 138 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 139 UDP 192.168.1.34:13021 -> 111.221.74.12:40031 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 140 UDP 192.168.1.34:13021 -> 111.221.74.44:40031 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 141 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 142 UDP 192.168.1.34:13021 -> 111.221.74.32:40009 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 143 UDP 192.168.1.34:13021 -> 111.221.74.31:40021 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 144 UDP 192.168.1.34:13021 -> 111.221.77.140:40003 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 145 UDP 192.168.1.34:13021 -> 111.221.77.145:40027 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 146 UDP 192.168.1.34:13021 -> 111.221.77.151:40027 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 147 UDP 192.168.1.34:13021 -> 111.221.77.148:40029 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 148 UDP 192.168.1.34:13021 -> 111.221.77.168:40007 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 149 UDP 192.168.1.34:13021 -> 111.221.77.166:40011 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 150 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 151 UDP 192.168.1.34:13021 -> 111.221.77.159:40009 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 152 TCP 192.168.1.34:50109 <-> 91.190.216.125:12350 [proto: 125/Skype][3 pkts/297 bytes <-> 3 pkts/186 bytes] + 153 TCP 192.168.1.34:50125 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/417 bytes <-> 4 pkts/352 bytes] + 154 TCP 192.168.1.34:50129 <-> 91.190.218.125:12350 [proto: 125/Skype][6 pkts/353 bytes <-> 4 pkts/246 bytes] + 155 TCP 192.168.1.34:50136 <-> 71.238.7.203:18767 [proto: 125/Skype][11 pkts/814 bytes <-> 3 pkts/287 bytes] + 156 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 125/Skype][19 pkts/2797 bytes <-> 13 pkts/2175 bytes] + 157 UDP 192.168.1.34:13021 -> 176.97.100.249:26635 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 158 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 159 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 160 UDP 192.168.1.34:13021 -> 157.55.56.146:33033 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 161 TCP 192.168.1.34:50112 <-> 76.167.161.6:20274 [proto: 125/Skype][11 pkts/843 bytes <-> 4 pkts/411 bytes] + 162 TCP 192.168.1.34:50028 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][187 pkts/42539 bytes <-> 200 pkts/155551 bytes][server: *.gateway.messenger.live.com] + 163 TCP 192.168.1.34:50036 <-> 157.56.52.44:443 [proto: 91.125/SSL.Skype][11 pkts/1074 bytes <-> 3 pkts/254 bytes] + 164 TCP 192.168.1.34:50037 <-> 157.55.56.170:443 [proto: 91.125/SSL.Skype][11 pkts/1218 bytes <-> 4 pkts/351 bytes] + 165 TCP 192.168.1.34:50045 <-> 157.55.130.167:443 [proto: 91.125/SSL.Skype][12 pkts/1151 bytes <-> 3 pkts/260 bytes] + 166 TCP 192.168.1.34:50051 <-> 157.55.130.166:443 [proto: 91.125/SSL.Skype][12 pkts/1074 bytes <-> 3 pkts/277 bytes] + 167 TCP 192.168.1.34:50057 <-> 157.55.130.153:443 [proto: 91.125/SSL.Skype][12 pkts/1102 bytes <-> 3 pkts/247 bytes] + 168 TCP 192.168.1.34:50091 <-> 157.55.235.146:443 [proto: 91.125/SSL.Skype][13 pkts/1554 bytes <-> 3 pkts/200 bytes] + 169 TCP 192.168.1.34:50146 -> 157.56.53.51:443 [proto: 91/SSL][8 pkts/608 bytes -> 0 pkts/0 bytes] + 170 TCP 192.168.1.34:50069 <-> 157.55.56.160:443 [proto: 91.125/SSL.Skype][11 pkts/1050 bytes <-> 4 pkts/351 bytes] + 171 TCP 192.168.1.34:50081 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][12 pkts/1270 bytes <-> 3 pkts/243 bytes] + 172 TCP 192.168.1.34:50101 <-> 157.55.235.176:443 [proto: 91.125/SSL.Skype][12 pkts/1305 bytes <-> 3 pkts/285 bytes] + 173 UDP 192.168.1.34:13021 -> 157.55.130.160:40029 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 174 UDP 192.168.1.34:13021 -> 157.55.130.154:40005 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 175 UDP 192.168.1.34:13021 -> 157.56.52.45:40012 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 176 UDP 192.168.1.34:13021 -> 157.56.52.21:40004 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 177 UDP 192.168.1.34:13021 -> 157.56.52.26:40026 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 178 UDP 192.168.1.34:13021 -> 157.56.52.37:40032 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 179 UDP 192.168.1.34:13021 -> 157.55.235.142:40025 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 180 UDP 192.168.1.34:13021 -> 157.55.56.142:40023 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 181 UDP 192.168.1.34:13021 -> 157.55.235.152:40001 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 182 UDP 192.168.1.34:13021 -> 157.55.56.151:40027 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 183 UDP 192.168.1.34:13021 -> 157.55.56.145:40027 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 184 UDP 192.168.1.34:13021 -> 157.55.130.143:40017 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 185 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 186 UDP 192.168.1.34:13021 -> 157.55.130.147:40019 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 187 UDP 192.168.1.34:13021 -> 157.55.130.151:40017 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 188 UDP 192.168.1.34:13021 -> 157.55.235.153:40023 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 189 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 190 UDP 192.168.1.34:13021 -> 157.55.235.155:40003 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 191 UDP 192.168.1.34:13021 -> 157.55.235.158:40031 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 192 UDP 192.168.1.34:13021 -> 157.55.235.159:40021 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 193 UDP 192.168.1.34:13021 -> 157.55.56.175:40013 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 194 UDP 192.168.1.34:13021 -> 157.55.235.161:40011 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 195 UDP 192.168.1.34:13021 -> 157.55.235.160:40027 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 196 UDP 192.168.1.34:13021 -> 157.55.130.172:40019 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 197 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 198 UDP 192.168.1.34:49360 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 199 TCP 192.168.1.34:50132 <-> 149.13.32.15:13392 [proto: 125/Skype][13 pkts/1010 bytes <-> 5 pkts/402 bytes] + 200 UDP 192.168.1.92:57621 -> 192.168.1.255:57621 [proto: 156/Spotify][5 pkts/430 bytes -> 0 pkts/0 bytes] + 201 UDP 192.168.1.34:49990 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 202 UDP 192.168.1.34:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][6 pkts/3264 bytes -> 0 pkts/0 bytes] + 203 UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][5 pkts/2720 bytes -> 0 pkts/0 bytes] + 204 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 205 UDP 192.168.1.34:51802 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] + 206 UDP 192.168.1.34:52714 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] + 207 UDP 192.168.1.34:52850 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] + 208 UDP 192.168.1.34:52742 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst5.r.skype.net] + 209 TCP 192.168.1.34:50039 <-> 213.199.179.175:443 [proto: 91/SSL][13 pkts/1392 bytes <-> 3 pkts/200 bytes] + 210 TCP 192.168.1.34:50079 <-> 213.199.179.142:443 [proto: 91/SSL][13 pkts/1176 bytes <-> 3 pkts/200 bytes] + 211 UDP 192.168.1.34:54396 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] + 212 TCP 192.168.1.34:50099 <-> 64.4.23.166:40022 [proto: 125/Skype][12 pkts/948 bytes <-> 4 pkts/407 bytes] + 213 TCP 192.168.1.34:50026 <-> 65.55.223.33:40002 [proto: 125/Skype][13 pkts/971 bytes <-> 4 pkts/399 bytes] + 214 TCP 192.168.1.34:50065 <-> 65.55.223.12:40031 [proto: 125/Skype][13 pkts/1004 bytes <-> 4 pkts/397 bytes] + 215 TCP 192.168.1.34:50098 <-> 65.55.223.15:40026 [proto: 125/Skype][13 pkts/995 bytes <-> 4 pkts/386 bytes] + 216 UDP 192.168.1.34:57288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst6.r.skype.net] + 217 UDP 192.168.1.34:57406 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] + 218 UDP 192.168.1.34:57726 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 219 UDP 192.168.1.34:13021 -> 213.199.179.165:40007 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 220 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 221 UDP 192.168.1.34:13021 -> 213.199.179.162:40029 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 222 UDP 192.168.1.34:13021 -> 213.199.179.152:40023 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 223 UDP 192.168.1.34:13021 -> 213.199.179.145:40027 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 224 UDP 192.168.1.34:13021 -> 213.199.179.170:40011 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 225 UDP 192.168.1.34:58458 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 226 UDP 192.168.1.34:58368 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst13.r.skype.net] + 227 UDP 192.168.1.34:60288 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 228 ICMP 192.168.1.1:0 -> 192.168.1.34:0 [proto: 81/ICMP][8 pkts/656 bytes -> 0 pkts/0 bytes] + 229 UDP 192.168.1.34:62454 <-> 192.168.1.1:53 [proto: 5.143/DNS.AppleiCloud][1 pkts/101 bytes <-> 1 pkts/133 bytes][Host: p05-keyvalueservice.icloud.com.akadns.net] + 230 UDP 192.168.1.34:63108 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/651 bytes -> 0 pkts/0 bytes][Host: a.config.skype.trafficmanager.net] + 231 UDP 192.168.1.92:50084 -> 239.255.255.250:1900 [proto: 12/SSDP][14 pkts/7281 bytes -> 0 pkts/0 bytes] + 232 UDP 192.168.1.34:51066 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] + 233 UDP 192.168.1.34:65426 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] + 234 TCP 192.168.1.34:50130 <-> 212.161.8.36:13392 [proto: 125/Skype][13 pkts/1000 bytes <-> 4 pkts/380 bytes] + 235 TCP 192.168.1.34:50059 <-> 111.221.74.38:40015 [proto: 125/Skype][11 pkts/820 bytes <-> 5 pkts/416 bytes] + 236 TCP 192.168.1.34:50029 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][16 pkts/3461 bytes <-> 1 pkts/74 bytes][client: apps.skype.com] + 237 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][2 pkts/92 bytes -> 0 pkts/0 bytes] + 238 IGMP 192.168.1.92:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 239 IGMP 192.168.1.1:0 -> 224.0.0.1:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 240 IGMP 192.168.1.34:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/46 bytes -> 0 pkts/0 bytes] + 241 UDP 192.168.1.34:56886 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] + 242 TCP 192.168.1.34:50033 <-> 157.55.56.170:40015 [proto: 125/Skype][13 pkts/977 bytes <-> 4 pkts/384 bytes] + 243 TCP 192.168.1.34:50049 <-> 157.55.130.166:40021 [proto: 125/Skype][11 pkts/836 bytes <-> 5 pkts/442 bytes] + 244 TCP 192.168.1.34:50067 <-> 157.55.56.160:40027 [proto: 125/Skype][12 pkts/899 bytes <-> 5 pkts/406 bytes] + 245 TCP 192.168.1.34:50076 <-> 157.55.235.156:40014 [proto: 125/Skype][14 pkts/1083 bytes <-> 4 pkts/359 bytes] + 246 TCP 192.168.1.34:50092 <-> 157.55.130.155:40020 [proto: 125/Skype][13 pkts/975 bytes <-> 4 pkts/412 bytes] + 247 TCP 192.168.1.34:50108 <-> 157.56.52.28:40009 [proto: 125/Skype][231 pkts/60232 bytes <-> 241 pkts/104395 bytes] + 248 TCP 192.168.1.34:50070 <-> 157.55.130.170:40018 [proto: 125/Skype][13 pkts/989 bytes <-> 4 pkts/323 bytes] + 249 UDP 192.168.1.34:64560 -> 239.255.255.250:1900 [proto: 12/SSDP][2 pkts/349 bytes -> 0 pkts/0 bytes] + 250 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 251 TCP 192.168.1.34:50115 <-> 86.31.35.30:59621 [proto: 125/Skype][13 pkts/995 bytes <-> 4 pkts/391 bytes] + 252 TCP 192.168.1.34:50119 <-> 86.31.35.30:59621 [proto: 125/Skype][62 pkts/6941 bytes <-> 38 pkts/5325 bytes] + 253 TCP 192.168.1.34:50103 <-> 64.4.23.166:443 [proto: 91/SSL][9 pkts/862 bytes <-> 3 pkts/285 bytes] + 254 TCP 192.168.1.34:50030 <-> 65.55.223.33:443 [proto: 91/SSL][11 pkts/960 bytes <-> 4 pkts/351 bytes] + 255 TCP 192.168.1.34:50066 <-> 65.55.223.12:443 [proto: 91/SSL][12 pkts/1221 bytes <-> 3 pkts/231 bytes] + 256 TCP 192.168.1.34:50102 <-> 65.55.223.15:443 [proto: 91/SSL][11 pkts/1140 bytes <-> 3 pkts/250 bytes] + 257 UDP 192.168.0.254:1025 -> 239.255.255.250:1900 [proto: 12/SSDP][79 pkts/29479 bytes -> 0 pkts/0 bytes] + 258 UDP 192.168.1.34:13021 -> 71.62.0.85:33647 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 259 UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][4 pkts/828 bytes -> 0 pkts/0 bytes] + 260 UDP 192.168.1.34:13021 -> 64.4.23.159:40009 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 261 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 262 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 263 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 264 UDP 192.168.1.34:13021 -> 65.55.223.15:40026 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 265 UDP 192.168.1.34:13021 -> 65.55.223.43:40002 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 266 UDP 192.168.1.34:13021 -> 65.55.223.17:40022 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 267 UDP 192.168.1.34:13021 -> 65.55.223.25:40028 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 268 UDP 192.168.1.34:13021 -> 65.55.223.24:40032 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 269 UDP 192.168.1.34:13021 -> 65.55.223.28:40026 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 270 UDP 192.168.1.34:13021 -> 65.55.223.26:40004 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 271 UDP 192.168.1.34:13021 -> 65.55.223.29:40010 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 272 UDP 192.168.1.34:13021 -> 65.55.223.45:40012 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 273 UDP 192.168.1.34:123 <-> 17.253.48.245:123 [proto: 9/NTP][1 pkts/90 bytes <-> 1 pkts/90 bytes] + 274 TCP 192.168.1.34:50111 <-> 91.190.216.125:443 [proto: 91.125/SSL.Skype][11 pkts/955 bytes <-> 9 pkts/561 bytes] + 275 TCP 192.168.1.34:50123 <-> 80.14.46.121:4415 [proto: 125/Skype][14 pkts/1075 bytes <-> 4 pkts/431 bytes] + 276 TCP 192.168.1.34:50141 <-> 80.14.46.121:4415 [proto: 125/Skype][13 pkts/994 bytes <-> 2 pkts/243 bytes] + 277 TCP 108.160.170.46:443 <-> 192.168.1.34:49445 [proto: 91.121/SSL.Dropbox][8 pkts/1636 bytes <-> 8 pkts/4344 bytes] + 278 TCP 192.168.1.34:50058 <-> 111.221.74.47:443 [proto: 91.125/SSL.Skype][10 pkts/857 bytes <-> 4 pkts/351 bytes] + 279 TCP 192.168.1.34:50100 <-> 111.221.74.46:443 [proto: 91.125/SSL.Skype][10 pkts/872 bytes <-> 3 pkts/237 bytes] + 280 TCP 192.168.1.34:50035 <-> 213.199.179.175:40021 [proto: 125/Skype][13 pkts/982 bytes <-> 4 pkts/322 bytes] + 281 TCP 192.168.1.34:50075 <-> 213.199.179.142:40003 [proto: 125/Skype][14 pkts/1100 bytes <-> 5 pkts/395 bytes] + 282 UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][4 pkts/908 bytes -> 0 pkts/0 bytes] Undetected flows: - 1 TCP 192.168.1.34:50118 <-> 5.248.186.221:31010 [proto: 0/Unknown][18 pkts/2588 bytes <-> 13 pkts/2100 bytes] - 2 TCP 192.168.1.34:50117 <-> 71.238.7.203:18767 [proto: 0/Unknown][24 pkts/3136 bytes <-> 19 pkts/2618 bytes] - 3 TCP 192.168.1.34:50133 <-> 149.13.32.15:13392 [proto: 0/Unknown][9 pkts/1968 bytes <-> 7 pkts/632 bytes] - 4 UDP 192.168.1.34:49511 -> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes -> 0 pkts/0 bytes] - 5 UDP 192.168.1.34:54067 -> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes -> 0 pkts/0 bytes] - 6 TCP 192.168.1.34:50124 <-> 81.133.19.185:44431 [proto: 0/Unknown][11 pkts/854 bytes <-> 11 pkts/782 bytes] - 7 TCP 192.168.1.34:50131 <-> 212.161.8.36:13392 [proto: 0/Unknown][11 pkts/4406 bytes <-> 8 pkts/705 bytes] - 8 TCP 192.168.1.34:50142 <-> 80.14.46.121:4415 [proto: 0/Unknown][12 pkts/985 bytes <-> 6 pkts/489 bytes] - 9 TCP 192.168.1.34:50139 <-> 5.248.186.221:31010 [proto: 0/Unknown][15 pkts/2395 bytes <-> 8 pkts/1724 bytes] - 10 TCP 192.168.1.34:50138 <-> 71.238.7.203:18767 [proto: 0/Unknown][19 pkts/2797 bytes <-> 13 pkts/2175 bytes] - 11 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][24 pkts/3101 bytes <-> 16 pkts/2508 bytes] - 12 TCP 192.168.1.34:50140 <-> 76.167.161.6:20274 [proto: 0/Unknown][2 pkts/132 bytes <-> 1 pkts/74 bytes] - 13 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][10 pkts/797 bytes <-> 4 pkts/342 bytes] - 14 TCP 192.168.1.34:50145 -> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes -> 0 pkts/0 bytes] - 15 TCP 192.168.1.34:50119 <-> 86.31.35.30:59621 [proto: 0/Unknown][62 pkts/6941 bytes <-> 38 pkts/5325 bytes] - 16 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][16 pkts/1169 bytes <-> 11 pkts/929 bytes] + 1 TCP 192.168.1.34:50133 <-> 149.13.32.15:13392 [proto: 0/Unknown][9 pkts/1968 bytes <-> 7 pkts/632 bytes] + 2 UDP 192.168.1.34:49511 -> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes -> 0 pkts/0 bytes] + 3 UDP 192.168.1.34:54067 -> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes -> 0 pkts/0 bytes] + 4 TCP 192.168.1.34:50124 <-> 81.133.19.185:44431 [proto: 0/Unknown][11 pkts/854 bytes <-> 11 pkts/782 bytes] + 5 TCP 192.168.1.34:50131 <-> 212.161.8.36:13392 [proto: 0/Unknown][11 pkts/4406 bytes <-> 8 pkts/705 bytes] + 6 TCP 192.168.1.34:50142 <-> 80.14.46.121:4415 [proto: 0/Unknown][12 pkts/985 bytes <-> 6 pkts/489 bytes] + 7 TCP 192.168.1.34:50121 <-> 81.83.77.141:17639 [proto: 0/Unknown][24 pkts/3101 bytes <-> 16 pkts/2508 bytes] + 8 TCP 192.168.1.34:50140 <-> 76.167.161.6:20274 [proto: 0/Unknown][2 pkts/132 bytes <-> 1 pkts/74 bytes] + 9 TCP 192.168.1.34:50144 <-> 78.202.226.115:29059 [proto: 0/Unknown][10 pkts/797 bytes <-> 4 pkts/342 bytes] + 10 TCP 192.168.1.34:50145 -> 157.56.53.51:12350 [proto: 0/Unknown][8 pkts/608 bytes -> 0 pkts/0 bytes] + 11 TCP 192.168.1.34:50127 <-> 80.14.46.121:4415 [proto: 0/Unknown][16 pkts/1169 bytes <-> 11 pkts/929 bytes] diff --git a/tests/result/skype_no_unknown.pcap.out b/tests/result/skype_no_unknown.pcap.out index 302fe5cae..e2991bcd6 100644 --- a/tests/result/skype_no_unknown.pcap.out +++ b/tests/result/skype_no_unknown.pcap.out @@ -1,4 +1,4 @@ -Unknown 236 70600 14 +Unknown 186 61791 12 DNS 2 267 1 MDNS 3 400 2 NetBIOS 22 3106 7 @@ -7,7 +7,7 @@ ICMP 4 328 1 IGMP 4 226 4 SSL 79 7742 6 Dropbox 16 7342 5 -Skype 1241 181327 221 +Skype 1291 190136 223 Apple 84 20699 2 MS_OneDrive 348 181687 1 @@ -128,142 +128,144 @@ MS_OneDrive 348 181687 1 115 TCP 192.168.1.34:51259 <-> 111.221.77.142:443 [proto: 91.125/SSL.Skype][10 pkts/902 bytes <-> 4 pkts/351 bytes] 116 TCP 192.168.1.34:51283 <-> 111.221.74.48:443 [proto: 91.125/SSL.Skype][2 pkts/132 bytes <-> 1 pkts/74 bytes] 117 TCP 192.168.1.34:51258 <-> 213.199.179.176:40021 [proto: 125/Skype][14 pkts/1104 bytes <-> 5 pkts/392 bytes] - 118 UDP 192.168.1.34:13021 -> 111.221.74.34:40027 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 119 UDP 192.168.1.34:13021 -> 111.221.74.33:40011 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 120 UDP 192.168.1.34:13021 -> 111.221.74.13:40009 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 121 UDP 192.168.1.34:13021 -> 111.221.74.27:40027 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 122 UDP 192.168.1.34:13021 -> 111.221.74.20:40033 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 123 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 124 UDP 192.168.1.34:13021 -> 111.221.74.44:40019 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 125 UDP 192.168.1.34:13021 -> 111.221.74.38:40015 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 126 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 127 UDP 192.168.1.34:13021 -> 111.221.74.40:40025 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 128 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 129 UDP 192.168.1.34:13021 -> 111.221.77.159:40031 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 130 UDP 192.168.1.34:13021 -> 111.221.77.151:40029 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 131 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 132 UDP 192.168.1.34:13021 -> 111.221.77.170:40021 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 133 UDP 192.168.1.34:13021 -> 189.188.134.174:22436 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] - 134 TCP 192.168.1.34:51285 <-> 91.190.218.125:12350 [proto: 125/Skype][3 pkts/191 bytes <-> 3 pkts/186 bytes] - 135 TCP 192.168.1.34:51297 <-> 91.190.216.24:12350 [proto: 125/Skype][12 pkts/3242 bytes <-> 3 pkts/290 bytes] - 136 TCP 192.168.1.34:51299 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/353 bytes <-> 5 pkts/306 bytes] - 137 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 138 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 139 TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 125/Skype][12 pkts/942 bytes <-> 3 pkts/284 bytes] - 140 TCP 192.168.1.34:51288 <-> 76.167.161.6:20274 [proto: 125/Skype][11 pkts/861 bytes <-> 4 pkts/397 bytes] - 141 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][166 pkts/39042 bytes <-> 182 pkts/142645 bytes][server: *.gateway.messenger.live.com] - 142 TCP 192.168.1.34:51232 <-> 157.56.52.28:443 [proto: 91.125/SSL.Skype][10 pkts/872 bytes <-> 3 pkts/285 bytes] - 143 TCP 192.168.1.34:51241 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][12 pkts/1333 bytes <-> 3 pkts/251 bytes] - 144 TCP 192.168.1.34:51261 <-> 157.55.235.170:443 [proto: 91.125/SSL.Skype][12 pkts/1284 bytes <-> 3 pkts/285 bytes] - 145 TCP 192.168.1.34:51281 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][12 pkts/1095 bytes <-> 3 pkts/285 bytes] - 146 UDP 192.168.1.34:13021 -> 174.49.171.224:32011 [proto: 125/Skype][5 pkts/300 bytes -> 0 pkts/0 bytes] - 147 UDP 192.168.1.34:13021 -> 157.55.56.170:40015 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 148 UDP 192.168.1.34:13021 -> 157.56.52.19:40020 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] - 149 UDP 192.168.1.34:13021 -> 157.56.52.16:40032 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 150 UDP 192.168.1.34:13021 -> 157.56.52.25:40010 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 151 UDP 192.168.1.34:13021 -> 157.56.52.24:40032 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 152 UDP 192.168.1.34:13021 -> 157.55.130.154:40013 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 153 UDP 192.168.1.34:13021 -> 157.55.130.150:40007 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 154 UDP 192.168.1.34:13021 -> 157.55.130.149:40011 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 155 UDP 192.168.1.34:13021 -> 157.55.56.142:40013 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 156 UDP 192.168.1.34:13021 -> 157.56.52.33:40002 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 157 UDP 192.168.1.34:13021 -> 157.56.52.29:40010 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 158 UDP 192.168.1.34:13021 -> 157.55.56.140:40003 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 159 UDP 192.168.1.34:13021 -> 157.56.52.43:40006 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 160 UDP 192.168.1.34:13021 -> 157.55.130.140:40011 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 161 UDP 192.168.1.34:13021 -> 157.55.130.146:40033 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 162 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 163 UDP 192.168.1.34:13021 -> 157.55.235.148:40033 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 164 UDP 192.168.1.34:13021 -> 157.55.235.162:40033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 165 UDP 192.168.1.34:13021 -> 157.55.130.156:40019 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 166 UDP 192.168.1.34:13021 -> 157.55.235.155:40027 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 167 UDP 192.168.1.34:13021 -> 157.55.56.161:40031 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 168 UDP 192.168.1.34:13021 -> 157.55.235.158:40027 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 169 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 170 UDP 192.168.1.34:13021 -> 157.55.235.167:40029 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] - 171 UDP 192.168.1.34:13021 -> 157.55.130.167:40031 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 172 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 173 UDP 192.168.1.34:13021 -> 157.55.235.174:40019 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 174 UDP 192.168.1.34:13021 -> 157.55.130.173:40003 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 175 UDP 192.168.1.34:13021 -> 157.55.235.176:40031 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 176 UDP 192.168.1.34:13021 -> 157.55.235.175:40023 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 177 UDP 192.168.1.34:49864 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] - 178 TCP 192.168.1.34:51316 <-> 149.13.32.15:13392 [proto: 125/Skype][11 pkts/862 bytes <-> 3 pkts/314 bytes] - 179 UDP 192.168.1.34:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] - 180 UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] - 181 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] - 182 UDP 192.168.1.34:53372 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] - 183 UDP 192.168.1.92:53826 -> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes -> 0 pkts/0 bytes] - 184 TCP 192.168.1.34:51271 <-> 213.199.179.175:443 [proto: 91/SSL][12 pkts/1130 bytes <-> 3 pkts/285 bytes] - 185 UDP 192.168.1.34:55028 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: a.config.skype.com] - 186 TCP 192.168.1.34:51278 <-> 64.4.23.159:40009 [proto: 125/Skype][11 pkts/832 bytes <-> 4 pkts/387 bytes] - 187 TCP 192.168.1.34:51235 <-> 65.55.223.45:40009 [proto: 125/Skype][13 pkts/976 bytes <-> 4 pkts/365 bytes] - 188 UDP 192.168.1.34:55866 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] - 189 UDP 192.168.1.34:57592 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] - 190 UDP 192.168.1.34:57694 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/101 bytes <-> 1 pkts/166 bytes][Host: db3msgr5011709.gateway.messenger.live.com] - 191 UDP 192.168.1.34:13021 -> 213.199.179.173:40013 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 192 UDP 192.168.1.34:13021 -> 213.199.179.140:40003 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 193 UDP 192.168.1.34:13021 -> 213.199.179.154:40017 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] - 194 UDP 192.168.1.34:13021 -> 213.199.179.144:40009 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 195 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 196 UDP 192.168.1.34:13021 -> 213.199.179.156:40031 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 197 UDP 192.168.1.34:13021 -> 213.199.179.172:40011 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 198 UDP 192.168.1.34:13021 -> 213.199.179.174:40025 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] - 199 TCP 192.168.1.34:51298 <-> 82.224.110.241:38895 [proto: 125/Skype][12 pkts/931 bytes <-> 2 pkts/219 bytes] - 200 UDP 192.168.1.34:59788 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] - 201 UDP 192.168.1.34:60688 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] - 202 UDP 192.168.1.34:61016 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/80 bytes -> 0 pkts/0 bytes][Host: apps.skypeassets.com] - 203 ICMP 192.168.1.1:0 -> 192.168.1.34:0 [proto: 81/ICMP][4 pkts/328 bytes -> 0 pkts/0 bytes] - 204 UDP 192.168.1.34:63342 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] - 205 UDP 192.168.1.34:63514 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/576 bytes -> 0 pkts/0 bytes][Host: ui.skype.com] - 206 UDP 192.168.1.34:64240 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] - 207 UDP 192.168.1.34:64258 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] - 208 UDP 192.168.1.34:64364 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] - 209 UDP 192.168.1.34:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][7 pkts/680 bytes -> 0 pkts/0 bytes] - 210 UDP 192.168.1.1:137 <-> 192.168.1.34:137 [proto: 10/NetBIOS][6 pkts/958 bytes <-> 2 pkts/184 bytes] - 211 UDP 192.168.1.34:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][2 pkts/432 bytes -> 0 pkts/0 bytes] - 212 UDP 192.168.1.1:138 -> 192.168.1.34:138 [proto: 10/NetBIOS][2 pkts/452 bytes -> 0 pkts/0 bytes] - 213 UDP 192.168.1.92:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes -> 0 pkts/0 bytes] - 214 UDP 192.168.1.92:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][1 pkts/216 bytes -> 0 pkts/0 bytes] - 215 TCP 192.168.1.34:51318 <-> 212.161.8.36:13392 [proto: 125/Skype][7 pkts/571 bytes <-> 3 pkts/286 bytes] - 216 TCP 192.168.1.34:51236 <-> 111.221.74.45:40008 [proto: 125/Skype][11 pkts/844 bytes <-> 5 pkts/413 bytes] - 217 TCP 192.168.1.34:51267 <-> 111.221.74.18:40025 [proto: 125/Skype][10 pkts/785 bytes <-> 4 pkts/378 bytes] - 218 TCP 192.168.1.34:51248 <-> 111.221.77.175:40030 [proto: 125/Skype][11 pkts/858 bytes <-> 5 pkts/426 bytes] - 219 TCP 192.168.1.34:51227 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][38 pkts/9082 bytes <-> 38 pkts/10499 bytes] - 220 IGMP 192.168.1.219:0 -> 224.0.0.22:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 221 IGMP 192.168.1.229:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] - 222 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][1 pkts/46 bytes -> 0 pkts/0 bytes] - 223 TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][16 pkts/3461 bytes <-> 1 pkts/74 bytes][client: apps.skype.com] - 224 TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][11 pkts/2074 bytes <-> 1 pkts/74 bytes][client: apps.skype.com] - 225 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 226 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125/Skype][13 pkts/1004 bytes <-> 4 pkts/318 bytes] - 227 UDP 192.168.0.254:1025 -> 239.255.255.250:1900 [proto: 12/SSDP][36 pkts/13402 bytes -> 0 pkts/0 bytes] - 228 TCP 192.168.1.34:51253 <-> 64.4.23.166:443 [proto: 91/SSL][11 pkts/1164 bytes <-> 3 pkts/268 bytes] - 229 UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/142 bytes -> 0 pkts/0 bytes][Lucas-iMac.local] - 230 UDP 192.168.1.34:13021 -> 64.4.23.145:40027 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] - 231 UDP 192.168.1.34:13021 -> 64.4.23.142:40023 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] - 232 UDP 192.168.1.34:13021 -> 64.4.23.140:40003 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] - 233 TCP 192.168.1.34:51308 -> 80.121.84.93:443 [proto: 91/SSL][6 pkts/468 bytes -> 0 pkts/0 bytes] - 234 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 235 UDP 192.168.1.34:13021 -> 64.4.23.148:40029 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 236 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 237 UDP 192.168.1.34:13021 -> 64.4.23.171:40031 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] - 238 UDP 192.168.1.34:13021 -> 64.4.23.158:40021 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 239 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] - 240 UDP 192.168.1.34:13021 -> 64.4.23.176:40001 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] - 241 UDP 192.168.1.34:13021 -> 65.55.223.33:40002 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 242 UDP 192.168.1.34:13021 -> 65.55.223.32:40022 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 243 UDP 192.168.1.34:13021 -> 65.55.223.28:40014 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] - 244 UDP 192.168.1.34:13021 -> 65.55.223.16:40032 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] - 245 UDP 192.168.1.34:13021 -> 65.55.223.15:40030 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 246 UDP 192.168.1.34:13021 -> 65.55.223.44:40020 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 247 UDP 192.168.1.34:13021 -> 65.55.223.42:40024 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] - 248 UDP 192.168.1.34:13021 -> 65.55.223.43:40006 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] - 249 UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes -> 0 pkts/0 bytes] - 250 TCP 192.168.1.34:51240 <-> 111.221.74.45:443 [proto: 91.125/SSL.Skype][10 pkts/1022 bytes <-> 4 pkts/351 bytes] - 251 TCP 192.168.1.34:51268 <-> 111.221.74.18:443 [proto: 91.125/SSL.Skype][10 pkts/852 bytes <-> 4 pkts/351 bytes] - 252 TCP 192.168.1.34:51250 <-> 111.221.77.175:443 [proto: 91.125/SSL.Skype][10 pkts/1012 bytes <-> 4 pkts/351 bytes] - 253 TCP 192.168.1.34:51269 <-> 213.199.179.175:40029 [proto: 125/Skype][14 pkts/1106 bytes <-> 5 pkts/385 bytes] + 118 TCP 192.168.1.34:51293 <-> 5.248.186.221:31010 [proto: 125/Skype][12 pkts/2194 bytes <-> 8 pkts/1711 bytes] + 119 UDP 192.168.1.34:13021 -> 111.221.74.34:40027 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 120 UDP 192.168.1.34:13021 -> 111.221.74.33:40011 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 121 UDP 192.168.1.34:13021 -> 111.221.74.13:40009 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 122 UDP 192.168.1.34:13021 -> 111.221.74.27:40027 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 123 UDP 192.168.1.34:13021 -> 111.221.74.20:40033 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 124 UDP 192.168.1.34:13021 -> 111.221.74.19:40001 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 125 UDP 192.168.1.34:13021 -> 111.221.74.44:40019 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 126 UDP 192.168.1.34:13021 -> 111.221.74.38:40015 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 127 UDP 192.168.1.34:13021 -> 111.221.74.43:40001 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 128 UDP 192.168.1.34:13021 -> 111.221.74.40:40025 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 129 UDP 192.168.1.34:13021 -> 111.221.74.46:40027 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 130 UDP 192.168.1.34:13021 -> 111.221.77.159:40031 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 131 UDP 192.168.1.34:13021 -> 111.221.77.151:40029 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 132 UDP 192.168.1.34:13021 -> 111.221.77.154:40017 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 133 UDP 192.168.1.34:13021 -> 111.221.77.170:40021 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 134 UDP 192.168.1.34:13021 -> 189.188.134.174:22436 [proto: 125/Skype][1 pkts/60 bytes -> 0 pkts/0 bytes] + 135 TCP 192.168.1.34:51285 <-> 91.190.218.125:12350 [proto: 125/Skype][3 pkts/191 bytes <-> 3 pkts/186 bytes] + 136 TCP 192.168.1.34:51297 <-> 91.190.216.24:12350 [proto: 125/Skype][12 pkts/3242 bytes <-> 3 pkts/290 bytes] + 137 TCP 192.168.1.34:51299 <-> 91.190.216.125:12350 [proto: 125/Skype][6 pkts/353 bytes <-> 5 pkts/306 bytes] + 138 TCP 192.168.1.34:51292 <-> 71.238.7.203:18767 [proto: 125/Skype][17 pkts/2686 bytes <-> 13 pkts/2218 bytes] + 139 UDP 192.168.1.34:13021 -> 157.55.235.146:33033 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 140 UDP 192.168.1.34:13021 -> 157.55.130.146:33033 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 141 TCP 192.168.1.34:51291 <-> 81.83.77.141:17639 [proto: 125/Skype][12 pkts/942 bytes <-> 3 pkts/284 bytes] + 142 TCP 192.168.1.34:51288 <-> 76.167.161.6:20274 [proto: 125/Skype][11 pkts/861 bytes <-> 4 pkts/397 bytes] + 143 TCP 192.168.1.34:51230 <-> 157.56.126.211:443 [proto: 91.221/SSL.MS_OneDrive][166 pkts/39042 bytes <-> 182 pkts/142645 bytes][server: *.gateway.messenger.live.com] + 144 TCP 192.168.1.34:51232 <-> 157.56.52.28:443 [proto: 91.125/SSL.Skype][10 pkts/872 bytes <-> 3 pkts/285 bytes] + 145 TCP 192.168.1.34:51241 <-> 157.55.130.176:443 [proto: 91.125/SSL.Skype][12 pkts/1333 bytes <-> 3 pkts/251 bytes] + 146 TCP 192.168.1.34:51261 <-> 157.55.235.170:443 [proto: 91.125/SSL.Skype][12 pkts/1284 bytes <-> 3 pkts/285 bytes] + 147 TCP 192.168.1.34:51281 <-> 157.55.235.156:443 [proto: 91.125/SSL.Skype][12 pkts/1095 bytes <-> 3 pkts/285 bytes] + 148 UDP 192.168.1.34:13021 -> 174.49.171.224:32011 [proto: 125/Skype][5 pkts/300 bytes -> 0 pkts/0 bytes] + 149 UDP 192.168.1.34:13021 -> 157.55.56.170:40015 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 150 UDP 192.168.1.34:13021 -> 157.56.52.19:40020 [proto: 125/Skype][1 pkts/68 bytes -> 0 pkts/0 bytes] + 151 UDP 192.168.1.34:13021 -> 157.56.52.16:40032 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 152 UDP 192.168.1.34:13021 -> 157.56.52.25:40010 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 153 UDP 192.168.1.34:13021 -> 157.56.52.24:40032 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 154 UDP 192.168.1.34:13021 -> 157.55.130.154:40013 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 155 UDP 192.168.1.34:13021 -> 157.55.130.150:40007 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 156 UDP 192.168.1.34:13021 -> 157.55.130.149:40011 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 157 UDP 192.168.1.34:13021 -> 157.55.56.142:40013 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 158 UDP 192.168.1.34:13021 -> 157.56.52.33:40002 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 159 UDP 192.168.1.34:13021 -> 157.56.52.29:40010 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 160 UDP 192.168.1.34:13021 -> 157.55.56.140:40003 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 161 UDP 192.168.1.34:13021 -> 157.56.52.43:40006 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 162 UDP 192.168.1.34:13021 -> 157.55.130.140:40011 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 163 UDP 192.168.1.34:13021 -> 157.55.130.146:40033 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 164 UDP 192.168.1.34:13021 -> 157.55.130.148:40019 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 165 UDP 192.168.1.34:13021 -> 157.55.235.148:40033 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 166 UDP 192.168.1.34:13021 -> 157.55.235.162:40033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 167 UDP 192.168.1.34:13021 -> 157.55.130.156:40019 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 168 UDP 192.168.1.34:13021 -> 157.55.235.155:40027 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 169 UDP 192.168.1.34:13021 -> 157.55.56.161:40031 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 170 UDP 192.168.1.34:13021 -> 157.55.235.158:40027 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 171 UDP 192.168.1.34:13021 -> 157.55.130.157:40013 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 172 UDP 192.168.1.34:13021 -> 157.55.235.167:40029 [proto: 125/Skype][1 pkts/64 bytes -> 0 pkts/0 bytes] + 173 UDP 192.168.1.34:13021 -> 157.55.130.167:40031 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 174 UDP 192.168.1.34:13021 -> 157.55.235.166:40015 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 175 UDP 192.168.1.34:13021 -> 157.55.235.174:40019 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 176 UDP 192.168.1.34:13021 -> 157.55.130.173:40003 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 177 UDP 192.168.1.34:13021 -> 157.55.235.176:40031 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 178 UDP 192.168.1.34:13021 -> 157.55.235.175:40023 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 179 UDP 192.168.1.34:49864 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] + 180 TCP 192.168.1.34:51316 <-> 149.13.32.15:13392 [proto: 125/Skype][11 pkts/862 bytes <-> 3 pkts/314 bytes] + 181 UDP 192.168.1.34:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] + 182 UDP 192.168.1.92:17500 -> 255.255.255.255:17500 [proto: 121/Dropbox][2 pkts/1088 bytes -> 0 pkts/0 bytes] + 183 UDP 192.168.1.34:13021 -> 213.199.179.146:33033 [proto: 125/Skype][1 pkts/75 bytes -> 0 pkts/0 bytes] + 184 UDP 192.168.1.34:53372 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] + 185 UDP 192.168.1.92:53826 -> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes -> 0 pkts/0 bytes] + 186 TCP 192.168.1.34:51271 <-> 213.199.179.175:443 [proto: 91/SSL][12 pkts/1130 bytes <-> 3 pkts/285 bytes] + 187 UDP 192.168.1.34:55028 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: a.config.skype.com] + 188 TCP 192.168.1.34:51278 <-> 64.4.23.159:40009 [proto: 125/Skype][11 pkts/832 bytes <-> 4 pkts/387 bytes] + 189 TCP 192.168.1.34:51235 <-> 65.55.223.45:40009 [proto: 125/Skype][13 pkts/976 bytes <-> 4 pkts/365 bytes] + 190 UDP 192.168.1.34:55866 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: pipe.prd.skypedata.akadns.net] + 191 UDP 192.168.1.34:57592 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/623 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst11.r.skype.net] + 192 UDP 192.168.1.34:57694 <-> 192.168.1.1:53 [proto: 5/DNS][1 pkts/101 bytes <-> 1 pkts/166 bytes][Host: db3msgr5011709.gateway.messenger.live.com] + 193 UDP 192.168.1.34:13021 -> 213.199.179.173:40013 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 194 UDP 192.168.1.34:13021 -> 213.199.179.140:40003 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 195 UDP 192.168.1.34:13021 -> 213.199.179.154:40017 [proto: 125/Skype][1 pkts/78 bytes -> 0 pkts/0 bytes] + 196 UDP 192.168.1.34:13021 -> 213.199.179.144:40009 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 197 UDP 192.168.1.34:13021 -> 213.199.179.141:40015 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 198 UDP 192.168.1.34:13021 -> 213.199.179.156:40031 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 199 UDP 192.168.1.34:13021 -> 213.199.179.172:40011 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 200 UDP 192.168.1.34:13021 -> 213.199.179.174:40025 [proto: 125/Skype][1 pkts/71 bytes -> 0 pkts/0 bytes] + 201 TCP 192.168.1.34:51298 <-> 82.224.110.241:38895 [proto: 125/Skype][12 pkts/931 bytes <-> 2 pkts/219 bytes] + 202 UDP 192.168.1.34:59788 <-> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/82 bytes <-> 1 pkts/98 bytes][Host: e4593.g.akamaiedge.net] + 203 UDP 192.168.1.34:60688 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/648 bytes -> 0 pkts/0 bytes][Host: conn.skype.akadns.net] + 204 UDP 192.168.1.34:61016 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][1 pkts/80 bytes -> 0 pkts/0 bytes][Host: apps.skypeassets.com] + 205 ICMP 192.168.1.1:0 -> 192.168.1.34:0 [proto: 81/ICMP][4 pkts/328 bytes -> 0 pkts/0 bytes] + 206 UDP 192.168.1.34:63342 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] + 207 UDP 192.168.1.34:63514 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][8 pkts/576 bytes -> 0 pkts/0 bytes][Host: ui.skype.com] + 208 UDP 192.168.1.34:64240 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/511 bytes -> 0 pkts/0 bytes][Host: api.skype.com] + 209 UDP 192.168.1.34:64258 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/546 bytes -> 0 pkts/0 bytes][Host: b.config.skype.com] + 210 UDP 192.168.1.34:64364 -> 192.168.1.1:53 [proto: 5.125/DNS.Skype][7 pkts/616 bytes -> 0 pkts/0 bytes][Host: 335.0.7.7.3.rst0.r.skype.net] + 211 UDP 192.168.1.34:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][7 pkts/680 bytes -> 0 pkts/0 bytes] + 212 UDP 192.168.1.1:137 <-> 192.168.1.34:137 [proto: 10/NetBIOS][6 pkts/958 bytes <-> 2 pkts/184 bytes] + 213 UDP 192.168.1.34:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][2 pkts/432 bytes -> 0 pkts/0 bytes] + 214 UDP 192.168.1.1:138 -> 192.168.1.34:138 [proto: 10/NetBIOS][2 pkts/452 bytes -> 0 pkts/0 bytes] + 215 UDP 192.168.1.92:137 -> 192.168.1.255:137 [proto: 10/NetBIOS][1 pkts/92 bytes -> 0 pkts/0 bytes] + 216 UDP 192.168.1.92:138 -> 192.168.1.255:138 [proto: 10/NetBIOS][1 pkts/216 bytes -> 0 pkts/0 bytes] + 217 TCP 192.168.1.34:51318 <-> 212.161.8.36:13392 [proto: 125/Skype][7 pkts/571 bytes <-> 3 pkts/286 bytes] + 218 TCP 192.168.1.34:51236 <-> 111.221.74.45:40008 [proto: 125/Skype][11 pkts/844 bytes <-> 5 pkts/413 bytes] + 219 TCP 192.168.1.34:51267 <-> 111.221.74.18:40025 [proto: 125/Skype][10 pkts/785 bytes <-> 4 pkts/378 bytes] + 220 TCP 192.168.1.34:51248 <-> 111.221.77.175:40030 [proto: 125/Skype][11 pkts/858 bytes <-> 5 pkts/426 bytes] + 221 TCP 192.168.1.34:51227 <-> 17.172.100.36:443 [proto: 91.140/SSL.Apple][38 pkts/9082 bytes <-> 38 pkts/10499 bytes] + 222 IGMP 192.168.1.219:0 -> 224.0.0.22:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 223 IGMP 192.168.1.229:0 -> 224.0.0.251:0 [proto: 82/IGMP][1 pkts/60 bytes -> 0 pkts/0 bytes] + 224 IGMP 192.168.0.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][1 pkts/46 bytes -> 0 pkts/0 bytes] + 225 TCP 192.168.1.34:51231 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][16 pkts/3461 bytes <-> 1 pkts/74 bytes][client: apps.skype.com] + 226 TCP 192.168.1.34:51295 <-> 23.206.33.166:443 [proto: 91.125/SSL.Skype][11 pkts/2074 bytes <-> 1 pkts/74 bytes][client: apps.skype.com] + 227 UDP 192.168.1.34:13021 -> 64.4.23.146:33033 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 228 TCP 192.168.1.34:51255 <-> 157.55.130.142:40005 [proto: 125/Skype][13 pkts/1004 bytes <-> 4 pkts/318 bytes] + 229 UDP 192.168.0.254:1025 -> 239.255.255.250:1900 [proto: 12/SSDP][36 pkts/13402 bytes -> 0 pkts/0 bytes] + 230 TCP 192.168.1.34:51253 <-> 64.4.23.166:443 [proto: 91/SSL][11 pkts/1164 bytes <-> 3 pkts/268 bytes] + 231 UDP 192.168.1.92:5353 -> 224.0.0.251:5353 [proto: 8/MDNS][1 pkts/142 bytes -> 0 pkts/0 bytes][Lucas-iMac.local] + 232 UDP 192.168.1.34:13021 -> 64.4.23.145:40027 [proto: 125/Skype][1 pkts/73 bytes -> 0 pkts/0 bytes] + 233 UDP 192.168.1.34:13021 -> 64.4.23.142:40023 [proto: 125/Skype][1 pkts/72 bytes -> 0 pkts/0 bytes] + 234 UDP 192.168.1.34:13021 -> 64.4.23.140:40003 [proto: 125/Skype][1 pkts/67 bytes -> 0 pkts/0 bytes] + 235 TCP 192.168.1.34:51308 -> 80.121.84.93:443 [proto: 91/SSL][6 pkts/468 bytes -> 0 pkts/0 bytes] + 236 UDP 192.168.1.34:13021 -> 64.4.23.173:40017 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 237 UDP 192.168.1.34:13021 -> 64.4.23.148:40029 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 238 UDP 192.168.1.34:13021 -> 64.4.23.151:40029 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 239 UDP 192.168.1.34:13021 -> 64.4.23.171:40031 [proto: 125/Skype][1 pkts/79 bytes -> 0 pkts/0 bytes] + 240 UDP 192.168.1.34:13021 -> 64.4.23.158:40021 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 241 UDP 192.168.1.34:13021 -> 64.4.23.170:40011 [proto: 125/Skype][1 pkts/66 bytes -> 0 pkts/0 bytes] + 242 UDP 192.168.1.34:13021 -> 64.4.23.176:40001 [proto: 125/Skype][1 pkts/69 bytes -> 0 pkts/0 bytes] + 243 UDP 192.168.1.34:13021 -> 65.55.223.33:40002 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 244 UDP 192.168.1.34:13021 -> 65.55.223.32:40022 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 245 UDP 192.168.1.34:13021 -> 65.55.223.28:40014 [proto: 125/Skype][1 pkts/74 bytes -> 0 pkts/0 bytes] + 246 UDP 192.168.1.34:13021 -> 65.55.223.16:40032 [proto: 125/Skype][1 pkts/70 bytes -> 0 pkts/0 bytes] + 247 UDP 192.168.1.34:13021 -> 65.55.223.15:40030 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 248 UDP 192.168.1.34:13021 -> 65.55.223.44:40020 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 249 UDP 192.168.1.34:13021 -> 65.55.223.42:40024 [proto: 125/Skype][1 pkts/76 bytes -> 0 pkts/0 bytes] + 250 UDP 192.168.1.34:13021 -> 65.55.223.43:40006 [proto: 125/Skype][1 pkts/77 bytes -> 0 pkts/0 bytes] + 251 UDP [fe80::c62c:3ff:fe06:49fe]:5353 -> [ff02::fb]:5353 [proto: 8/MDNS][2 pkts/258 bytes -> 0 pkts/0 bytes] + 252 TCP 192.168.1.34:51240 <-> 111.221.74.45:443 [proto: 91.125/SSL.Skype][10 pkts/1022 bytes <-> 4 pkts/351 bytes] + 253 TCP 192.168.1.34:51268 <-> 111.221.74.18:443 [proto: 91.125/SSL.Skype][10 pkts/852 bytes <-> 4 pkts/351 bytes] + 254 TCP 192.168.1.34:51250 <-> 111.221.77.175:443 [proto: 91.125/SSL.Skype][10 pkts/1012 bytes <-> 4 pkts/351 bytes] + 255 TCP 192.168.1.34:51269 <-> 213.199.179.175:40029 [proto: 125/Skype][14 pkts/1106 bytes <-> 5 pkts/385 bytes] Undetected flows: @@ -274,10 +276,8 @@ Undetected flows: 5 TCP 192.168.1.34:51315 <-> 212.161.8.36:13392 [proto: 0/Unknown][16 pkts/11797 bytes <-> 7 pkts/493 bytes] 6 TCP 192.168.1.34:51319 -> 212.161.8.36:13392 [proto: 0/Unknown][1 pkts/78 bytes -> 0 pkts/0 bytes] 7 TCP 192.168.1.34:51306 -> 80.121.84.93:62381 [proto: 0/Unknown][6 pkts/468 bytes -> 0 pkts/0 bytes] - 8 TCP 192.168.1.34:51293 <-> 5.248.186.221:31010 [proto: 0/Unknown][12 pkts/2194 bytes <-> 8 pkts/1711 bytes] - 9 TCP 192.168.1.34:51292 <-> 71.238.7.203:18767 [proto: 0/Unknown][17 pkts/2686 bytes <-> 13 pkts/2218 bytes] - 10 TCP 192.168.1.34:51314 <-> 93.79.224.176:14506 [proto: 0/Unknown][11 pkts/1407 bytes <-> 9 pkts/652 bytes] - 11 TCP 192.168.1.34:51300 <-> 76.167.161.6:20274 [proto: 0/Unknown][2 pkts/132 bytes <-> 1 pkts/74 bytes] - 12 TCP 192.168.1.34:51312 <-> 149.13.32.15:13392 [proto: 0/Unknown][18 pkts/15111 bytes <-> 7 pkts/531 bytes] - 13 UDP 192.168.1.34:59052 -> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes -> 0 pkts/0 bytes] - 14 TCP 192.168.1.34:51303 -> 80.121.84.93:62381 [proto: 0/Unknown][7 pkts/546 bytes -> 0 pkts/0 bytes] + 8 TCP 192.168.1.34:51314 <-> 93.79.224.176:14506 [proto: 0/Unknown][11 pkts/1407 bytes <-> 9 pkts/652 bytes] + 9 TCP 192.168.1.34:51300 <-> 76.167.161.6:20274 [proto: 0/Unknown][2 pkts/132 bytes <-> 1 pkts/74 bytes] + 10 TCP 192.168.1.34:51312 <-> 149.13.32.15:13392 [proto: 0/Unknown][18 pkts/15111 bytes <-> 7 pkts/531 bytes] + 11 UDP 192.168.1.34:59052 -> 192.168.1.1:5351 [proto: 0/Unknown][4 pkts/216 bytes -> 0 pkts/0 bytes] + 12 TCP 192.168.1.34:51303 -> 80.121.84.93:62381 [proto: 0/Unknown][7 pkts/546 bytes -> 0 pkts/0 bytes] -- cgit v1.2.3 From ad401c4192f9db7e5e1c6b9fa8b45b2cd9d3d657 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Fri, 28 Jul 2017 13:05:30 +0000 Subject: ndpi_main.c: fix unused variable 'rc' [-Werror,-Wunused-variable] --- src/lib/ndpi_main.c | 1 - 1 file changed, 1 deletion(-) (limited to 'src') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 537893567..84e43e660 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -4678,7 +4678,6 @@ int ndpi_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_stru int matching_protocol_id = NDPI_PROTOCOL_UNKNOWN; AC_TEXT_t ac_input_text; ndpi_automa *automa = is_host_match ? &ndpi_struct->host_automa : &ndpi_struct->content_automa; - int rc; if((automa->ac_automa == NULL) || (string_to_match_len == 0)) return(NDPI_PROTOCOL_UNKNOWN); -- cgit v1.2.3 From 9a809bf673712806f7bb6ed7c0d30ba697bbdcb6 Mon Sep 17 00:00:00 2001 From: Luca Date: Sat, 29 Jul 2017 06:55:50 +0200 Subject: Improved TeamViewer support --- src/lib/ndpi_content_match.c.inc | 4 ++++ src/lib/ndpi_main.c | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 4475d640a..3896f3a08 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -627,6 +627,10 @@ static ndpi_network host_protocol_list[] = { { 0xB2F8D000 /* 178.248.208.0 */, 21, NDPI_PROTOCOL_OCS }, + + /* Teamviewer 159.122.189.32-63 */ + { 0x9F7ABD30 /* 159.122.189.32 */, 21, NDPI_PROTOCOL_TEAMVIEWER }, + /* IFLIX services -by www.vizuamatix.com R&D team */ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 84e43e660..65c139c08 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1353,8 +1353,8 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TEAMVIEWER, no_master, no_master, "TeamViewer", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_build_default_ports(ports_a, 5938, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 5938, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LOTUS_NOTES, no_master, no_master, "LotusNotes", NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, -- cgit v1.2.3 From fbfe3e004ce48ecf4d5287c003d4176a7f4c252e Mon Sep 17 00:00:00 2001 From: Konstantin Shalygin Date: Fri, 28 Jul 2017 09:32:52 +0700 Subject: Added Sony Playstation protocol. --- src/include/ndpi_protocol_ids.h | 8 +++----- src/lib/ndpi_content_match.c.inc | 4 ++++ 2 files changed, 7 insertions(+), 5 deletions(-) (limited to 'src') diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index c01484b74..25b1308bd 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -108,7 +108,7 @@ #define NDPI_PROTOCOL_OSCAR 69 #define NDPI_PROTOCOL_YAHOO 70 #define NDPI_PROTOCOL_BATTLEFIELD 71 -#define NDPI_PROTOCOL_QUAKE 72 +#define NDPI_PROTOCOL_QUAKE 72 #define NDPI_PROTOCOL_IP_VRRP 73 #define NDPI_PROTOCOL_STEAM 74 /* Tomasz Bujlow */ #define NDPI_PROTOCOL_HALFLIFE2 75 @@ -269,12 +269,10 @@ #define NDPI_PROTOCOL_PLAYSTORE 228 /* Google Play Store */ #define NDPI_PROTOCOL_SOMEIP 229 #define NDPI_PROTOCOL_FIX 230 - - - +#define NDPI_PROTOCOL_PLAYSTATION 231 /* Sony PlayStation */ /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ -#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_FIX +#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_PLAYSTATION #define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1) #define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL) diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 4475d640a..c5085efc5 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8242,6 +8242,10 @@ ndpi_protocol_match host_match[] = { { ".nintendo.net", "Nintendo", NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, { ".nintendo.com", "Nintendo", NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".playstation.net", "Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".playstation.com", "Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".sonyentertainmentnetwork.com", "Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { NULL, 0 } }; -- cgit v1.2.3 From 1d4eeaa32824d5b10b2a3e1ccf4245709a2374d1 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sun, 30 Jul 2017 13:57:12 +0200 Subject: Removed invalid networks from google list --- src/lib/ndpi_content_match.c.inc | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) (limited to 'src') diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index a87dbb728..ae57ddf4c 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -754,10 +754,6 @@ static ndpi_network host_protocol_list[] = { Google Inc. / Google Switzerland GmbH / Google Ireland Limited origin AS15169, AS36384, AS41264, AS43515, AS36039, AS36040, AS36492 */ - - { 0x01000000 /* 1.0.0.0/24 */, 24, NDPI_PROTOCOL_GOOGLE }, - { 0x01010100 /* 1.1.1.0/24 */, 24, NDPI_PROTOCOL_GOOGLE }, - { 0x01020300 /* 1.2.3.0/24 */, 24, NDPI_PROTOCOL_GOOGLE }, { 0x08063000 /* 8.6.48.0/21 */, 21, NDPI_PROTOCOL_GOOGLE }, { 0x08080400 /* 8.8.4.0/24 */, 24, NDPI_PROTOCOL_GOOGLE }, { 0x08080800 /* 8.8.8.0/24 */, 24, NDPI_PROTOCOL_GOOGLE }, @@ -829,7 +825,7 @@ static ndpi_network host_protocol_list[] = { { 0xD8EF2000 /* 216.239.32.0/19 */, 19, NDPI_PROTOCOL_GOOGLE }, { 0xD8FCDC00 /* 216.252.220.0/22 */, 22, NDPI_PROTOCOL_GOOGLE }, - /* +/* Canonical Ltd (Ubuntu) origin AS41231 */ -- cgit v1.2.3 From d79c5ffc24caa29faf14547b9ce903207af4dfe7 Mon Sep 17 00:00:00 2001 From: Paulo Angelo Date: Tue, 8 Aug 2017 15:48:27 -0300 Subject: Identation and comments only. --- .gitignore | 4 + src/include/ndpi_typedefs.h | 12 +- src/lib/ndpi_content_match.c.inc | 600 +++++++++++++++++++-------------------- 3 files changed, 310 insertions(+), 306 deletions(-) (limited to 'src') diff --git a/.gitignore b/.gitignore index f0534eae5..21a9463be 100644 --- a/.gitignore +++ b/.gitignore @@ -10,6 +10,10 @@ *.la .libs .dirstamp +.autotools +.cproject +.project +.settings stamp-h1 /configure /config.guess diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index d3c34452f..acb58fcb4 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -730,12 +730,12 @@ typedef struct { } ndpi_port_range; typedef enum { - NDPI_PROTOCOL_SAFE = 0, /* Safe protocol with encryption */ - NDPI_PROTOCOL_ACCEPTABLE, /* Ok but not encrypted */ - NDPI_PROTOCOL_FUN, /* Pure fun protocol */ - NDPI_PROTOCOL_UNSAFE, /* Protocol with a safe version existing what should be used instead */ - NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, /* Be prepared to troubles */ - NDPI_PROTOCOL_UNRATED /* No idea */ + NDPI_PROTOCOL_SAFE = 0, /* Surely doesn’t provide risks for the network. (e.g., a news site) */ + NDPI_PROTOCOL_ACCEPTABLE, /* Probably doesn’t provide risks, but could be malicious (e.g., Dropbox) */ + NDPI_PROTOCOL_FUN, /* Pure fun protocol, which may be prohibited by the user policy (e.g., Netflix) */ + NDPI_PROTOCOL_UNSAFE, /* Probably provides risks, but could be a normal traffic. Unencrypted protocols with clear pass should be here (e.g., telnet) */ + NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, /* Surely is dangerous (ex. Tor). Be prepared to troubles */ + NDPI_PROTOCOL_UNRATED /* No idea, not implemented or impossible to classify */ } ndpi_protocol_breed_t; #define NUM_BREEDS (NDPI_PROTOCOL_UNRATED+1) diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index ae57ddf4c..f71de966e 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -7974,277 +7974,277 @@ static ndpi_network host_protocol_list[] = { */ ndpi_protocol_match host_match[] = { - { "amazon.", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "amazon.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "images-amazon.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "amazonaws.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "amazon-adsystem.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".cloudfront.net", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - - { ".apple.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".mzstatic.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".aaplimg.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".icloud.com", "AppleiCloud", NDPI_PROTOCOL_APPLE_ICLOUD, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "iosapps.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, /* iOS */ - { "osxapps.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, /* MacOS */ - { "buy.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, - { "su.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, - { "se.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, - { "myapp.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, - { "swscan.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, - { "itunes-apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, - { "itunes.apple.com", "AppleiTunes", NDPI_PROTOCOL_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - - { ".cnn.c", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - { ".cnn.net", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - - { ".dropbox.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE }, - { "log.getdropbox.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE }, - - { ".ebay.", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".ebay.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".ebaystatic.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".ebaydesc.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".ebayrtm.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".ebaystratus.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".ebayimg.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - - { "facebook.com", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "fbstatic-a.akamaihd.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".fbcdn.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "fbcdn-", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".facebook.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - - { ".speedtest.net", "Ookla", NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_ACCEPTABLE }, - - { "drive-thirdparty.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_SAFE }, - { "docs.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_SAFE }, - { ".docs.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_SAFE }, - { "drive.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_SAFE }, - - { "android.clients.google.com", "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, - { "ggpht.com", "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, - - { "google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".gstatic.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".googlesyndication.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".googletagservices.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".2mdn.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".doubleclick.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, /* Ads */ - { "googleads.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "google-analytics.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "googleusercontent.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "googleadservices.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "googleapis.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "1e100.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - - { "maps.google.", "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "maps.gstatic.com", "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - - { ".gmail.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { "mail.google.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - - { "mail.outlook.com", "Hotmail", NDPI_PROTOCOL_HOTMAIL, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_SAFE }, - - { ".last.fm", "LastFM", NDPI_PROTOCOL_LASTFM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - - { "msn.com", "MSN", NDPI_PROTOCOL_MSN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - - { "netflix.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "nflxext.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "nflximg.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "nflximg.net", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "nflxvideo.net", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - - { ".skype.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".skypeassets.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".skypedata.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".skypeecs-", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".skypeforbusiness.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".lync.com", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { "e7768.b.akamaiedge.net", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { "e4593.dspg.akamaiedge.net", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { "e4593.g.akamaiedge.net", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - - { ".tuenti.com", "Tuenti", NDPI_PROTOCOL_TUENTI, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - - { ".twttr.com", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, - { "twitter.", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, - { "twimg.com", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, - - { ".viber.com", "Viber", NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - { ".cdn.viber.com", "Viber", NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - - { "wikipedia.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "wikimedia.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "mediawiki.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "wikimediafoundation.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - - { ".whatsapp.", "WhatsApp", NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - - { ".yahoo.", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".yimg.com", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "yahooapis.", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - - { "youtube.", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "youtu.be.", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "yt3.ggpht.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".googlevideo.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".ytimg.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "youtube-nocookie.", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "ggpht.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "googleusercontent.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "amazon.", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "amazon.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "images-amazon.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "amazonaws.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "amazon-adsystem.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".cloudfront.net", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + + { ".apple.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".mzstatic.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".aaplimg.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".icloud.com", "AppleiCloud", NDPI_PROTOCOL_APPLE_ICLOUD, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "iosapps.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, /* iOS */ + { "osxapps.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, /* MacOS */ + { "buy.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, + { "su.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, + { "se.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, + { "myapp.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, + { "swscan.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, + { "itunes-apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, + { "itunes.apple.com", "AppleiTunes", NDPI_PROTOCOL_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + + { ".cnn.c", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { ".cnn.net", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + + { ".dropbox.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE }, + { "log.getdropbox.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE }, + + { ".ebay.", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".ebay.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".ebaystatic.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".ebaydesc.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".ebayrtm.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".ebaystratus.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".ebayimg.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + + { "facebook.com", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "fbstatic-a.akamaihd.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".fbcdn.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "fbcdn-", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".facebook.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + + { ".speedtest.net", "Ookla", NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_ACCEPTABLE }, + + { "drive-thirdparty.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_SAFE }, + { "docs.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_SAFE }, + { ".docs.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_SAFE }, + { "drive.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_SAFE }, + + { "android.clients.google.com", "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, + { "ggpht.com", "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, + + { "google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".gstatic.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".googlesyndication.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".googletagservices.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".2mdn.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".doubleclick.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, /* Ads */ + { "googleads.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "google-analytics.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "googleusercontent.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "googleadservices.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "googleapis.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "1e100.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + + { "maps.google.", "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "maps.gstatic.com", "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + + { ".gmail.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "mail.google.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + + { "mail.outlook.com", "Hotmail", NDPI_PROTOCOL_HOTMAIL, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_SAFE }, + + { ".last.fm", "LastFM", NDPI_PROTOCOL_LASTFM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + + { "msn.com", "MSN", NDPI_PROTOCOL_MSN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + + { "netflix.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "nflxext.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "nflximg.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "nflximg.net", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "nflxvideo.net", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + + { ".skype.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".skypeassets.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".skypedata.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".skypeecs-", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".skypeforbusiness.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".lync.com", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { "e7768.b.akamaiedge.net", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { "e4593.dspg.akamaiedge.net","Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { "e4593.g.akamaiedge.net", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + + { ".tuenti.com", "Tuenti", NDPI_PROTOCOL_TUENTI, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + + { ".twttr.com", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, + { "twitter.", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, + { "twimg.com", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, + + { ".viber.com", "Viber", NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { ".cdn.viber.com", "Viber", NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + + { "wikipedia.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "wikimedia.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "mediawiki.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "wikimediafoundation.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + + { ".whatsapp.", "WhatsApp", NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + + { ".yahoo.", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".yimg.com", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "yahooapis.", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + + { "youtube.", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "youtu.be.", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "yt3.ggpht.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".googlevideo.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".ytimg.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "youtube-nocookie.", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "ggpht.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "googleusercontent.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".vevo.com", "Vevo", NDPI_PROTOCOL_VEVO, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".vevo.com", "Vevo", NDPI_PROTOCOL_VEVO, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".spotify.", "Spotify", NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "audio-fa.scdn.co", "Spotify", NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".spotify.", "Spotify", NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "audio-fa.scdn.co", "Spotify", NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".pandora.com", "Pandora", NDPI_PROTOCOL_PANDORA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".pandora.com", "Pandora", NDPI_PROTOCOL_PANDORA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".torproject.org", "Tor", NDPI_PROTOCOL_TOR, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, + { ".torproject.org", "Tor", NDPI_PROTOCOL_TOR, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, - { ".kakao.com", "KakaoTalk", NDPI_PROTOCOL_KAKAOTALK, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_FUN }, + { ".kakao.com", "KakaoTalk", NDPI_PROTOCOL_KAKAOTALK, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_FUN }, - { "ttvnw.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "static-cdn.jtvnw.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "www-cdn.jtvnw.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "ttvnw.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "static-cdn.jtvnw.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "www-cdn.jtvnw.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "quickplay.com", "QuickPlay", NDPI_PROTOCOL_QUICKPLAY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "quickplay.com", "QuickPlay", NDPI_PROTOCOL_QUICKPLAY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".qq.com", "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".gtimg.com", "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".qq.com", "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".gtimg.com", "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".weibo.com", "Sina(Weibo)", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".sinaimg.cn", "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".sinajs.cn", "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".sina.cn", "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".sina.com.cn", "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".weibo.com", "Sina(Weibo)", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".sinaimg.cn", "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".sinajs.cn", "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".sina.cn", "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".sina.com.cn", "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, /* https://support.cipafilter.com/index.php?/Knowledgebase/Article/View/117/0/snapchat---how-to-block */ - { "feelinsonice.appspot.com", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { "feelinsonice-hrd.appspot.com", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { "feelinsonice.com", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".snapchat.", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".snapads.", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { "feelinsonice.appspot.com", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { "feelinsonice-hrd.appspot.com", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { "feelinsonice.com", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".snapchat.", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".snapads.", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, /* Detected "instagram.c10r.facebook.com". Omitted "*amazonaws.com" and "*facebook.com" CDNs e.g. "ig-telegraph-shv-04-frc3.facebook.com" */ - { ".cdninstagram.com", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "instagram.", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".instagram.", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "igcdn-photos-", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "instagramimages-", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "instagramstatic-", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - - { ".waze.com", "Waze", NDPI_PROTOCOL_WAZE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - - { ".deezer.com", "Deezer", NDPI_PROTOCOL_DEEZER, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - - { ".microsoft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, - { "i-msdn.sec.s-msft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, - { "i2-msdn.sec.s-msft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, - { ".webtrends.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".msecnd.net", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "bing.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".visualstudio.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - - { "bn1301.storage.live.com", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE,NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - { "*.gateway.messenger.live.com", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - { "skyapi.live.net", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - { "d.docs.live.net", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - - { "update.microsoft.com", "WindowsUpdate", NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".windowsupdate.com", "WindowsUpdate", NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, - - { "worldofwarcraft.com", "WorldOfWarcraft", NDPI_PROTOCOL_WORLDOFWARCRAFT, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - - { ".anchorfree.", "HotspotShield", NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, - { "hotspotshield.com", "HotspotShield", NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, - - { ".webex.com", "Webex", NDPI_PROTOCOL_WEBEX, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - - { ".ocsdomain.com", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, - { "ocs.fr", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, - { ".ocs.fr", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, - { ".labgency.ws", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, - - { ".iflix.com", "IFLIX", NDPI_PROTOCOL_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".app.iflixcorp.com", "IFLIX", NDPI_PROTOCOL_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".images.iflixassets.com", "IFLIX", NDPI_PROTOCOL_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - - { "crl.microsoft.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "evsecure-ocsp.verisign.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "evsecure-aia.verisign.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "evsecure-crl.verisign.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".omniroot.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".microsoftonline.com", "office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".office365.com", "office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".office.com", "office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".msocsp.com", "office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".msocdn.com", "office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".cdninstagram.com", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "instagram.", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".instagram.", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "igcdn-photos-", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "instagramimages-", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "instagramstatic-", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + + { ".waze.com", "Waze", NDPI_PROTOCOL_WAZE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + + { ".deezer.com", "Deezer", NDPI_PROTOCOL_DEEZER, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + + { ".microsoft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, + { "i-msdn.sec.s-msft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, + { "i2-msdn.sec.s-msft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, + { ".webtrends.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".msecnd.net", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "bing.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".visualstudio.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + + { "bn1301.storage.live.com", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE,NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { "*.gateway.messenger.live.com", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { "skyapi.live.net", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { "d.docs.live.net", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + + { "update.microsoft.com", "WindowsUpdate", NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".windowsupdate.com", "WindowsUpdate", NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, + + { "worldofwarcraft.com", "WorldOfWarcraft", NDPI_PROTOCOL_WORLDOFWARCRAFT, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + + { ".anchorfree.", "HotspotShield", NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, + { "hotspotshield.com", "HotspotShield", NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, + + { ".webex.com", "Webex", NDPI_PROTOCOL_WEBEX, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + + { ".ocsdomain.com", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, + { "ocs.fr", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, + { ".ocs.fr", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, + { ".labgency.ws", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, + + { ".iflix.com", "IFLIX", NDPI_PROTOCOL_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".app.iflixcorp.com", "IFLIX", NDPI_PROTOCOL_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".images.iflixassets.com", "IFLIX", NDPI_PROTOCOL_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + + { "crl.microsoft.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "evsecure-ocsp.verisign.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "evsecure-aia.verisign.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "evsecure-crl.verisign.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".omniroot.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".microsoftonline.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".office365.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".office.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".msocsp.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".msocdn.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, /* http://www.urlquery.net/report.php?id=1453233646161 */ - { "lifedom.top", "Cloudflare", NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "coby.ns.cloudflare.com", "Cloudflare", NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "amanda.ns.cloudflare.com", "Cloudflare", NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "lifedom.top", "Cloudflare", NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "coby.ns.cloudflare.com", "Cloudflare", NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "amanda.ns.cloudflare.com", "Cloudflare", NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "d295hzzivaok4k.cloudfront.net", "OpenDNS", NDPI_PROTOCOL_OPENDNS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".opendns.com", "OpenDNS", NDPI_PROTOCOL_OPENDNS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, + { "d295hzzivaok4k.cloudfront.net","OpenDNS", NDPI_PROTOCOL_OPENDNS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".opendns.com", "OpenDNS", NDPI_PROTOCOL_OPENDNS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, /* https://get.slack.help/hc/en-us/articles/205138367-Troubleshooting-Slack-connection-issues */ - { "slack.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".slack-msgs.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "slack-files.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "slack-imgs.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".slack-edge.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".slack-core.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "slack-redir.net", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "slack.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".slack-msgs.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "slack-files.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "slack-imgs.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".slack-edge.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".slack-core.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "slack-redir.net", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, /* Detected "slack-assets2.s3-us-west-2.amazonaws.com.". Omitted "*amazonaws.com" CDN, but no generic pattern to use on first part */ - { "slack-assets2.s3-", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - - { "github.com", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".github.com", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "github.io", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".github.io", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "githubusercontent.com", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".githubusercontent.com", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - - { ".iqiyi.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".qiyi.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".71.am", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".qiyipic.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - - { ".ppstream.com", "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".pps.tv", "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - - { ".1kxun.", "1kxun", NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "tcad.wedolook.com", "1kxun", NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - - { ".steampowered.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { "steamcommunity.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".steamcontent.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".steamstatic.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { "steamcommunity-a.akamaihd.net", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - - { ".wechat.com", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".wechat.org", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".wechatapp.com", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".we.chat", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".wx.", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".weixin.", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".mmsns.qpic.cn", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - - { "dnscrypt.org", "DNScrypt", NDPI_PROTOCOL_DNSCRYPT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, - - { "torrent.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_P2P, NDPI_PROTOCOL_ACCEPTABLE }, - - { ".nintendo.net", "Nintendo", NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".nintendo.com", "Nintendo", NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".playstation.net", "Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".playstation.com", "Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".sonyentertainmentnetwork.com", "Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { "slack-assets2.s3-", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + + { "github.com", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".github.com", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "github.io", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".github.io", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "githubusercontent.com", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".githubusercontent.com", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + + { ".iqiyi.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".qiyi.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".71.am", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".qiyipic.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + + { ".ppstream.com", "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".pps.tv", "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + + { ".1kxun.", "1kxun", NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "tcad.wedolook.com", "1kxun", NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + + { ".steampowered.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { "steamcommunity.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".steamcontent.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".steamstatic.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { "steamcommunity-a.akamaihd.net","Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + + { ".wechat.com", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".wechat.org", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".wechatapp.com", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".we.chat", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".wx.", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".weixin.", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".mmsns.qpic.cn", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + + { "dnscrypt.org", "DNScrypt", NDPI_PROTOCOL_DNSCRYPT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, + + { "torrent.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_P2P, NDPI_PROTOCOL_ACCEPTABLE }, + + { ".nintendo.net", "Nintendo", NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".nintendo.com", "Nintendo", NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".playstation.net", "Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".playstation.com", "Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".sonyentertainmentnetwork.com","Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, { NULL, 0 } }; @@ -8254,55 +8254,55 @@ ndpi_protocol_match host_match[] = { Mime-type content match match */ ndpi_protocol_match content_match[] = { - { "audio/mpeg", NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "audio/x-mpeg", NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "audio/mpeg3", NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "audio/mp4a", NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/mpeg", NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/nsv", NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "misc/ultravox", NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "audio/ogg", NULL, NDPI_CONTENT_OGG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/ogg", NULL, NDPI_CONTENT_OGG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/ogg", NULL, NDPI_CONTENT_OGG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".adobe.", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/flv", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/x-flv", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/x-fcs", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/x-shockwave-flash", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE }, - { "video/flash", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/flv", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "flv-application/octet-stream", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/futuresplash", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/quicktime", NULL, NDPI_CONTENT_QUICKTIME, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/mp4", NULL, NDPI_CONTENT_QUICKTIME, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/x-m4v", NULL, NDPI_CONTENT_QUICKTIME, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "audio/x-pn-realaudio", NULL, NDPI_CONTENT_REALMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/vnd.rn-realmedia", NULL, NDPI_CONTENT_REALMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/x-ms-", NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "asf", NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "asx", NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/x-msvideo", NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "audio/x-wav", NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/vnd.ms.wms-hdr.asfv1", NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "NSPlayer/", NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/x-mms-framed", NULL, NDPI_CONTENT_MMS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "Xbox Live Client/", NULL, NDPI_PROTOCOL_XBOX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "Windows-Update-Agent", NULL, NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE }, - { "audio/webm", NULL, NDPI_CONTENT_WEBM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/webm", NULL, NDPI_CONTENT_WEBM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/x-rtsp-tunnelled", NULL, NDPI_PROTOCOL_RTSP, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/vnd.apple.mpegurl", NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/x-tar", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, - { "application/octet-stream", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, - { "application/mac-binary", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, - { "/x-bzip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, - { "/x-gzip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, - { "/x-zip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, - { "/zip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, - { "binhex", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, - { "/base64", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, - { "application/gnutar", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, - { "application/x-compressed", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, + { "audio/mpeg", NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "audio/x-mpeg", NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "audio/mpeg3", NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "audio/mp4a", NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/mpeg", NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/nsv", NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "misc/ultravox", NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "audio/ogg", NULL, NDPI_CONTENT_OGG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/ogg", NULL, NDPI_CONTENT_OGG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/ogg", NULL, NDPI_CONTENT_OGG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".adobe.", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/flv", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/x-flv", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/x-fcs", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/x-shockwave-flash",NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE }, + { "video/flash", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/flv", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "flv-application/octet-stream", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/futuresplash", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/quicktime", NULL, NDPI_CONTENT_QUICKTIME, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/mp4", NULL, NDPI_CONTENT_QUICKTIME, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/x-m4v", NULL, NDPI_CONTENT_QUICKTIME, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "audio/x-pn-realaudio", NULL, NDPI_CONTENT_REALMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/vnd.rn-realmedia", NULL, NDPI_CONTENT_REALMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/x-ms-", NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "asf", NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "asx", NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/x-msvideo", NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "audio/x-wav", NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/vnd.ms.wms-hdr.asfv1", NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "NSPlayer/", NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/x-mms-framed", NULL, NDPI_CONTENT_MMS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "Xbox Live Client/", NULL, NDPI_PROTOCOL_XBOX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "Windows-Update-Agent", NULL, NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE }, + { "audio/webm", NULL, NDPI_CONTENT_WEBM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/webm", NULL, NDPI_CONTENT_WEBM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/x-rtsp-tunnelled", NULL, NDPI_PROTOCOL_RTSP, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/vnd.apple.mpegurl",NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/x-tar", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, + { "application/octet-stream", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, + { "application/mac-binary", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, + { "/x-bzip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, + { "/x-gzip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, + { "/x-zip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, + { "/zip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, + { "binhex", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, + { "/base64", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, + { "application/gnutar", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, + { "application/x-compressed", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, { NULL, 0 } }; -- cgit v1.2.3 From 7cab6efcd58938833427b4b7005d33e8655f1f6c Mon Sep 17 00:00:00 2001 From: Paulo Angelo Date: Tue, 8 Aug 2017 18:06:33 -0300 Subject: Issue 118 implementation (risk classification), indentation, and PasteBin&LinkedIn added. --- src/include/ndpi_protocol_ids.h | 473 ++++++++++++++++++++------------------- src/include/ndpi_typedefs.h | 2 +- src/lib/ndpi_content_match.c.inc | 186 +++++++++------ 3 files changed, 355 insertions(+), 306 deletions(-) (limited to 'src') diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 25b1308bd..56dcce032 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -30,249 +30,250 @@ #define __NDPI_PROTOCOLS_DEFAULT_H__ #define NDPI_DETECTION_SUPPORT_IPV6 -#define NDPI_PROTOCOL_SIZE 2 +#define NDPI_PROTOCOL_SIZE 2 -#define NDPI_PROTOCOL_UNKNOWN 0 +#define NDPI_PROTOCOL_UNKNOWN 0 #define NDPI_PROTOCOL_NO_MASTER_PROTO NDPI_PROTOCOL_UNKNOWN -#define NDPI_PROTOCOL_UNKNOWN 0 -#define NDPI_PROTOCOL_FTP_CONTROL 1 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_MAIL_POP 2 -#define NDPI_PROTOCOL_MAIL_SMTP 3 -#define NDPI_PROTOCOL_MAIL_IMAP 4 -#define NDPI_PROTOCOL_DNS 5 -#define NDPI_PROTOCOL_IPP 6 -#define NDPI_PROTOCOL_HTTP 7 -#define NDPI_PROTOCOL_MDNS 8 -#define NDPI_PROTOCOL_NTP 9 -#define NDPI_PROTOCOL_NETBIOS 10 -#define NDPI_PROTOCOL_NFS 11 -#define NDPI_PROTOCOL_SSDP 12 -#define NDPI_PROTOCOL_BGP 13 -#define NDPI_PROTOCOL_SNMP 14 -#define NDPI_PROTOCOL_XDMCP 15 -#define NDPI_PROTOCOL_SMB 16 -#define NDPI_PROTOCOL_SYSLOG 17 -#define NDPI_PROTOCOL_DHCP 18 -#define NDPI_PROTOCOL_POSTGRES 19 -#define NDPI_PROTOCOL_MYSQL 20 -#define NDPI_PROTOCOL_HOTMAIL 21 -#define NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK 22 -#define NDPI_PROTOCOL_MAIL_POPS 23 -#define NDPI_PROTOCOL_APPLEJUICE 24 -#define NDPI_PROTOCOL_DIRECTCONNECT 25 -#define NDPI_PROTOCOL_SOCRATES 26 -#define NDPI_PROTOCOL_COAP 27 -#define NDPI_PROTOCOL_VMWARE 28 -#define NDPI_PROTOCOL_MAIL_SMTPS 29 -#define NDPI_PROTOCOL_FILETOPIA 30 -#define NDPI_PROTOCOL_UBNTAC2 31 /* Ubiquity UBNT AirControl 2 - Thomas Fjellstrom */ -#define NDPI_PROTOCOL_KONTIKI 32 -#define NDPI_PROTOCOL_OPENFT 33 -#define NDPI_PROTOCOL_FASTTRACK 34 -#define NDPI_PROTOCOL_GNUTELLA 35 -#define NDPI_PROTOCOL_EDONKEY 36 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_BITTORRENT 37 -#define NDPI_PROTOCOL_EPP 38 -#define NDPI_CONTENT_AVI 39 -#define NDPI_CONTENT_FLASH 40 -#define NDPI_CONTENT_OGG 41 -#define NDPI_CONTENT_MPEG 42 -#define NDPI_CONTENT_QUICKTIME 43 -#define NDPI_CONTENT_REALMEDIA 44 -#define NDPI_CONTENT_WINDOWSMEDIA 45 -#define NDPI_CONTENT_MMS 46 -#define NDPI_PROTOCOL_XBOX 47 -#define NDPI_PROTOCOL_QQ 48 -#define NDPI_PROTOCOL_MOVE 49 -#define NDPI_PROTOCOL_RTSP 50 -#define NDPI_PROTOCOL_MAIL_IMAPS 51 -#define NDPI_PROTOCOL_ICECAST 52 -#define NDPI_PROTOCOL_PPLIVE 53 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_PPSTREAM 54 -#define NDPI_PROTOCOL_ZATTOO 55 -#define NDPI_PROTOCOL_SHOUTCAST 56 -#define NDPI_PROTOCOL_SOPCAST 57 -#define NDPI_PROTOCOL_TVANTS 58 -#define NDPI_PROTOCOL_TVUPLAYER 59 -#define NDPI_PROTOCOL_HTTP_DOWNLOAD 60 -#define NDPI_PROTOCOL_QQLIVE 61 -#define NDPI_PROTOCOL_THUNDER 62 -#define NDPI_PROTOCOL_SOULSEEK 63 -#define NDPI_PROTOCOL_SSL_NO_CERT 64 -#define NDPI_PROTOCOL_IRC 65 -#define NDPI_PROTOCOL_AYIYA 66 -#define NDPI_PROTOCOL_UNENCRYPTED_JABBER 67 -#define NDPI_PROTOCOL_MSN 68 -#define NDPI_PROTOCOL_OSCAR 69 -#define NDPI_PROTOCOL_YAHOO 70 -#define NDPI_PROTOCOL_BATTLEFIELD 71 -#define NDPI_PROTOCOL_QUAKE 72 -#define NDPI_PROTOCOL_IP_VRRP 73 -#define NDPI_PROTOCOL_STEAM 74 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_HALFLIFE2 75 -#define NDPI_PROTOCOL_WORLDOFWARCRAFT 76 -#define NDPI_PROTOCOL_TELNET 77 -#define NDPI_PROTOCOL_STUN 78 -#define NDPI_PROTOCOL_IP_IPSEC 79 -#define NDPI_PROTOCOL_IP_GRE 80 -#define NDPI_PROTOCOL_IP_ICMP 81 -#define NDPI_PROTOCOL_IP_IGMP 82 -#define NDPI_PROTOCOL_IP_EGP 83 -#define NDPI_PROTOCOL_IP_SCTP 84 -#define NDPI_PROTOCOL_IP_OSPF 85 -#define NDPI_PROTOCOL_IP_IP_IN_IP 86 -#define NDPI_PROTOCOL_RTP 87 -#define NDPI_PROTOCOL_RDP 88 -#define NDPI_PROTOCOL_VNC 89 -#define NDPI_PROTOCOL_PCANYWHERE 90 -#define NDPI_PROTOCOL_SSL 91 -#define NDPI_PROTOCOL_SSH 92 -#define NDPI_PROTOCOL_USENET 93 -#define NDPI_PROTOCOL_MGCP 94 -#define NDPI_PROTOCOL_IAX 95 -#define NDPI_PROTOCOL_TFTP 96 -#define NDPI_PROTOCOL_AFP 97 -#define NDPI_PROTOCOL_STEALTHNET 98 -#define NDPI_PROTOCOL_AIMINI 99 -#define NDPI_PROTOCOL_SIP 100 -#define NDPI_PROTOCOL_TRUPHONE 101 -#define NDPI_PROTOCOL_IP_ICMPV6 102 -#define NDPI_PROTOCOL_DHCPV6 103 -#define NDPI_PROTOCOL_ARMAGETRON 104 -#define NDPI_PROTOCOL_CROSSFIRE 105 -#define NDPI_PROTOCOL_DOFUS 106 -#define NDPI_PROTOCOL_FIESTA 107 -#define NDPI_PROTOCOL_FLORENSIA 108 -#define NDPI_PROTOCOL_GUILDWARS 109 -#define NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC 110 -#define NDPI_PROTOCOL_KERBEROS 111 -#define NDPI_PROTOCOL_LDAP 112 -#define NDPI_PROTOCOL_MAPLESTORY 113 -#define NDPI_PROTOCOL_MSSQL_TDS 114 -#define NDPI_PROTOCOL_PPTP 115 -#define NDPI_PROTOCOL_WARCRAFT3 116 -#define NDPI_PROTOCOL_WORLD_OF_KUNG_FU 117 -#define NDPI_PROTOCOL_SLACK 118 -#define NDPI_PROTOCOL_FACEBOOK 119 -#define NDPI_PROTOCOL_TWITTER 120 -#define NDPI_PROTOCOL_DROPBOX 121 -#define NDPI_PROTOCOL_GMAIL 122 -#define NDPI_PROTOCOL_GOOGLE_MAPS 123 -#define NDPI_PROTOCOL_YOUTUBE 124 -#define NDPI_PROTOCOL_SKYPE 125 -#define NDPI_PROTOCOL_GOOGLE 126 -#define NDPI_PROTOCOL_DCERPC 127 -#define NDPI_PROTOCOL_NETFLOW 128 -#define NDPI_PROTOCOL_SFLOW 129 -#define NDPI_PROTOCOL_HTTP_CONNECT 130 -#define NDPI_PROTOCOL_HTTP_PROXY 131 -#define NDPI_PROTOCOL_CITRIX 132 -#define NDPI_PROTOCOL_NETFLIX 133 -#define NDPI_PROTOCOL_LASTFM 134 -#define NDPI_PROTOCOL_WAZE 135 -#define NDPI_PROTOCOL_SKYFILE_PREPAID 136 -#define NDPI_PROTOCOL_SKYFILE_RUDICS 137 -#define NDPI_PROTOCOL_SKYFILE_POSTPAID 138 -#define NDPI_PROTOCOL_CITRIX_ONLINE 139 -#define NDPI_PROTOCOL_APPLE 140 -#define NDPI_PROTOCOL_WEBEX 141 -#define NDPI_PROTOCOL_WHATSAPP 142 -#define NDPI_PROTOCOL_APPLE_ICLOUD 143 -#define NDPI_PROTOCOL_VIBER 144 -#define NDPI_PROTOCOL_APPLE_ITUNES 145 -#define NDPI_PROTOCOL_RADIUS 146 -#define NDPI_PROTOCOL_WINDOWS_UPDATE 147 -#define NDPI_PROTOCOL_TEAMVIEWER 148 /* xplico.org */ -#define NDPI_PROTOCOL_TUENTI 149 -#define NDPI_PROTOCOL_LOTUS_NOTES 150 -#define NDPI_PROTOCOL_SAP 151 -#define NDPI_PROTOCOL_GTP 152 -#define NDPI_PROTOCOL_UPNP 153 -#define NDPI_PROTOCOL_LLMNR 154 -#define NDPI_PROTOCOL_REMOTE_SCAN 155 -#define NDPI_PROTOCOL_SPOTIFY 156 -#define NDPI_CONTENT_WEBM 157 -#define NDPI_PROTOCOL_H323 158 /* Remy Mudingay */ -#define NDPI_PROTOCOL_OPENVPN 159 /* Remy Mudingay */ -#define NDPI_PROTOCOL_NOE 160 /* Remy Mudingay */ -#define NDPI_PROTOCOL_CISCOVPN 161 /* Remy Mudingay */ -#define NDPI_PROTOCOL_TEAMSPEAK 162 /* Remy Mudingay */ -#define NDPI_PROTOCOL_TOR 163 /* Remy Mudingay */ -#define NDPI_PROTOCOL_SKINNY 164 /* Remy Mudingay */ -#define NDPI_PROTOCOL_RTCP 165 /* Remy Mudingay */ -#define NDPI_PROTOCOL_RSYNC 166 /* Remy Mudingay */ -#define NDPI_PROTOCOL_ORACLE 167 /* Remy Mudingay */ -#define NDPI_PROTOCOL_CORBA 168 /* Remy Mudingay */ -#define NDPI_PROTOCOL_UBUNTUONE 169 /* Remy Mudingay */ -#define NDPI_PROTOCOL_WHOIS_DAS 170 -#define NDPI_PROTOCOL_COLLECTD 171 -#define NDPI_PROTOCOL_SOCKS 172 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_UNKNOWN 0 +#define NDPI_PROTOCOL_FTP_CONTROL 1 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_MAIL_POP 2 +#define NDPI_PROTOCOL_MAIL_SMTP 3 +#define NDPI_PROTOCOL_MAIL_IMAP 4 +#define NDPI_PROTOCOL_DNS 5 +#define NDPI_PROTOCOL_IPP 6 +#define NDPI_PROTOCOL_HTTP 7 +#define NDPI_PROTOCOL_MDNS 8 +#define NDPI_PROTOCOL_NTP 9 +#define NDPI_PROTOCOL_NETBIOS 10 +#define NDPI_PROTOCOL_NFS 11 +#define NDPI_PROTOCOL_SSDP 12 +#define NDPI_PROTOCOL_BGP 13 +#define NDPI_PROTOCOL_SNMP 14 +#define NDPI_PROTOCOL_XDMCP 15 +#define NDPI_PROTOCOL_SMB 16 +#define NDPI_PROTOCOL_SYSLOG 17 +#define NDPI_PROTOCOL_DHCP 18 +#define NDPI_PROTOCOL_POSTGRES 19 +#define NDPI_PROTOCOL_MYSQL 20 +#define NDPI_PROTOCOL_HOTMAIL 21 +#define NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK 22 +#define NDPI_PROTOCOL_MAIL_POPS 23 +#define NDPI_PROTOCOL_APPLEJUICE 24 +#define NDPI_PROTOCOL_DIRECTCONNECT 25 +#define NDPI_PROTOCOL_SOCRATES 26 +#define NDPI_PROTOCOL_COAP 27 +#define NDPI_PROTOCOL_VMWARE 28 +#define NDPI_PROTOCOL_MAIL_SMTPS 29 +#define NDPI_PROTOCOL_FILETOPIA 30 +#define NDPI_PROTOCOL_UBNTAC2 31 /* Ubiquity UBNT AirControl 2 - Thomas Fjellstrom */ +#define NDPI_PROTOCOL_KONTIKI 32 +#define NDPI_PROTOCOL_OPENFT 33 +#define NDPI_PROTOCOL_FASTTRACK 34 +#define NDPI_PROTOCOL_GNUTELLA 35 +#define NDPI_PROTOCOL_EDONKEY 36 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_BITTORRENT 37 +#define NDPI_PROTOCOL_EPP 38 +#define NDPI_CONTENT_AVI 39 +#define NDPI_CONTENT_FLASH 40 +#define NDPI_CONTENT_OGG 41 +#define NDPI_CONTENT_MPEG 42 +#define NDPI_CONTENT_QUICKTIME 43 +#define NDPI_CONTENT_REALMEDIA 44 +#define NDPI_CONTENT_WINDOWSMEDIA 45 +#define NDPI_CONTENT_MMS 46 +#define NDPI_PROTOCOL_XBOX 47 +#define NDPI_PROTOCOL_QQ 48 +#define NDPI_PROTOCOL_MOVE 49 +#define NDPI_PROTOCOL_RTSP 50 +#define NDPI_PROTOCOL_MAIL_IMAPS 51 +#define NDPI_PROTOCOL_ICECAST 52 +#define NDPI_PROTOCOL_PPLIVE 53 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_PPSTREAM 54 +#define NDPI_PROTOCOL_ZATTOO 55 +#define NDPI_PROTOCOL_SHOUTCAST 56 +#define NDPI_PROTOCOL_SOPCAST 57 +#define NDPI_PROTOCOL_TVANTS 58 +#define NDPI_PROTOCOL_TVUPLAYER 59 +#define NDPI_PROTOCOL_HTTP_DOWNLOAD 60 +#define NDPI_PROTOCOL_QQLIVE 61 +#define NDPI_PROTOCOL_THUNDER 62 +#define NDPI_PROTOCOL_SOULSEEK 63 +#define NDPI_PROTOCOL_SSL_NO_CERT 64 +#define NDPI_PROTOCOL_IRC 65 +#define NDPI_PROTOCOL_AYIYA 66 +#define NDPI_PROTOCOL_UNENCRYPTED_JABBER 67 +#define NDPI_PROTOCOL_MSN 68 +#define NDPI_PROTOCOL_OSCAR 69 +#define NDPI_PROTOCOL_YAHOO 70 +#define NDPI_PROTOCOL_BATTLEFIELD 71 +#define NDPI_PROTOCOL_QUAKE 72 +#define NDPI_PROTOCOL_IP_VRRP 73 +#define NDPI_PROTOCOL_STEAM 74 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_HALFLIFE2 75 +#define NDPI_PROTOCOL_WORLDOFWARCRAFT 76 +#define NDPI_PROTOCOL_TELNET 77 +#define NDPI_PROTOCOL_STUN 78 +#define NDPI_PROTOCOL_IP_IPSEC 79 +#define NDPI_PROTOCOL_IP_GRE 80 +#define NDPI_PROTOCOL_IP_ICMP 81 +#define NDPI_PROTOCOL_IP_IGMP 82 +#define NDPI_PROTOCOL_IP_EGP 83 +#define NDPI_PROTOCOL_IP_SCTP 84 +#define NDPI_PROTOCOL_IP_OSPF 85 +#define NDPI_PROTOCOL_IP_IP_IN_IP 86 +#define NDPI_PROTOCOL_RTP 87 +#define NDPI_PROTOCOL_RDP 88 +#define NDPI_PROTOCOL_VNC 89 +#define NDPI_PROTOCOL_PCANYWHERE 90 +#define NDPI_PROTOCOL_SSL 91 +#define NDPI_PROTOCOL_SSH 92 +#define NDPI_PROTOCOL_USENET 93 +#define NDPI_PROTOCOL_MGCP 94 +#define NDPI_PROTOCOL_IAX 95 +#define NDPI_PROTOCOL_TFTP 96 +#define NDPI_PROTOCOL_AFP 97 +#define NDPI_PROTOCOL_STEALTHNET 98 +#define NDPI_PROTOCOL_AIMINI 99 +#define NDPI_PROTOCOL_SIP 100 +#define NDPI_PROTOCOL_TRUPHONE 101 +#define NDPI_PROTOCOL_IP_ICMPV6 102 +#define NDPI_PROTOCOL_DHCPV6 103 +#define NDPI_PROTOCOL_ARMAGETRON 104 +#define NDPI_PROTOCOL_CROSSFIRE 105 +#define NDPI_PROTOCOL_DOFUS 106 +#define NDPI_PROTOCOL_FIESTA 107 +#define NDPI_PROTOCOL_FLORENSIA 108 +#define NDPI_PROTOCOL_GUILDWARS 109 +#define NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC 110 /*avoid large declarations in the future*/ +#define NDPI_PROTOCOL_KERBEROS 111 +#define NDPI_PROTOCOL_LDAP 112 +#define NDPI_PROTOCOL_MAPLESTORY 113 +#define NDPI_PROTOCOL_MSSQL_TDS 114 +#define NDPI_PROTOCOL_PPTP 115 +#define NDPI_PROTOCOL_WARCRAFT3 116 +#define NDPI_PROTOCOL_WORLD_OF_KUNG_FU 117 +#define NDPI_PROTOCOL_SLACK 118 +#define NDPI_PROTOCOL_FACEBOOK 119 +#define NDPI_PROTOCOL_TWITTER 120 +#define NDPI_PROTOCOL_DROPBOX 121 +#define NDPI_PROTOCOL_GMAIL 122 +#define NDPI_PROTOCOL_GOOGLE_MAPS 123 +#define NDPI_PROTOCOL_YOUTUBE 124 +#define NDPI_PROTOCOL_SKYPE 125 +#define NDPI_PROTOCOL_GOOGLE 126 +#define NDPI_PROTOCOL_DCERPC 127 +#define NDPI_PROTOCOL_NETFLOW 128 +#define NDPI_PROTOCOL_SFLOW 129 +#define NDPI_PROTOCOL_HTTP_CONNECT 130 +#define NDPI_PROTOCOL_HTTP_PROXY 131 +#define NDPI_PROTOCOL_CITRIX 132 +#define NDPI_PROTOCOL_NETFLIX 133 +#define NDPI_PROTOCOL_LASTFM 134 +#define NDPI_PROTOCOL_WAZE 135 +#define NDPI_PROTOCOL_SKYFILE_PREPAID 136 +#define NDPI_PROTOCOL_SKYFILE_RUDICS 137 +#define NDPI_PROTOCOL_SKYFILE_POSTPAID 138 +#define NDPI_PROTOCOL_CITRIX_ONLINE 139 +#define NDPI_PROTOCOL_APPLE 140 +#define NDPI_PROTOCOL_WEBEX 141 +#define NDPI_PROTOCOL_WHATSAPP 142 +#define NDPI_PROTOCOL_APPLE_ICLOUD 143 +#define NDPI_PROTOCOL_VIBER 144 +#define NDPI_PROTOCOL_APPLE_ITUNES 145 +#define NDPI_PROTOCOL_RADIUS 146 +#define NDPI_PROTOCOL_WINDOWS_UPDATE 147 +#define NDPI_PROTOCOL_TEAMVIEWER 148 /* xplico.org */ +#define NDPI_PROTOCOL_TUENTI 149 +#define NDPI_PROTOCOL_LOTUS_NOTES 150 +#define NDPI_PROTOCOL_SAP 151 +#define NDPI_PROTOCOL_GTP 152 +#define NDPI_PROTOCOL_UPNP 153 +#define NDPI_PROTOCOL_LLMNR 154 +#define NDPI_PROTOCOL_REMOTE_SCAN 155 +#define NDPI_PROTOCOL_SPOTIFY 156 +#define NDPI_CONTENT_WEBM 157 +#define NDPI_PROTOCOL_H323 158 /* Remy Mudingay */ +#define NDPI_PROTOCOL_OPENVPN 159 /* Remy Mudingay */ +#define NDPI_PROTOCOL_NOE 160 /* Remy Mudingay */ +#define NDPI_PROTOCOL_CISCOVPN 161 /* Remy Mudingay */ +#define NDPI_PROTOCOL_TEAMSPEAK 162 /* Remy Mudingay */ +#define NDPI_PROTOCOL_TOR 163 /* Remy Mudingay */ +#define NDPI_PROTOCOL_SKINNY 164 /* Remy Mudingay */ +#define NDPI_PROTOCOL_RTCP 165 /* Remy Mudingay */ +#define NDPI_PROTOCOL_RSYNC 166 /* Remy Mudingay */ +#define NDPI_PROTOCOL_ORACLE 167 /* Remy Mudingay */ +#define NDPI_PROTOCOL_CORBA 168 /* Remy Mudingay */ +#define NDPI_PROTOCOL_UBUNTUONE 169 /* Remy Mudingay */ +#define NDPI_PROTOCOL_WHOIS_DAS 170 +#define NDPI_PROTOCOL_COLLECTD 171 +#define NDPI_PROTOCOL_SOCKS 172 /* Tomasz Bujlow */ /* The Lync protocol is now skype for business and this the old id 173 can now be recycled */ -#define NDPI_PROTOCOL_NINTENDO 173 -#define NDPI_PROTOCOL_RTMP 174 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_FTP_DATA 175 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_WIKIPEDIA 176 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_ZMQ 177 -#define NDPI_PROTOCOL_AMAZON 178 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_EBAY 179 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_CNN 180 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_MEGACO 181 /* Gianluca Costa */ -#define NDPI_PROTOCOL_REDIS 182 -#define NDPI_PROTOCOL_PANDO 183 /* Tomasz Bujlow */ -#define NDPI_PROTOCOL_VHUA 184 -#define NDPI_PROTOCOL_TELEGRAM 185 /* Gianluca Costa */ -#define NDPI_PROTOCOL_VEVO 186 -#define NDPI_PROTOCOL_PANDORA 187 -#define NDPI_PROTOCOL_QUIC 188 /* Andrea Buscarinu - Michele Campus */ -#define NDPI_PROTOCOL_WHATSAPP_VOICE 189 -#define NDPI_PROTOCOL_EAQ 190 -#define NDPI_PROTOCOL_OOKLA 191 -#define NDPI_PROTOCOL_AMQP 192 -#define NDPI_PROTOCOL_KAKAOTALK 193 /* KakaoTalk Chat (no voice call) */ -#define NDPI_PROTOCOL_KAKAOTALK_VOICE 194 /* KakaoTalk Voice */ -#define NDPI_PROTOCOL_TWITCH 195 /* Edoardo Dominici */ -#define NDPI_PROTOCOL_QUICKPLAY 196 /* Streaming service used by various services such as hooq.tv */ -#define NDPI_PROTOCOL_WECHAT 197 - -#define NDPI_PROTOCOL_MPEGTS 198 -#define NDPI_PROTOCOL_SNAPCHAT 199 -#define NDPI_PROTOCOL_SINA 200 -#define NDPI_PROTOCOL_HANGOUT 201 -#define NDPI_PROTOCOL_IFLIX 202 /* www.vizuamatix.com R&D team & M.Mallawaarachchie */ -#define NDPI_PROTOCOL_GITHUB 203 -#define NDPI_PROTOCOL_BJNP 204 -#define NDPI_PROTOCOL_1KXUN 205 -#define NDPI_PROTOCOL_IQIYI 206 -#define NDPI_PROTOCOL_SMPP 207 /* Damir Franusic */ -#define NDPI_PROTOCOL_DNSCRYPT 208 -#define NDPI_PROTOCOL_TINC 209 /* William Guglielmo */ -#define NDPI_PROTOCOL_DEEZER 210 -#define NDPI_PROTOCOL_INSTAGRAM 211 /* Andrea Buscarinu */ -#define NDPI_PROTOCOL_MICROSOFT 212 -#define NDPI_PROTOCOL_STARCRAFT 213 /* Matteo Bracci */ -#define NDPI_PROTOCOL_TEREDO 214 -#define NDPI_PROTOCOL_HOTSPOT_SHIELD 215 -#define NDPI_PROTOCOL_HEP 216 /* sipcapture.org QXIP BV */ -#define NDPI_PROTOCOL_GOOGLE_DRIVE 217 -#define NDPI_PROTOCOL_OCS 218 -#define NDPI_PROTOCOL_OFFICE_365 219 -#define NDPI_PROTOCOL_CLOUDFLARE 220 -#define NDPI_PROTOCOL_MS_ONE_DRIVE 221 -#define NDPI_PROTOCOL_MQTT 222 -#define NDPI_PROTOCOL_RX 223 -#define NDPI_PROTOCOL_APPLESTORE 224 -#define NDPI_PROTOCOL_OPENDNS 225 -#define NDPI_PROTOCOL_GIT 226 -#define NDPI_PROTOCOL_DRDA 227 -#define NDPI_PROTOCOL_PLAYSTORE 228 /* Google Play Store */ -#define NDPI_PROTOCOL_SOMEIP 229 -#define NDPI_PROTOCOL_FIX 230 -#define NDPI_PROTOCOL_PLAYSTATION 231 /* Sony PlayStation */ +#define NDPI_PROTOCOL_NINTENDO 173 +#define NDPI_PROTOCOL_RTMP 174 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_FTP_DATA 175 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_WIKIPEDIA 176 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_ZMQ 177 +#define NDPI_PROTOCOL_AMAZON 178 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_EBAY 179 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_CNN 180 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_MEGACO 181 /* Gianluca Costa */ +#define NDPI_PROTOCOL_REDIS 182 +#define NDPI_PROTOCOL_PANDO 183 /* Tomasz Bujlow */ +#define NDPI_PROTOCOL_VHUA 184 +#define NDPI_PROTOCOL_TELEGRAM 185 /* Gianluca Costa */ +#define NDPI_PROTOCOL_VEVO 186 +#define NDPI_PROTOCOL_PANDORA 187 +#define NDPI_PROTOCOL_QUIC 188 /* Andrea Buscarinu - Michele Campus */ +#define NDPI_PROTOCOL_WHATSAPP_VOICE 189 +#define NDPI_PROTOCOL_EAQ 190 +#define NDPI_PROTOCOL_OOKLA 191 +#define NDPI_PROTOCOL_AMQP 192 +#define NDPI_PROTOCOL_KAKAOTALK 193 /* KakaoTalk Chat (no voice call) */ +#define NDPI_PROTOCOL_KAKAOTALK_VOICE 194 /* KakaoTalk Voice */ +#define NDPI_PROTOCOL_TWITCH 195 /* Edoardo Dominici */ +#define NDPI_PROTOCOL_QUICKPLAY 196 /* Streaming service used by various services such as hooq.tv */ +#define NDPI_PROTOCOL_WECHAT 197 +#define NDPI_PROTOCOL_MPEGTS 198 +#define NDPI_PROTOCOL_SNAPCHAT 199 +#define NDPI_PROTOCOL_SINA 200 +#define NDPI_PROTOCOL_HANGOUT 201 +#define NDPI_PROTOCOL_IFLIX 202 /* www.vizuamatix.com R&D team & M.Mallawaarachchie */ +#define NDPI_PROTOCOL_GITHUB 203 +#define NDPI_PROTOCOL_BJNP 204 +#define NDPI_PROTOCOL_1KXUN 205 +#define NDPI_PROTOCOL_IQIYI 206 +#define NDPI_PROTOCOL_SMPP 207 /* Damir Franusic */ +#define NDPI_PROTOCOL_DNSCRYPT 208 +#define NDPI_PROTOCOL_TINC 209 /* William Guglielmo */ +#define NDPI_PROTOCOL_DEEZER 210 +#define NDPI_PROTOCOL_INSTAGRAM 211 /* Andrea Buscarinu */ +#define NDPI_PROTOCOL_MICROSOFT 212 +#define NDPI_PROTOCOL_STARCRAFT 213 /* Matteo Bracci */ +#define NDPI_PROTOCOL_TEREDO 214 +#define NDPI_PROTOCOL_HOTSPOT_SHIELD 215 +#define NDPI_PROTOCOL_HEP 216 /* sipcapture.org QXIP BV */ +#define NDPI_PROTOCOL_GOOGLE_DRIVE 217 +#define NDPI_PROTOCOL_OCS 218 +#define NDPI_PROTOCOL_OFFICE_365 219 +#define NDPI_PROTOCOL_CLOUDFLARE 220 +#define NDPI_PROTOCOL_MS_ONE_DRIVE 221 +#define NDPI_PROTOCOL_MQTT 222 +#define NDPI_PROTOCOL_RX 223 +#define NDPI_PROTOCOL_APPLESTORE 224 +#define NDPI_PROTOCOL_OPENDNS 225 +#define NDPI_PROTOCOL_GIT 226 +#define NDPI_PROTOCOL_DRDA 227 +#define NDPI_PROTOCOL_PLAYSTORE 228 /* Google Play Store */ +#define NDPI_PROTOCOL_SOMEIP 229 +#define NDPI_PROTOCOL_FIX 230 +#define NDPI_PROTOCOL_PLAYSTATION 231 /* Sony PlayStation */ +#define NDPI_PROTOCOL_PASTEBIN 232 /* Paulo Angelo */ +#define NDPI_PROTOCOL_LINKEDIN 233 /* Paulo Angelo */ /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ -#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_PLAYSTATION +#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_LINKEDIN #define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1) #define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL) diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index acb58fcb4..9934039d4 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -758,7 +758,7 @@ typedef enum { NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, /* Remote access and control */ NDPI_PROTOCOL_CATEGORY_CLOUD, /* Online cloud services */ NDPI_PROTOCOL_CATEGORY_NETWORK, /* Network infrastructure protocols */ - NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, /* Software for collaborative development */ + NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, /* Software for collaborative development, including Webmail */ NDPI_PROTOCOL_CATEGORY_RPC, /* High level network communication protocols */ NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, /* Network administration and monitor protocols */ NDPI_PROTOCOL_CATEGORY_SYSTEM, /* System level applications */ diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index f71de966e..f3334001f 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -7971,43 +7971,84 @@ static ndpi_network host_protocol_list[] = { HTTP: Server: field HTTPS: Server certificate name + + Risk classification criteria + ---------------------------- + + NDPI_PROTOCOL_SAFE + - Web sites (and CDNs) which are not commonly used to host malicious activities. + - OS update hosts. + - App stores. + + NDPI_PROTOCOL_ACCEPTABLE + - Cloud services may be used to host malware (e.g., https://www.fireeye.com/blog/threat-research/2015/11/china-based-threat.html), + but it is mostly used for normal purposes. + - Webmail sites, which can be used to phising. + - Encrypted administrative protocols, such as SSH. + - Text, voice or video communication (e.g., Skype, Slack, Whatsapp). + - Ads services are commonly used to spread malware + (https://www.tripwire.com/state-of-security/security-data-protection/crypto-ransomware-spreads-via-poisoned-ads-on-major-websites/) + + NDPI_PROTOCOL_FUN + - Social media sites and services. + - Communication used for fun purposes, like Snapchat, Tinder, etc. + - Audio and videostreamming services (e.g., Netflix). + - Game services. + + NDPI_PROTOCOL_UNSAFE + - Unencrypted administrative protocols, such as Telnet. + - Cloud hosted servers when accessed by default domains, such as *.amazonaws.com. + - "AWS Supports 41% of Malware Hosting Sites, More than Any Other Web Host or ISP" + http://www.thewhir.com/web-hosting-news/aws-supports-41-malware-hosting-sites-web-host-isp + - https://www.scmagazine.com/600-plus-cloud-repositories-spotted-hosting-malware-and-malicious-files/article/572205/ + - https://howtoremove.guide/remove-s3-amazonaws-virus/ + - Torrents. + + NDPI_PROTOCOL_POTENTIALLY_DANGEROUS + - Tor and other anonymization access. + - Sites commonly used to host malware and not as commonly used by "normal" users. (e.g., pastebin.com) + https://isc.sans.edu/forums/diary/Many+Malware+Samples+Found+on+Pastebin/22036/ + + NDPI_PROTOCOL_UNRATED + - Avoid this class. + */ ndpi_protocol_match host_match[] = { - { "amazon.", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "amazon.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "amazon.", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "amazon.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { "images-amazon.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "amazonaws.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "amazonaws.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_UNSAFE }, { "amazon-adsystem.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".cloudfront.net", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".apple.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".mzstatic.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".aaplimg.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".apple.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".mzstatic.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".aaplimg.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".icloud.com", "AppleiCloud", NDPI_PROTOCOL_APPLE_ICLOUD, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "iosapps.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, /* iOS */ - { "osxapps.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, /* MacOS */ - { "buy.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, - { "su.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, - { "se.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, - { "myapp.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, - { "swscan.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, - { "itunes-apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, + { "iosapps.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, /* iOS */ + { "osxapps.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, /* MacOS */ + { "buy.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { "su.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { "se.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { "myapp.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { "swscan.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { "itunes-apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, { "itunes.apple.com", "AppleiTunes", NDPI_PROTOCOL_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - { ".cnn.c", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, - { ".cnn.net", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { ".cnn.c", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".cnn.net", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".dropbox.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE }, - { "log.getdropbox.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE }, + { ".dropbox.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { "log.getdropbox.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - { ".ebay.", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".ebay.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".ebaystatic.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".ebaydesc.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".ebayrtm.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".ebaystratus.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".ebayimg.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".ebay.", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, /* or FUN */ + { ".ebay.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".ebaystatic.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".ebaydesc.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".ebayrtm.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".ebaystratus.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".ebayimg.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { "facebook.com", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { "fbstatic-a.akamaihd.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, @@ -8015,44 +8056,44 @@ ndpi_protocol_match host_match[] = { { "fbcdn-", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { ".facebook.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".speedtest.net", "Ookla", NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_ACCEPTABLE }, + { ".speedtest.net", "Ookla", NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_SAFE }, - { "drive-thirdparty.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_SAFE }, - { "docs.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_SAFE }, - { ".docs.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_SAFE }, - { "drive.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_SAFE }, + { "drive-thirdparty.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "docs.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".docs.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "drive.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "android.clients.google.com", "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, - { "ggpht.com", "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, + { "android.clients.google.com", "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { "ggpht.com", "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, - { "google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".gstatic.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".googlesyndication.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".gstatic.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".googlesyndication.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".googletagservices.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".2mdn.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".doubleclick.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, /* Ads */ { "googleads.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "google-analytics.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "google-analytics.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { "googleusercontent.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "googleadservices.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "googleapis.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "1e100.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "maps.google.", "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "maps.gstatic.com", "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "maps.google.", "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "maps.gstatic.com", "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".gmail.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { "mail.google.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".gmail.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "mail.google.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "mail.outlook.com", "Hotmail", NDPI_PROTOCOL_HOTMAIL, NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NDPI_PROTOCOL_SAFE }, + { "mail.outlook.com", "Hotmail", NDPI_PROTOCOL_HOTMAIL, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".last.fm", "LastFM", NDPI_PROTOCOL_LASTFM, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { ".last.fm", "LastFM", NDPI_PROTOCOL_LASTFM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "msn.com", "MSN", NDPI_PROTOCOL_MSN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { "msn.com", "MSN", NDPI_PROTOCOL_MSN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, /*News site*/ - { "netflix.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "nflxext.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "netflix.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "nflxext.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "nflximg.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "nflximg.net", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "nflxvideo.net", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, @@ -8067,24 +8108,24 @@ ndpi_protocol_match host_match[] = { { "e4593.dspg.akamaiedge.net","Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, { "e4593.g.akamaiedge.net", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".tuenti.com", "Tuenti", NDPI_PROTOCOL_TUENTI, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".tuenti.com", "Tuenti", NDPI_PROTOCOL_TUENTI, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".twttr.com", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, - { "twitter.", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, - { "twimg.com", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, + { ".twttr.com", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "twitter.", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "twimg.com", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { ".viber.com", "Viber", NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, { ".cdn.viber.com", "Viber", NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - { "wikipedia.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "wikimedia.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "mediawiki.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "wikimediafoundation.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "wikipedia.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "wikimedia.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "mediawiki.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "wikimediafoundation.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".whatsapp.", "WhatsApp", NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - { ".yahoo.", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".yimg.com", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".yahoo.", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".yimg.com", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { "yahooapis.", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "youtube.", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, @@ -8106,7 +8147,7 @@ ndpi_protocol_match host_match[] = { { ".torproject.org", "Tor", NDPI_PROTOCOL_TOR, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, - { ".kakao.com", "KakaoTalk", NDPI_PROTOCOL_KAKAOTALK, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_FUN }, + { ".kakao.com", "KakaoTalk", NDPI_PROTOCOL_KAKAOTALK, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, { "ttvnw.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "static-cdn.jtvnw.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, @@ -8140,35 +8181,35 @@ ndpi_protocol_match host_match[] = { { ".waze.com", "Waze", NDPI_PROTOCOL_WAZE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".deezer.com", "Deezer", NDPI_PROTOCOL_DEEZER, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".deezer.com", "Deezer", NDPI_PROTOCOL_DEEZER, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".microsoft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, + { ".microsoft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { "i-msdn.sec.s-msft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, { "i2-msdn.sec.s-msft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, { ".webtrends.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".msecnd.net", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "bing.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".visualstudio.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "bing.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".visualstudio.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_SAFE }, { "bn1301.storage.live.com", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE,NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, { "*.gateway.messenger.live.com", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, { "skyapi.live.net", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, { "d.docs.live.net", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - { "update.microsoft.com", "WindowsUpdate", NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".windowsupdate.com", "WindowsUpdate", NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_ACCEPTABLE }, + { "update.microsoft.com", "WindowsUpdate", NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { ".windowsupdate.com", "WindowsUpdate", NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, { "worldofwarcraft.com", "WorldOfWarcraft", NDPI_PROTOCOL_WORLDOFWARCRAFT, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, { ".anchorfree.", "HotspotShield", NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, { "hotspotshield.com", "HotspotShield", NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, - { ".webex.com", "Webex", NDPI_PROTOCOL_WEBEX, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".webex.com", "Webex", NDPI_PROTOCOL_WEBEX, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".ocsdomain.com", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, - { "ocs.fr", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, - { ".ocs.fr", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, - { ".labgency.ws", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_FUN }, + { ".ocsdomain.com", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "ocs.fr", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".ocs.fr", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".labgency.ws", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { ".iflix.com", "IFLIX", NDPI_PROTOCOL_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { ".app.iflixcorp.com", "IFLIX", NDPI_PROTOCOL_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, @@ -8238,7 +8279,9 @@ ndpi_protocol_match host_match[] = { { "dnscrypt.org", "DNScrypt", NDPI_PROTOCOL_DNSCRYPT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, - { "torrent.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_P2P, NDPI_PROTOCOL_ACCEPTABLE }, + { "torrent.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_P2P, NDPI_PROTOCOL_UNSAFE }, + { "torrents.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_P2P, NDPI_PROTOCOL_UNSAFE }, + { "torrentz.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_P2P, NDPI_PROTOCOL_UNSAFE }, { ".nintendo.net", "Nintendo", NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, { ".nintendo.com", "Nintendo", NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, @@ -8246,6 +8289,11 @@ ndpi_protocol_match host_match[] = { { ".playstation.com", "Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, { ".sonyentertainmentnetwork.com","Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".pastebin.com", "Pastebin", NDPI_PROTOCOL_PASTEBIN, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, + + { ".linkedin.com", "LinkedIn", NDPI_PROTOCOL_LINKEDIN, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".licdn.com", "LinkedIn", NDPI_PROTOCOL_LINKEDIN, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { NULL, 0 } }; -- cgit v1.2.3 From 0326442faf76f5415196b96a1f470e9343f87578 Mon Sep 17 00:00:00 2001 From: Campus Date: Wed, 9 Aug 2017 18:14:41 +0200 Subject: add SoundCloud detection for https://github.com/ntop/nDPI/issues/396 --- src/include/ndpi_protocol_ids.h | 15 ++++++++------- src/lib/ndpi_content_match.c.inc | 16 +++++++++++++--- 2 files changed, 21 insertions(+), 10 deletions(-) (limited to 'src') diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 56dcce032..045f30a3a 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -30,9 +30,9 @@ #define __NDPI_PROTOCOLS_DEFAULT_H__ #define NDPI_DETECTION_SUPPORT_IPV6 -#define NDPI_PROTOCOL_SIZE 2 +#define NDPI_PROTOCOL_SIZE 2 -#define NDPI_PROTOCOL_UNKNOWN 0 +#define NDPI_PROTOCOL_UNKNOWN 0 #define NDPI_PROTOCOL_NO_MASTER_PROTO NDPI_PROTOCOL_UNKNOWN @@ -265,16 +265,17 @@ #define NDPI_PROTOCOL_OPENDNS 225 #define NDPI_PROTOCOL_GIT 226 #define NDPI_PROTOCOL_DRDA 227 -#define NDPI_PROTOCOL_PLAYSTORE 228 /* Google Play Store */ +#define NDPI_PROTOCOL_PLAYSTORE 228 #define NDPI_PROTOCOL_SOMEIP 229 #define NDPI_PROTOCOL_FIX 230 -#define NDPI_PROTOCOL_PLAYSTATION 231 /* Sony PlayStation */ +#define NDPI_PROTOCOL_PLAYSTATION 231 #define NDPI_PROTOCOL_PASTEBIN 232 /* Paulo Angelo */ #define NDPI_PROTOCOL_LINKEDIN 233 /* Paulo Angelo */ +#define NDPI_PROTOCOL_SOUNDCLOUD 234 /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ -#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_LINKEDIN +#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_SOUNDCLOUD -#define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1) -#define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL) +#define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1) +#define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL) #endif diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index f3334001f..17802c2a0 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -22,6 +22,13 @@ static ndpi_network host_protocol_list[] = { + /* + SoundCloud + */ + { 0x22FB2FEE /* 34.251.47.238 */, 32, NDPI_PROTOCOL_SOUNDCLOUD }, + { 0x23A06456 /* 35.160.100.86 */, 32, NDPI_PROTOCOL_SOUNDCLOUD }, + { 0x36C0CA58 /* 54.192.202.88 */, 32, NDPI_PROTOCOL_SOUNDCLOUD }, + /* Facebook, Inc. origin AS32934, AS54115 @@ -152,7 +159,6 @@ static ndpi_network host_protocol_list[] = { { 0x1B000000 /* 27.0.0.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, { 0x22C00000 /* 34.192.0.0/10 */, 10, NDPI_PROTOCOL_AMAZON }, { 0x23980000 /* 35.152.0.0/13 */, 13, NDPI_PROTOCOL_AMAZON }, - { 0x23A00000 /* 35.160.0.0/12 */, 12, NDPI_PROTOCOL_AMAZON }, { 0x23B00000 /* 35.176.0.0/13 */, 13, NDPI_PROTOCOL_AMAZON }, { 0x2BFAC000 /* 43.250.192.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, { 0x2BFAC100 /* 43.250.193.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, @@ -845,7 +851,7 @@ static ndpi_network host_protocol_list[] = { { 0x5B6C1000 /* 91.108.16.0/22 */, 22, NDPI_PROTOCOL_TELEGRAM }, { 0x5B6C3800 /* 91.108.56.0/22 */, 22, NDPI_PROTOCOL_TELEGRAM }, { 0x959AA000 /* 149.154.160.0/20 */, 20, NDPI_PROTOCOL_TELEGRAM }, - + /* BitTorrent */ @@ -860,7 +866,6 @@ static ndpi_network host_protocol_list[] = { { 0xB2A4F550 /* 178.164.245.80/32 */, 32, NDPI_PROTOCOL_BITTORRENT }, { 0xAE597B3E /* 174.89.123.62/32 */, 32, NDPI_PROTOCOL_BITTORRENT }, - /* Tor http://torstatus.blutmagie.de/ip_list_all.php/Tor_ip_list_ALL.csv @@ -8294,6 +8299,11 @@ ndpi_protocol_match host_match[] = { { ".linkedin.com", "LinkedIn", NDPI_PROTOCOL_LINKEDIN, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { ".licdn.com", "LinkedIn", NDPI_PROTOCOL_LINKEDIN, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".sndcdn.com", "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".soundcloud.com", "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "getrockerbox.com", "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + + { NULL, 0 } }; -- cgit v1.2.3 From 93ceb14302f38c24fc5cfc67e7f6ae3b218e89c9 Mon Sep 17 00:00:00 2001 From: Paulo Angelo Date: Wed, 9 Aug 2017 14:08:28 -0300 Subject: few classification adjusts --- src/lib/ndpi_content_match.c.inc | 2 ++ src/lib/ndpi_main.c | 40 ++++++++++++++++++++-------------------- 2 files changed, 22 insertions(+), 20 deletions(-) (limited to 'src') diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 17802c2a0..c357cdbc0 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -7984,6 +7984,7 @@ static ndpi_network host_protocol_list[] = { - Web sites (and CDNs) which are not commonly used to host malicious activities. - OS update hosts. - App stores. + - Commonly used services in encrypted channels (SMTPS, POPS, etc) NDPI_PROTOCOL_ACCEPTABLE - Cloud services may be used to host malware (e.g., https://www.fireeye.com/blog/threat-research/2015/11/china-based-threat.html), @@ -7993,6 +7994,7 @@ static ndpi_network host_protocol_list[] = { - Text, voice or video communication (e.g., Skype, Slack, Whatsapp). - Ads services are commonly used to spread malware (https://www.tripwire.com/state-of-security/security-data-protection/crypto-ransomware-spreads-via-poisoned-ads-on-major-websites/) + - Commonly used services in unencrypted channels (SMTP, POP, etc) NDPI_PROTOCOL_FUN - Social media sites and services. diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 65c139c08..3eb043db7 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -704,17 +704,17 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "Unknown", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_FTP_CONTROL, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_FTP_CONTROL, no_master, no_master, "FTP_CONTROL", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, ndpi_build_default_ports(ports_a, 21, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_FTP_DATA, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_FTP_DATA, no_master, no_master, "FTP_DATA", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, ndpi_build_default_ports(ports_a, 20, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MAIL_POP, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MAIL_POP, no_master, no_master, "POP3", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, ndpi_build_default_ports(ports_a, 110, 0, 0, 0, 0) /* TCP */, @@ -724,7 +724,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "POPS", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, ndpi_build_default_ports(ports_a, 995, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MAIL_SMTP, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MAIL_SMTP, no_master, no_master, "SMTP", NDPI_PROTOCOL_CATEGORY_MAIL_SEND, ndpi_build_default_ports(ports_a, 25, 0, 0, 0, 0) /* TCP */, @@ -734,7 +734,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "SMTPS", NDPI_PROTOCOL_CATEGORY_MAIL_SEND, ndpi_build_default_ports(ports_a, 465, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MAIL_IMAP, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MAIL_IMAP, no_master, no_master, "IMAP", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, ndpi_build_default_ports(ports_a, 143, 0, 0, 0, 0) /* TCP */, @@ -884,7 +884,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "eDonkey", NDPI_PROTOCOL_CATEGORY_P2P, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BITTORRENT, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_BITTORRENT, no_master, no_master, "BitTorrent", NDPI_PROTOCOL_CATEGORY_P2P, ndpi_build_default_ports(ports_a, 51413, 53646, 0, 0, 0) /* TCP */, @@ -999,7 +999,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "TVUplayer", NDPI_PROTOCOL_CATEGORY_MEDIA, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_HTTP_DOWNLOAD, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP_DOWNLOAD, no_master, no_master, "HTTP_Download", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, @@ -1026,7 +1026,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "SSL_No_Cert", NDPI_PROTOCOL_CATEGORY_WEB, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IRC, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_IRC, no_master, no_master, "IRC", NDPI_PROTOCOL_CATEGORY_CHAT, ndpi_build_default_ports(ports_a, 194, 0, 0, 0, 0) /* TCP */, @@ -1076,7 +1076,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "WorldOfWarcraft", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_HOTSPOT_SHIELD, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_HOTSPOT_SHIELD, no_master, no_master, "HotspotShield", NDPI_PROTOCOL_CATEGORY_VPN, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, @@ -1088,7 +1088,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); custom_master[0] = NDPI_PROTOCOL_SIP, custom_master[1] = NDPI_PROTOCOL_H323; - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_STUN, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_STUN, no_master, custom_master, "STUN", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, @@ -1230,12 +1230,12 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "Crossfire", NDPI_PROTOCOL_CATEGORY_RPC, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_DOFUS, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_DOFUS, no_master, no_master, "Dofus", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNRATED, NDPI_PROTOCOL_FIESTA, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_FIESTA, no_master, no_master, "Fiesta", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, @@ -1275,7 +1275,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "MsSQL-TDS", NDPI_PROTOCOL_CATEGORY_DATABASE, ndpi_build_default_ports(ports_a, 1433, 1434, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_PPTP, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_PPTP, no_master, no_master, "PPTP", NDPI_PROTOCOL_CATEGORY_VPN, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, @@ -1426,7 +1426,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master,"H323", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 1719, 1720, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 1719, 1720, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_OPENVPN, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_OPENVPN, no_master, no_master, "OpenVPN", NDPI_PROTOCOL_CATEGORY_VPN, ndpi_build_default_ports(ports_a, 1194, 0, 0, 0, 0) /* TCP */, @@ -1436,7 +1436,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "NOE", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_CISCOVPN, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CISCOVPN, no_master, no_master, "CiscoVPN", NDPI_PROTOCOL_CATEGORY_VPN, ndpi_build_default_ports(ports_a, 10000, 0, 0, 0, 0) /* TCP */, @@ -1561,7 +1561,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "RX", NDPI_PROTOCOL_CATEGORY_RPC, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_GIT, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_GIT, no_master, no_master, "Git", NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, ndpi_build_default_ports(ports_a, 9418, 0, 0, 0, 0), /* TCP */ @@ -1586,7 +1586,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "SMPP", NDPI_PROTOCOL_CATEGORY_P2P, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_OOKLA, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_OOKLA, no_master, no_master, "Ookla", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ @@ -1596,12 +1596,12 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "AMQP", NDPI_PROTOCOL_CATEGORY_RPC, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DNSCRYPT, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_DNSCRYPT, no_master, no_master, "DNScrypt", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_TINC, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TINC, no_master, no_master, "TINC", NDPI_PROTOCOL_CATEGORY_VPN, ndpi_build_default_ports(ports_a, 655, 0, 0, 0, 0) /* TCP */, @@ -1611,7 +1611,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "FIX", NDPI_PROTOCOL_CATEGORY_RPC, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NINTENDO, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_NINTENDO, no_master, no_master, "Nintendo", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, -- cgit v1.2.3 From d8ed5b10052f141624f4840fbfdb8f1f5f20f6fc Mon Sep 17 00:00:00 2001 From: Paulo Angelo Date: Wed, 9 Aug 2017 14:17:07 -0300 Subject: final revision. --- src/lib/ndpi_content_match.c.inc | 4 ++-- src/lib/ndpi_main.c | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) (limited to 'src') diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index c357cdbc0..54043d581 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -7984,7 +7984,7 @@ static ndpi_network host_protocol_list[] = { - Web sites (and CDNs) which are not commonly used to host malicious activities. - OS update hosts. - App stores. - - Commonly used services in encrypted channels (SMTPS, POPS, etc) + - Commonly used services with passwords in encrypted channels (SMTPS, POPS, etc) NDPI_PROTOCOL_ACCEPTABLE - Cloud services may be used to host malware (e.g., https://www.fireeye.com/blog/threat-research/2015/11/china-based-threat.html), @@ -7994,7 +7994,6 @@ static ndpi_network host_protocol_list[] = { - Text, voice or video communication (e.g., Skype, Slack, Whatsapp). - Ads services are commonly used to spread malware (https://www.tripwire.com/state-of-security/security-data-protection/crypto-ransomware-spreads-via-poisoned-ads-on-major-websites/) - - Commonly used services in unencrypted channels (SMTP, POP, etc) NDPI_PROTOCOL_FUN - Social media sites and services. @@ -8010,6 +8009,7 @@ static ndpi_network host_protocol_list[] = { - https://www.scmagazine.com/600-plus-cloud-repositories-spotted-hosting-malware-and-malicious-files/article/572205/ - https://howtoremove.guide/remove-s3-amazonaws-virus/ - Torrents. + - Commonly used services with passwords in unencrypted channels (SMTP, POP, etc) NDPI_PROTOCOL_POTENTIALLY_DANGEROUS - Tor and other anonymization access. diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 3eb043db7..228b4606f 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -704,7 +704,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "Unknown", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_FTP_CONTROL, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_FTP_CONTROL, no_master, no_master, "FTP_CONTROL", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, ndpi_build_default_ports(ports_a, 21, 0, 0, 0, 0) /* TCP */, @@ -714,7 +714,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "FTP_DATA", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, ndpi_build_default_ports(ports_a, 20, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MAIL_POP, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MAIL_POP, no_master, no_master, "POP3", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, ndpi_build_default_ports(ports_a, 110, 0, 0, 0, 0) /* TCP */, @@ -734,7 +734,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "SMTPS", NDPI_PROTOCOL_CATEGORY_MAIL_SEND, ndpi_build_default_ports(ports_a, 465, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MAIL_IMAP, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MAIL_IMAP, no_master, no_master, "IMAP", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, ndpi_build_default_ports(ports_a, 143, 0, 0, 0, 0) /* TCP */, @@ -1275,7 +1275,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "MsSQL-TDS", NDPI_PROTOCOL_CATEGORY_DATABASE, ndpi_build_default_ports(ports_a, 1433, 1434, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_PPTP, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_PPTP, no_master, no_master, "PPTP", NDPI_PROTOCOL_CATEGORY_VPN, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, -- cgit v1.2.3 From 5a8aa3d72d8de124c10581368087ba45406af033 Mon Sep 17 00:00:00 2001 From: Paulo Angelo Date: Fri, 11 Aug 2017 13:38:46 -0300 Subject: Windows 10 detection from UA and indentation --- src/lib/protocols/http.c | 61 ++++++++++++++++++++++++++---------------------- 1 file changed, 33 insertions(+), 28 deletions(-) (limited to 'src') diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 35e67a54d..aeb028798 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -154,15 +154,19 @@ static void rtsp_parse_packet_acceptline(struct ndpi_detection_module_struct #endif static void setHttpUserAgent(struct ndpi_flow_struct *flow, char *ua) { - if(!strcmp(ua, "Windows NT 5.0")) ua = "Windows 2000"; - else if(!strcmp(ua, "Windows NT 5.1")) ua = "Windows XP"; - else if(!strcmp(ua, "Windows NT 5.2")) ua = "Windows Server 2003"; - else if(!strcmp(ua, "Windows NT 6.0")) ua = "Windows Vista"; - else if(!strcmp(ua, "Windows NT 6.1")) ua = "Windows 7"; - else if(!strcmp(ua, "Windows NT 6.2")) ua = "Windows 8"; - else if(!strcmp(ua, "Windows NT 6.3")) ua = "Windows 8.1"; - - // printf("==> %s\n", ua); + if ( !strcmp(ua, "Windows NT 5.0")) ua = "Windows 2000"; + else if(!strcmp(ua, "Windows NT 5.1")) ua = "Windows XP"; + else if(!strcmp(ua, "Windows NT 5.2")) ua = "Windows Server 2003"; + else if(!strcmp(ua, "Windows NT 6.0")) ua = "Windows Vista"; + else if(!strcmp(ua, "Windows NT 6.1")) ua = "Windows 7"; + else if(!strcmp(ua, "Windows NT 6.2")) ua = "Windows 8"; + else if(!strcmp(ua, "Windows NT 6.3")) ua = "Windows 8.1"; + else if(!strcmp(ua, "Windows NT 10.0")) ua = "Windows 10"; + + /* Good reference for future implementations: + * https://github.com/ua-parser/uap-core/blob/master/regexes.yaml */ + + printf("==> %s\n", ua); snprintf((char*)flow->detected_os, sizeof(flow->detected_os), "%s", ua); } @@ -271,8 +275,9 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ if(packet->user_agent_line.ptr != NULL && packet->user_agent_line.len != 0) { /** - Format: - Mozilla/5.0 (iPad; U; CPU OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) .... + Format examples: + Mozilla/5.0 (iPad; U; CPU OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) .... + Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:54.0) Gecko/20100101 Firefox/54.0 */ if(packet->user_agent_line.len > 7) { char ua[256]; @@ -302,22 +307,22 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ if(token && (token[0] == ' ')) token++; /* Skip space */ if(token - && ((strcmp(token, "U") == 0) - || (strncmp(token, "MSIE", 4) == 0))) { - token = strsep(&parent, ";"); - if(token && (token[0] == ' ')) token++; /* Skip space */ + && ((strcmp(token, "U") == 0) + || (strncmp(token, "MSIE", 4) == 0))) { + token = strsep(&parent, ";"); + if(token && (token[0] == ' ')) token++; /* Skip space */ - if(token && (strncmp(token, "Update", 6) == 0)) { - token = strsep(&parent, ";"); + if(token && (strncmp(token, "Update", 6) == 0)) { + token = strsep(&parent, ";"); - if(token && (token[0] == ' ')) token++; /* Skip space */ + if(token && (token[0] == ' ')) token++; /* Skip space */ - if(token && (strncmp(token, "AOL", 3) == 0)) { - token = strsep(&parent, ";"); + if(token && (strncmp(token, "AOL", 3) == 0)) { - if(token && (token[0] == ' ')) token++; /* Skip space */ - } - } + token = strsep(&parent, ";"); + if(token && (token[0] == ' ')) token++; /* Skip space */ + } + } } } @@ -566,9 +571,9 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct } if((packet->payload_packet_len == 3) && memcmp(packet->payload, "HI\n", 3) == 0) { - /* This looks like Ookla: we don't give up with HTTP yet */ - flow->l4.tcp.http_stage = 1; - return; + /* This looks like Ookla: we don't give up with HTTP yet */ + flow->l4.tcp.http_stage = 1; + return; } if((packet->payload_packet_len == 23) && (memcmp(packet->payload, "", 23) == 0)) { @@ -787,14 +792,14 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct */ if((packet->parsed_lines == 1) && (packet->packet_direction == 1 /* server -> client */)) { - /* In apache if you do "GET /\n\n" the response comes without any header */ + /* In Apache if you do "GET /\n\n" the response comes without any header */ NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "Found HTTP. (apache)\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP); check_content_type_and_change_protocol(ndpi_struct, flow); return; } - /* If we already detected the http request, we can add the connection and then check for the sub-protocol */ + /* If we already detected the HTTP request, we can add the connection and then check for the sub-protocol */ if(flow->http_detected) ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP); -- cgit v1.2.3 From 449e06df77cd2dec2b942ce81c326733458419f7 Mon Sep 17 00:00:00 2001 From: Paulo Angelo Date: Fri, 11 Aug 2017 17:52:32 -0300 Subject: Code formating and some improvements on HTTP (issue 434) --- src/include/ndpi_typedefs.h | 7 +- src/lib/ndpi_main.c | 249 ++++++++++++++++++++++++++------------------ src/lib/protocols/http.c | 191 +++++++++++++++++++-------------- 3 files changed, 262 insertions(+), 185 deletions(-) (limited to 'src') diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 9934039d4..ccb031326 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -675,6 +675,7 @@ struct ndpi_packet_struct { u_int16_t protocol_stack_info; struct ndpi_int_one_line_struct line[NDPI_MAX_PARSE_LINES_PER_PACKET]; + /* HTTP headers */ struct ndpi_int_one_line_struct host_line; struct ndpi_int_one_line_struct forwarded_line; struct ndpi_int_one_line_struct referer_line; @@ -690,7 +691,8 @@ struct ndpi_packet_struct { struct ndpi_int_one_line_struct http_x_session_type; struct ndpi_int_one_line_struct server_line; struct ndpi_int_one_line_struct http_method; - struct ndpi_int_one_line_struct http_response; + struct ndpi_int_one_line_struct http_response; /* the first "word" in this pointer is the response code in the packet (200, etc) */ + u_int8_t http_num_headers; /* number of found (valid) header lines in HTTP request or response */ u_int16_t l3_packet_len; u_int16_t l4_packet_len; @@ -958,6 +960,9 @@ struct ndpi_flow_struct { struct { ndpi_http_method method; char *url, *content_type; + u_int8_t num_request_headers, num_response_headers; + u_int8_t request_version; /* 0=1.0 and 1=1.1. Create an enum for this? */ + u_char response_status_code[4]; /* 200, 404, etc. */ } http; union { diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 228b4606f..7d1e62df4 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -3793,151 +3793,195 @@ void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struc packet->http_method.len = 0; packet->http_response.ptr = NULL; packet->http_response.len = 0; + packet->http_num_headers=0; if((packet->payload_packet_len == 0) || (packet->payload == NULL) - || (end == 0) - ) + || (end == 0)) return; packet->line[packet->parsed_lines].ptr = packet->payload; packet->line[packet->parsed_lines].len = 0; for(a = 0; a < end-1 /* This because get_u_int16_t(packet->payload, a) reads 2 bytes */; a++) { - if(get_u_int16_t(packet->payload, a) == ntohs(0x0d0a)) { + if(get_u_int16_t(packet->payload, a) == ntohs(0x0d0a)) { /* If end of line char sequence CR+NL "\r\n", process line */ packet->line[packet->parsed_lines].len = (u_int16_t)(((unsigned long) &packet->payload[a]) - ((unsigned long) packet->line[packet->parsed_lines].ptr)); - if(packet->parsed_lines == 0 && packet->line[0].len >= NDPI_STATICSTRING_LEN("HTTP/1.1 200 ") && - memcmp(packet->line[0].ptr, "HTTP/1.", NDPI_STATICSTRING_LEN("HTTP/1.")) == 0 && - packet->line[0].ptr[NDPI_STATICSTRING_LEN("HTTP/1.1 ")] > '0' && - packet->line[0].ptr[NDPI_STATICSTRING_LEN("HTTP/1.1 ")] < '6') { - packet->http_response.ptr = &packet->line[0].ptr[NDPI_STATICSTRING_LEN("HTTP/1.1 ")]; - packet->http_response.len = packet->line[0].len - NDPI_STATICSTRING_LEN("HTTP/1.1 "); - NDPI_LOG(NDPI_PROTOCOL_UNKNOWN, ndpi_struct, NDPI_LOG_DEBUG, - "ndpi_parse_packet_line_info: HTTP response parsed: \"%.*s\"\n", - packet->http_response.len, packet->http_response.ptr); + /* First line of a HTTP response parsing. Expected a "HTTP/1.? ???" */ + if(packet->parsed_lines == 0 && packet->line[0].len >= NDPI_STATICSTRING_LEN("HTTP/1.X 200 ") && + memcmp(packet->line[0].ptr, "HTTP/1.", NDPI_STATICSTRING_LEN("HTTP/1.")) == 0 && + packet->line[0].ptr[NDPI_STATICSTRING_LEN("HTTP/1.X ")] > '0' && /* response code between 000 and 699 */ + packet->line[0].ptr[NDPI_STATICSTRING_LEN("HTTP/1.X ")] < '6') { + + packet->http_response.ptr = &packet->line[0].ptr[NDPI_STATICSTRING_LEN("HTTP/1.1 ")]; + packet->http_response.len = packet->line[0].len - NDPI_STATICSTRING_LEN("HTTP/1.1 "); + packet->http_num_headers++; + + NDPI_LOG(NDPI_PROTOCOL_UNKNOWN, ndpi_struct, NDPI_LOG_DEBUG, + "ndpi_parse_packet_line_info: HTTP response parsed: \"%.*s\"\n", + packet->http_response.len, packet->http_response.ptr); } + /* "Server:" header line in HTTP response */ if(packet->line[packet->parsed_lines].len > NDPI_STATICSTRING_LEN("Server:") + 1 - && memcmp(packet->line[packet->parsed_lines].ptr, "Server:", NDPI_STATICSTRING_LEN("Server:")) == 0) { - // some stupid clients omit a space and place the servername directly after the colon - if(packet->line[packet->parsed_lines].ptr[NDPI_STATICSTRING_LEN("Server:")] == ' ') { - packet->server_line.ptr = - &packet->line[packet->parsed_lines].ptr[NDPI_STATICSTRING_LEN("Server:") + 1]; - packet->server_line.len = - packet->line[packet->parsed_lines].len - (NDPI_STATICSTRING_LEN("Server:") + 1); - } else { - packet->server_line.ptr = &packet->line[packet->parsed_lines].ptr[NDPI_STATICSTRING_LEN("Server:")]; - packet->server_line.len = packet->line[packet->parsed_lines].len - NDPI_STATICSTRING_LEN("Server:"); - } + && memcmp(packet->line[packet->parsed_lines].ptr, "Server:", NDPI_STATICSTRING_LEN("Server:")) == 0) { + // some stupid clients omit a space and place the servername directly after the colon + if(packet->line[packet->parsed_lines].ptr[NDPI_STATICSTRING_LEN("Server:")] == ' ') { + packet->server_line.ptr = + &packet->line[packet->parsed_lines].ptr[NDPI_STATICSTRING_LEN("Server:") + 1]; + packet->server_line.len = + packet->line[packet->parsed_lines].len - (NDPI_STATICSTRING_LEN("Server:") + 1); + } else { + packet->server_line.ptr = &packet->line[packet->parsed_lines].ptr[NDPI_STATICSTRING_LEN("Server:")]; + packet->server_line.len = packet->line[packet->parsed_lines].len - NDPI_STATICSTRING_LEN("Server:"); + } + packet->http_num_headers++; } - + /* "Host:" header line in HTTP request */ if(packet->line[packet->parsed_lines].len > 6 - && memcmp(packet->line[packet->parsed_lines].ptr, "Host:", 5) == 0) { - // some stupid clients omit a space and place the hostname directly after the colon - if(packet->line[packet->parsed_lines].ptr[5] == ' ') { - packet->host_line.ptr = &packet->line[packet->parsed_lines].ptr[6]; - packet->host_line.len = packet->line[packet->parsed_lines].len - 6; - } else { - packet->host_line.ptr = &packet->line[packet->parsed_lines].ptr[5]; - packet->host_line.len = packet->line[packet->parsed_lines].len - 5; - } + && memcmp(packet->line[packet->parsed_lines].ptr, "Host:", 5) == 0) { + // some stupid clients omit a space and place the hostname directly after the colon + if(packet->line[packet->parsed_lines].ptr[5] == ' ') { + packet->host_line.ptr = &packet->line[packet->parsed_lines].ptr[6]; + packet->host_line.len = packet->line[packet->parsed_lines].len - 6; + } else { + packet->host_line.ptr = &packet->line[packet->parsed_lines].ptr[5]; + packet->host_line.len = packet->line[packet->parsed_lines].len - 5; + } + packet->http_num_headers++; } - + /* "X-Forwarded-For:" header line in HTTP request. Commonly used for HTTP proxies. */ if(packet->line[packet->parsed_lines].len > 17 - && memcmp(packet->line[packet->parsed_lines].ptr, "X-Forwarded-For:", 16) == 0) { - // some stupid clients omit a space and place the hostname directly after the colon - if(packet->line[packet->parsed_lines].ptr[16] == ' ') { - packet->forwarded_line.ptr = &packet->line[packet->parsed_lines].ptr[17]; - packet->forwarded_line.len = packet->line[packet->parsed_lines].len - 17; - } else { - packet->forwarded_line.ptr = &packet->line[packet->parsed_lines].ptr[16]; - packet->forwarded_line.len = packet->line[packet->parsed_lines].len - 16; - } + && memcmp(packet->line[packet->parsed_lines].ptr, "X-Forwarded-For:", 16) == 0) { + // some stupid clients omit a space and place the hostname directly after the colon + if(packet->line[packet->parsed_lines].ptr[16] == ' ') { + packet->forwarded_line.ptr = &packet->line[packet->parsed_lines].ptr[17]; + packet->forwarded_line.len = packet->line[packet->parsed_lines].len - 17; + } else { + packet->forwarded_line.ptr = &packet->line[packet->parsed_lines].ptr[16]; + packet->forwarded_line.len = packet->line[packet->parsed_lines].len - 16; + } + packet->http_num_headers++; } - + /* "Content-Type:" header line in HTTP. */ if(packet->line[packet->parsed_lines].len > 14 - && (memcmp(packet->line[packet->parsed_lines].ptr, "Content-Type: ", 14) == 0 - || memcmp(packet->line[packet->parsed_lines].ptr, "Content-type: ", 14) == 0)) { - packet->content_line.ptr = &packet->line[packet->parsed_lines].ptr[14]; - packet->content_line.len = packet->line[packet->parsed_lines].len - 14; + && (memcmp(packet->line[packet->parsed_lines].ptr, "Content-Type: ", 14) == 0 + || memcmp(packet->line[packet->parsed_lines].ptr, "Content-type: ", 14) == 0)) { + packet->content_line.ptr = &packet->line[packet->parsed_lines].ptr[14]; + packet->content_line.len = packet->line[packet->parsed_lines].len - 14; + packet->http_num_headers++; } - + /* "Content-Type:" header line in HTTP AGAIN. Probably a bogus response without space after ":" */ if(packet->line[packet->parsed_lines].len > 13 - && memcmp(packet->line[packet->parsed_lines].ptr, "Content-type:", 13) == 0) { - packet->content_line.ptr = &packet->line[packet->parsed_lines].ptr[13]; - packet->content_line.len = packet->line[packet->parsed_lines].len - 13; + && memcmp(packet->line[packet->parsed_lines].ptr, "Content-type:", 13) == 0) { + packet->content_line.ptr = &packet->line[packet->parsed_lines].ptr[13]; + packet->content_line.len = packet->line[packet->parsed_lines].len - 13; + packet->http_num_headers++; } - + /* "Accept:" header line in HTTP request. */ if(packet->line[packet->parsed_lines].len > 8 - && memcmp(packet->line[packet->parsed_lines].ptr, "Accept: ", 8) == 0) { - packet->accept_line.ptr = &packet->line[packet->parsed_lines].ptr[8]; - packet->accept_line.len = packet->line[packet->parsed_lines].len - 8; + && memcmp(packet->line[packet->parsed_lines].ptr, "Accept: ", 8) == 0) { + packet->accept_line.ptr = &packet->line[packet->parsed_lines].ptr[8]; + packet->accept_line.len = packet->line[packet->parsed_lines].len - 8; + packet->http_num_headers++; } - + /* "Referer:" header line in HTTP request. */ if(packet->line[packet->parsed_lines].len > 9 - && memcmp(packet->line[packet->parsed_lines].ptr, "Referer: ", 9) == 0) { - packet->referer_line.ptr = &packet->line[packet->parsed_lines].ptr[9]; - packet->referer_line.len = packet->line[packet->parsed_lines].len - 9; + && memcmp(packet->line[packet->parsed_lines].ptr, "Referer: ", 9) == 0) { + packet->referer_line.ptr = &packet->line[packet->parsed_lines].ptr[9]; + packet->referer_line.len = packet->line[packet->parsed_lines].len - 9; + packet->http_num_headers++; } - + /* "User-Agent:" header line in HTTP request. */ if(packet->line[packet->parsed_lines].len > 12 - && (memcmp(packet->line[packet->parsed_lines].ptr, "User-Agent: ", 12) == 0 || - memcmp(packet->line[packet->parsed_lines].ptr, "User-agent: ", 12) == 0)) { - packet->user_agent_line.ptr = &packet->line[packet->parsed_lines].ptr[12]; - packet->user_agent_line.len = packet->line[packet->parsed_lines].len - 12; + && (memcmp(packet->line[packet->parsed_lines].ptr, "User-Agent: ", 12) == 0 + || memcmp(packet->line[packet->parsed_lines].ptr, "User-agent: ", 12) == 0)) { + packet->user_agent_line.ptr = &packet->line[packet->parsed_lines].ptr[12]; + packet->user_agent_line.len = packet->line[packet->parsed_lines].len - 12; + packet->http_num_headers++; } - + /* "Content-Encoding:" header line in HTTP response (and request?). */ if(packet->line[packet->parsed_lines].len > 18 - && memcmp(packet->line[packet->parsed_lines].ptr, "Content-Encoding: ", 18) == 0) { - packet->http_encoding.ptr = &packet->line[packet->parsed_lines].ptr[18]; - packet->http_encoding.len = packet->line[packet->parsed_lines].len - 18; + && memcmp(packet->line[packet->parsed_lines].ptr, "Content-Encoding: ", 18) == 0) { + packet->http_encoding.ptr = &packet->line[packet->parsed_lines].ptr[18]; + packet->http_encoding.len = packet->line[packet->parsed_lines].len - 18; + packet->http_num_headers++; } - + /* "Transfer-Encoding:" header line in HTTP. */ if(packet->line[packet->parsed_lines].len > 19 - && memcmp(packet->line[packet->parsed_lines].ptr, "Transfer-Encoding: ", 19) == 0) { - packet->http_transfer_encoding.ptr = &packet->line[packet->parsed_lines].ptr[19]; - packet->http_transfer_encoding.len = packet->line[packet->parsed_lines].len - 19; + && memcmp(packet->line[packet->parsed_lines].ptr, "Transfer-Encoding: ", 19) == 0) { + packet->http_transfer_encoding.ptr = &packet->line[packet->parsed_lines].ptr[19]; + packet->http_transfer_encoding.len = packet->line[packet->parsed_lines].len - 19; + packet->http_num_headers++; } + /* "Content-Length:" header line in HTTP. */ if(packet->line[packet->parsed_lines].len > 16 - && ((memcmp(packet->line[packet->parsed_lines].ptr, "Content-Length: ", 16) == 0) + && ((memcmp(packet->line[packet->parsed_lines].ptr, "Content-Length: ", 16) == 0) || (memcmp(packet->line[packet->parsed_lines].ptr, "content-length: ", 16) == 0))) { - packet->http_contentlen.ptr = &packet->line[packet->parsed_lines].ptr[16]; - packet->http_contentlen.len = packet->line[packet->parsed_lines].len - 16; + packet->http_contentlen.ptr = &packet->line[packet->parsed_lines].ptr[16]; + packet->http_contentlen.len = packet->line[packet->parsed_lines].len - 16; + packet->http_num_headers++; } + /* "Cookie:" header line in HTTP. */ if(packet->line[packet->parsed_lines].len > 8 - && memcmp(packet->line[packet->parsed_lines].ptr, "Cookie: ", 8) == 0) { - packet->http_cookie.ptr = &packet->line[packet->parsed_lines].ptr[8]; - packet->http_cookie.len = packet->line[packet->parsed_lines].len - 8; + && memcmp(packet->line[packet->parsed_lines].ptr, "Cookie: ", 8) == 0) { + packet->http_cookie.ptr = &packet->line[packet->parsed_lines].ptr[8]; + packet->http_cookie.len = packet->line[packet->parsed_lines].len - 8; + packet->http_num_headers++; } + /* "Origin:" header line in HTTP. */ if(packet->line[packet->parsed_lines].len > 8 - && memcmp(packet->line[packet->parsed_lines].ptr, "Origin: ", 8) == 0) { - packet->http_origin.ptr = &packet->line[packet->parsed_lines].ptr[8]; - packet->http_origin.len = packet->line[packet->parsed_lines].len - 8; + && memcmp(packet->line[packet->parsed_lines].ptr, "Origin: ", 8) == 0) { + packet->http_origin.ptr = &packet->line[packet->parsed_lines].ptr[8]; + packet->http_origin.len = packet->line[packet->parsed_lines].len - 8; + packet->http_num_headers++; } + /* "X-Session-Type:" header line in HTTP. */ if(packet->line[packet->parsed_lines].len > 16 - && memcmp(packet->line[packet->parsed_lines].ptr, "X-Session-Type: ", 16) == 0) { - packet->http_x_session_type.ptr = &packet->line[packet->parsed_lines].ptr[16]; - packet->http_x_session_type.len = packet->line[packet->parsed_lines].len - 16; + && memcmp(packet->line[packet->parsed_lines].ptr, "X-Session-Type: ", 16) == 0) { + packet->http_x_session_type.ptr = &packet->line[packet->parsed_lines].ptr[16]; + packet->http_x_session_type.len = packet->line[packet->parsed_lines].len - 16; + packet->http_num_headers++; + } + /* Identification and counting of other HTTP headers. + * We consider the most common headers, but there are many others, + * which can be seen at references below: + * - https://tools.ietf.org/html/rfc7230 + * - https://en.wikipedia.org/wiki/List_of_HTTP_header_fields + */ + if((packet->line[packet->parsed_lines].len > 6 && ( memcmp(packet->line[packet->parsed_lines].ptr, "Date: ", 6) == 0 || + memcmp(packet->line[packet->parsed_lines].ptr, "Vary: ", 6) == 0 || + memcmp(packet->line[packet->parsed_lines].ptr, "ETag: ", 6) == 0 )) || + (packet->line[packet->parsed_lines].len > 8 && memcmp(packet->line[packet->parsed_lines].ptr, "Pragma: ", 8) == 0) || + (packet->line[packet->parsed_lines].len > 9 && memcmp(packet->line[packet->parsed_lines].ptr, "Expires: ", 9) == 0) || + (packet->line[packet->parsed_lines].len > 12 && ( memcmp(packet->line[packet->parsed_lines].ptr, "Set-Cookie: ", 12) == 0 || + memcmp(packet->line[packet->parsed_lines].ptr, "Keep-Alive: ", 12) == 0 || + memcmp(packet->line[packet->parsed_lines].ptr, "Connection: ", 12) == 0)) || + (packet->line[packet->parsed_lines].len > 15 && ( memcmp(packet->line[packet->parsed_lines].ptr, "Last-Modified: ", 15) == 0 || + memcmp(packet->line[packet->parsed_lines].ptr, "Accept-Ranges: ", 15) == 0)) || + (packet->line[packet->parsed_lines].len > 17 && ( memcmp(packet->line[packet->parsed_lines].ptr, "Accept-Language: ", 17) == 0 || + memcmp(packet->line[packet->parsed_lines].ptr, "Accept-Encoding: ", 17) == 0)) || + (packet->line[packet->parsed_lines].len > 27 && memcmp(packet->line[packet->parsed_lines].ptr, "Upgrade-Insecure-Requests: ", 27) == 0)) { + /* Just count. In the future, if needed, this if can be splited to parse these headers */ + packet->http_num_headers++; } if(packet->line[packet->parsed_lines].len == 0) { - packet->empty_line_position = a; - packet->empty_line_position_set = 1; + packet->empty_line_position = a; + packet->empty_line_position_set = 1; } - if(packet->parsed_lines >= (NDPI_MAX_PARSE_LINES_PER_PACKET - 1)) { - return; - } + if(packet->parsed_lines >= (NDPI_MAX_PARSE_LINES_PER_PACKET - 1)) + return; packet->parsed_lines++; packet->line[packet->parsed_lines].ptr = &packet->payload[a + 2]; packet->line[packet->parsed_lines].len = 0; - if((a + 2) >= packet->payload_packet_len) { - return; - } - a++; + if((a + 2) >= packet->payload_packet_len) + return; + + a++; /* next char in the payload */ } } @@ -3955,11 +3999,10 @@ void ndpi_parse_packet_line_info_any(struct ndpi_detection_module_struct *ndpi_s struct ndpi_packet_struct *packet = &flow->packet; u_int32_t a; u_int16_t end = packet->payload_packet_len; + if(packet->packet_lines_parsed_complete != 0) return; - - packet->packet_lines_parsed_complete = 1; packet->parsed_lines = 0; @@ -3974,20 +4017,20 @@ void ndpi_parse_packet_line_info_any(struct ndpi_detection_module_struct *ndpi_s packet->line[packet->parsed_lines].len = (u_int16_t)( ((unsigned long) &packet->payload[a]) - ((unsigned long) packet->line[packet->parsed_lines].ptr)); + if(a > 0 && packet->payload[a-1] == 0x0d) - packet->line[packet->parsed_lines].len--; + packet->line[packet->parsed_lines].len--; - if(packet->parsed_lines >= (NDPI_MAX_PARSE_LINES_PER_PACKET - 1)) { - break; - } + if(packet->parsed_lines >= (NDPI_MAX_PARSE_LINES_PER_PACKET - 1)) + break; packet->parsed_lines++; packet->line[packet->parsed_lines].ptr = &packet->payload[a + 1]; packet->line[packet->parsed_lines].len = 0; - if((a + 1) >= packet->payload_packet_len) { - break; - } + if((a + 1) >= packet->payload_packet_len) + break; + //a++; } } diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index aeb028798..e9b011c51 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -65,7 +65,7 @@ static void flash_check_http_payload(struct ndpi_detection_module_struct if(memcmp(pos, "FLV", 3) == 0 && pos[3] == 0x01 && (pos[4] == 0x01 || pos[4] == 0x04 || pos[4] == 0x05) && pos[5] == 0x00 && pos[6] == 0x00 && pos[7] == 0x00 && pos[8] == 0x09) { - NDPI_LOG(NDPI_CONTENT_FLASH, ndpi_struct, NDPI_LOG_DEBUG, "Flash content in http detected\n"); + NDPI_LOG(NDPI_CONTENT_FLASH, ndpi_struct, NDPI_LOG_DEBUG, "Flash content in HTTP detected\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_CONTENT_FLASH); } } @@ -92,7 +92,7 @@ static void avi_check_http_payload(struct ndpi_detection_module_struct *ndpi_str if(flow->l4.tcp.http_empty_line_seen == 1) { if(packet->payload_packet_len > 20 && memcmp(packet->payload, "RIFF", 4) == 0 && memcmp(packet->payload + 8, "AVI LIST", 8) == 0) { - NDPI_LOG(NDPI_CONTENT_AVI, ndpi_struct, NDPI_LOG_DEBUG, "Avi content in http detected\n"); + NDPI_LOG(NDPI_CONTENT_AVI, ndpi_struct, NDPI_LOG_DEBUG, "Avi content in HTTP detected\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_CONTENT_AVI); } flow->l4.tcp.http_empty_line_seen = 0; @@ -111,7 +111,7 @@ static void avi_check_http_payload(struct ndpi_detection_module_struct *ndpi_str if((p + 16) <= packet->payload_packet_len && memcmp(&packet->payload[p], "RIFF", 4) == 0 && memcmp(&packet->payload[p + 8], "AVI LIST", 8) == 0) { - NDPI_LOG(NDPI_CONTENT_AVI, ndpi_struct, NDPI_LOG_DEBUG, "Avi content in http detected\n"); + NDPI_LOG(NDPI_CONTENT_AVI, ndpi_struct, NDPI_LOG_DEBUG, "Avi content in HTTP detected\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_CONTENT_AVI); } } @@ -133,7 +133,7 @@ static void teamviewer_check_http_payload(struct ndpi_detection_module_struct *n pos = &packet->payload[packet->empty_line_position] + 2; if(pos[0] == 0x17 && pos[1] == 0x24) { - NDPI_LOG(NDPI_PROTOCOL_TEAMVIEWER, ndpi_struct, NDPI_LOG_DEBUG, "TeamViewer content in http detected\n"); + NDPI_LOG(NDPI_PROTOCOL_TEAMVIEWER, ndpi_struct, NDPI_LOG_DEBUG, "TeamViewer content in HTTP detected\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_TEAMVIEWER); } } @@ -166,7 +166,7 @@ static void setHttpUserAgent(struct ndpi_flow_struct *flow, char *ua) { /* Good reference for future implementations: * https://github.com/ua-parser/uap-core/blob/master/regexes.yaml */ - printf("==> %s\n", ua); + //printf("==> %s\n", ua); snprintf((char*)flow->detected_os, sizeof(flow->detected_os), "%s", ua); } @@ -237,27 +237,27 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ } if(flow->packet.http_method.len < 3) - flow->http.method = HTTP_METHOD_UNKNOWN; + flow->http.method = HTTP_METHOD_UNKNOWN; else { - switch(flow->packet.http_method.ptr[0]) { - case 'O': flow->http.method = HTTP_METHOD_OPTIONS; break; - case 'G': flow->http.method = HTTP_METHOD_GET; break; - case 'H': flow->http.method = HTTP_METHOD_HEAD; break; - - case 'P': - switch(flow->packet.http_method.ptr[1]) { - case 'O': flow->http.method = HTTP_METHOD_POST; break; - case 'U': flow->http.method = HTTP_METHOD_PUT; break; - } - break; - - case 'D': flow->http.method = HTTP_METHOD_DELETE; break; - case 'T': flow->http.method = HTTP_METHOD_TRACE; break; - case 'C': flow->http.method = HTTP_METHOD_CONNECT; break; - default: - flow->http.method = HTTP_METHOD_UNKNOWN; - break; - } + switch(flow->packet.http_method.ptr[0]) { + case 'O': flow->http.method = HTTP_METHOD_OPTIONS; break; + case 'G': flow->http.method = HTTP_METHOD_GET; break; + case 'H': flow->http.method = HTTP_METHOD_HEAD; break; + + case 'P': + switch(flow->packet.http_method.ptr[1]) { + case 'O': flow->http.method = HTTP_METHOD_POST; break; + case 'U': flow->http.method = HTTP_METHOD_PUT; break; + } + break; + + case 'D': flow->http.method = HTTP_METHOD_DELETE; break; + case 'T': flow->http.method = HTTP_METHOD_TRACE; break; + case 'C': flow->http.method = HTTP_METHOD_CONNECT; break; + default: + flow->http.method = HTTP_METHOD_UNKNOWN; + break; + } } } @@ -337,7 +337,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ } } - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "User Agent Type Line found %.*s\n", + NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "User Agent Type line found %.*s\n", packet->user_agent_line.len, packet->user_agent_line.ptr); } @@ -345,10 +345,10 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ if(packet->host_line.ptr != NULL) { u_int len; - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HOST Line found %.*s\n", + NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HOST line found %.*s\n", packet->host_line.len, packet->host_line.ptr); - /* call ndpi_match_host_subprotocol to see if there is a match with known-host http subprotocol */ + /* call ndpi_match_host_subprotocol to see if there is a match with known-host HTTP subprotocol */ if((ndpi_struct->http_dont_dissect_response) || flow->http_detected) ndpi_match_host_subprotocol(ndpi_struct, flow, (char*)packet->host_line.ptr, @@ -409,7 +409,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ /* check for accept line */ if(packet->accept_line.ptr != NULL) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "Accept Line found %.*s\n", + NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "Accept line found %.*s\n", packet->accept_line.len, packet->accept_line.ptr); #ifdef NDPI_PROTOCOL_RTSP if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(ndpi_struct->detection_bitmask, NDPI_PROTOCOL_RTSP) != 0) { @@ -432,7 +432,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ #endif if(packet->content_line.ptr != NULL && packet->content_line.len != 0) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "Content Type Line found %.*s\n", + NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "Content Type line found %.*s\n", packet->content_line.len, packet->content_line.ptr); if((ndpi_struct->http_dont_dissect_response) || flow->http_detected) @@ -544,13 +544,14 @@ static void http_bitmask_exclude(struct ndpi_flow_struct *flow) static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { + struct ndpi_packet_struct *packet = &flow->packet; - u_int16_t filename_start; + u_int16_t filename_start; /* the filename in the request method line, e.g., "GET filename_start..."*/ packet->packet_lines_parsed_complete = 0; /* Check if we so far detected the protocol in the request or not. */ - if(flow->l4.tcp.http_stage == 0) { + if(flow->l4.tcp.http_stage == 0) { /* Expected a request */ flow->http_detected = 0; NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP stage %d: \n", @@ -558,7 +559,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct filename_start = http_request_url_offset(ndpi_struct, flow); - if(filename_start == 0) { + if(filename_start == 0) { /* not a regular request. In the HTTP first stage, may be a truncated flow or other protocols */ NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "Filename HTTP not found, we look for possible truncate flow...\n"); @@ -577,15 +578,15 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct } if((packet->payload_packet_len == 23) && (memcmp(packet->payload, "", 23) == 0)) { - /* - - - - - - */ - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_UNKNOWN); - return; + /* + + + + + + */ + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_UNKNOWN); + return; } NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "Exclude HTTP\n"); @@ -614,7 +615,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct "Found more than one line, we look further for the next packet...\n"); if(packet->line[0].len >= (9 + filename_start) - && memcmp(&packet->line[0].ptr[packet->line[0].len - 9], " HTTP/1.", 8) == 0) { + && memcmp(&packet->line[0].ptr[packet->line[0].len - 9], " HTTP/1.", 8) == 0) { /* Request line complete. Ex. "GET / HTTP/1.1" */ packet->http_url_name.ptr = &packet->payload[filename_start]; packet->http_url_name.len = packet->line[0].len - (filename_start + 9); @@ -622,30 +623,40 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct packet->http_method.ptr = packet->line[0].ptr; packet->http_method.len = filename_start - 1; + // Set the HTTP requested version: 0=HTTP/1.0 and 1=HTTP/1.1 + if(memcmp(&packet->line[0].ptr[packet->line[0].len - 1], "1", 1) == 0) + flow->http.request_version = 1; + else + flow->http.request_version = 0; + + /* Set the first found headers in request */ + flow->http.num_request_headers = packet->http_num_headers; + + /* Check for Ookla */ if((packet->referer_line.len > 0) - && ndpi_strnstr((const char *)packet->referer_line.ptr, "www.speedtest.net", packet->referer_line.len)) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_HTTP); - return; + && ndpi_strnstr((const char *)packet->referer_line.ptr, "www.speedtest.net", packet->referer_line.len)) { + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_HTTP); + return; } /* Check for additional field introduced by Steam */ int x = 1; if((memcmp(packet->line[x].ptr, "x-steam-sid", 11)) == 0) { - ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_STEAM); - check_content_type_and_change_protocol(ndpi_struct, flow); - return; + ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_STEAM); + check_content_type_and_change_protocol(ndpi_struct, flow); + return; } /* Check for additional field introduced by Facebook */ x = 1; while(packet->line[x].len != 0) { - if(packet->line[x].len >= 12 && (memcmp(packet->line[x].ptr, "X-FB-SIM-HNI", 12)) == 0) { - ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_FACEBOOK); - check_content_type_and_change_protocol(ndpi_struct, flow); - return; - } - x++; + if(packet->line[x].len >= 12 && (memcmp(packet->line[x].ptr, "X-FB-SIM-HNI", 12)) == 0) { + ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_FACEBOOK); + check_content_type_and_change_protocol(ndpi_struct, flow); + return; + } + x++; } /* check PPStream protocol or iQiyi service @@ -694,7 +705,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct } if(filename_start == 8 && (memcmp(packet->payload, "CONNECT ", 8) == 0)) { - /* nathan@getoffmalawn.com */ + /* nathan@getoffmalawn.com */ NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP_CONNECT Found.\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP_CONNECT); check_content_type_and_change_protocol(ndpi_struct, flow); @@ -704,49 +715,51 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct "HTTP START Found, we will look for sub-protocols (content and host)...\n"); if(packet->host_line.ptr != NULL) { - /** - nDPI is pretty scrupulous about HTTP so it waits until the - HTTP response is received just to check that it conforms - with the HTTP specs. However this might be a waste of time as - in 99.99% of the cases is like that. - */ - - if(ndpi_struct->http_dont_dissect_response) { - if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) /* No subprotocol found */ - ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP); - } else { - flow->http_detected = 1; - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, - "HTTP START Found, we will look further for the response...\n"); - flow->l4.tcp.http_stage = packet->packet_direction + 1; // packet_direction 0: stage 1, packet_direction 1: stage 2 - } + /** + nDPI is pretty scrupulous about HTTP so it waits until the + HTTP response is received just to check that it conforms + with the HTTP specs. However this might be a waste of time as + in 99.99% of the cases is like that. + */ + + if(ndpi_struct->http_dont_dissect_response) { + if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) /* No subprotocol found */ + ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP); + } else { + flow->http_detected = 1; + NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, + "HTTP START Found, we will look further for the response...\n"); + flow->l4.tcp.http_stage = packet->packet_direction + 1; // packet_direction 0: stage 1, packet_direction 1: stage 2 + } - check_content_type_and_change_protocol(ndpi_struct, flow); - return; + check_content_type_and_change_protocol(ndpi_struct, flow); + return; } } NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP: REQUEST NOT HTTP CONFORM\n"); http_bitmask_exclude(flow); + } else if((flow->l4.tcp.http_stage == 1) || (flow->l4.tcp.http_stage == 2)) { + NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP stage %u: \n", flow->l4.tcp.http_stage); if(flow->l4.tcp.http_stage == 1) { if((packet->payload_packet_len > 6) && memcmp(packet->payload, "HELLO ", 6) == 0) { - /* This looks like Ookla */ - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_UNKNOWN); - return; + /* This looks like Ookla */ + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_UNKNOWN); + return; } else - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_OOKLA); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_OOKLA); } /** - At first check, if this is for sure a response packet (in another direction. If not, if http is detected do nothing now and return, - otherwise check the second packet for the http request + At first check, if this is for sure a response packet (in another direction. If not, if HTTP is detected do nothing now and return, + otherwise check the second packet for the HTTP request */ - if((flow->l4.tcp.http_stage - packet->packet_direction) == 1) { + if((flow->l4.tcp.http_stage - packet->packet_direction) == 1) { /* Expected a response package */ if(flow->http_detected) return; @@ -756,6 +769,9 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct ndpi_parse_packet_line_info(ndpi_struct, flow); + // Add more found HTTP request headers. + flow->http.num_request_headers+=packet->http_num_headers; + if(packet->parsed_lines <= 1) { /* wait some packets in case request is split over more than 2 packets */ if(flow->packet_counter < 5) { @@ -791,6 +807,9 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct We have received a response for a previously identified partial HTTP request */ + /* response without headers + * TODO: Shouldn't it be below ndpi_parse_packet_line_info, line ~825 ? + */ if((packet->parsed_lines == 1) && (packet->packet_direction == 1 /* server -> client */)) { /* In Apache if you do "GET /\n\n" the response comes without any header */ NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "Found HTTP. (apache)\n"); @@ -807,6 +826,16 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct ndpi_parse_packet_line_info(ndpi_struct, flow); check_content_type_and_change_protocol(ndpi_struct, flow); + /* Set server HTTP response code, if available */ + if(packet->http_response.len>=3){ + strncpy((char*)flow->http.response_status_code, (char*)packet->http_response.ptr, 3); + flow->http.response_status_code[4]='\0'; + } + + if(packet->packet_direction == 1 /* server -> client */){ + flow->http.num_response_headers += packet->http_num_headers; /* flow structs are initialized with zeros */ + } + if(packet->empty_line_position_set != 0 || flow->l4.tcp.http_empty_line_seen == 1) { NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "empty line. check_http_payload.\n"); check_http_payload(ndpi_struct, flow); -- cgit v1.2.3 From 5547ef06b34ef70a5b1a1ac46c197871dda964ab Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Thu, 17 Aug 2017 17:55:52 +0200 Subject: Collapsed email send and receive categories in a new email category --- src/include/ndpi_protocol_ids.h | 6 +++--- src/include/ndpi_typedefs.h | 3 +-- src/lib/ndpi_main.c | 25 +++++++++++-------------- 3 files changed, 15 insertions(+), 19 deletions(-) (limited to 'src') diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 045f30a3a..ed39d7184 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -172,9 +172,9 @@ #define NDPI_PROTOCOL_NETFLIX 133 #define NDPI_PROTOCOL_LASTFM 134 #define NDPI_PROTOCOL_WAZE 135 -#define NDPI_PROTOCOL_SKYFILE_PREPAID 136 -#define NDPI_PROTOCOL_SKYFILE_RUDICS 137 -#define NDPI_PROTOCOL_SKYFILE_POSTPAID 138 +#define NDPI_PROTOCOL_SKYFILE_PREPAID 136 /* free for future use */ +#define NDPI_PROTOCOL_SKYFILE_RUDICS 137 /* free for future use */ +#define NDPI_PROTOCOL_SKYFILE_POSTPAID 138 /* free for future use */ #define NDPI_PROTOCOL_CITRIX_ONLINE 139 #define NDPI_PROTOCOL_APPLE 140 #define NDPI_PROTOCOL_WEBEX 141 diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index ccb031326..124504b79 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -747,8 +747,7 @@ typedef enum { NDPI_PROTOCOL_CATEGORY_UNSPECIFIED = 0, /* For general services and unknown protocols */ NDPI_PROTOCOL_CATEGORY_MEDIA, /* Multimedia and streaming */ NDPI_PROTOCOL_CATEGORY_VPN, /* Virtual Private Networks */ - NDPI_PROTOCOL_CATEGORY_MAIL_SEND, /* Protocols to send emails */ - NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, /* Protocols to receive or sync emails */ + NDPI_PROTOCOL_CATEGORY_MAIL, /* Protocols to send/receive/sync emails */ NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, /* FTP and similar protocols */ NDPI_PROTOCOL_CATEGORY_WEB, /* Web protocols and services */ NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, /* Social networks */ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 7d1e62df4..0cc02ac29 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -716,32 +716,32 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MAIL_POP, no_master, - no_master, "POP3", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, + no_master, "POP3", NDPI_PROTOCOL_CATEGORY_MAIL, ndpi_build_default_ports(ports_a, 110, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_MAIL_POPS, no_master, - no_master, "POPS", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, + no_master, "POPS", NDPI_PROTOCOL_CATEGORY_MAIL, ndpi_build_default_ports(ports_a, 995, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_MAIL_SMTP, no_master, - no_master, "SMTP", NDPI_PROTOCOL_CATEGORY_MAIL_SEND, + no_master, "SMTP", NDPI_PROTOCOL_CATEGORY_MAIL, ndpi_build_default_ports(ports_a, 25, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_MAIL_SMTPS, no_master, - no_master, "SMTPS", NDPI_PROTOCOL_CATEGORY_MAIL_SEND, + no_master, "SMTPS", NDPI_PROTOCOL_CATEGORY_MAIL, ndpi_build_default_ports(ports_a, 465, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MAIL_IMAP, no_master, - no_master, "IMAP", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, + no_master, "IMAP", NDPI_PROTOCOL_CATEGORY_MAIL, ndpi_build_default_ports(ports_a, 143, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_MAIL_IMAPS, no_master, - no_master, "IMAPS", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, + no_master, "IMAPS", NDPI_PROTOCOL_CATEGORY_MAIL, ndpi_build_default_ports(ports_a, 993, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DNS, @@ -1322,17 +1322,17 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYFILE_PREPAID, no_master, - no_master, "SkyFile_PrePaid", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, + no_master, "SkyFile_PrePaid", NDPI_PROTOCOL_CATEGORY_MAIL, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYFILE_RUDICS, no_master, - no_master, "SkyFile_Rudics", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, + no_master, "SkyFile_Rudics", NDPI_PROTOCOL_CATEGORY_MAIL, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYFILE_POSTPAID, no_master, - no_master, "SkyFile_PostPaid", NDPI_PROTOCOL_CATEGORY_MAIL_SYNC, + no_master, "SkyFile_PostPaid", NDPI_PROTOCOL_CATEGORY_MAIL, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CITRIX_ONLINE, @@ -4529,11 +4529,8 @@ const char* ndpi_category_str(ndpi_protocol_category_t category) { case NDPI_PROTOCOL_CATEGORY_VPN: return("VPN"); break; - case NDPI_PROTOCOL_CATEGORY_MAIL_SEND: - return("EmailSend"); - break; - case NDPI_PROTOCOL_CATEGORY_MAIL_SYNC: - return("EmailSync"); + case NDPI_PROTOCOL_CATEGORY_MAIL: + return("Email"); break; case NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER: return("FileTransfer"); -- cgit v1.2.3 From 5515c3a1091e4308467066c3cd58be59ff3d95d2 Mon Sep 17 00:00:00 2001 From: Campus Date: Fri, 18 Aug 2017 10:11:41 +0200 Subject: fix for https://github.com/ntop/nDPI/issues/437 --- src/lib/protocols/socks45.c | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) (limited to 'src') diff --git a/src/lib/protocols/socks45.c b/src/lib/protocols/socks45.c index 7ad0868d2..67cfab8b4 100644 --- a/src/lib/protocols/socks45.c +++ b/src/lib/protocols/socks45.c @@ -48,18 +48,15 @@ static void ndpi_check_socks4(struct ndpi_detection_module_struct *ndpi_struct, /* Check if we so far detected the protocol in the request or not. */ if(flow->socks4_stage == 0) { NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "SOCKS4 stage 0: \n"); - - /*Octets 3 and 4 contain the port number, port 80 and 25 for now. */ - if((payload_len == 9) && - (((packet->payload[0] == 0x04) && (packet->payload[1] == 0x01) && (packet->payload[2] == 0x00) && (packet->payload[3] == 0x50)) - || - ((packet->payload[0] == 0x04) && (packet->payload[1] == 0x01) && (packet->payload[2] == 0x00) && (packet->payload[3] == 0x19)))) { + + if(payload_len >= 9 && packet->payload[0] == 0x04 && + (packet->payload[1] == 0x01 || packet->payload[1] == 0x02) && + packet->payload[payload_len - 1] == 0x00) { NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "Possible SOCKS4 request detected, we will look further for the response...\n"); - + /* TODO: check port and ip address is valid */ /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ flow->socks4_stage = packet->packet_direction + 1; } - } else { NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "SOCKS4 stage %u: \n", flow->socks4_stage); @@ -67,16 +64,14 @@ static void ndpi_check_socks4(struct ndpi_detection_module_struct *ndpi_struct, if((flow->socks4_stage - packet->packet_direction) == 1) { return; } - /* This is a packet in another direction. Check if we find the proper response. */ - if(payload_len == 0) { + if(payload_len == 8 && packet->payload[0] == 0x00 && packet->payload[1] >= 0x5a && packet->payload[1] <= 0x5d) { NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "Found SOCKS4.\n"); ndpi_int_socks_add_connection(ndpi_struct, flow); } else { NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to SOCKS4, resetting the stage to 0...\n"); flow->socks4_stage = 0; } - } } -- cgit v1.2.3 From 63c97753a102e58e60ecdf09088525ea8b35ceaa Mon Sep 17 00:00:00 2001 From: Paulo Angelo Date: Sat, 19 Aug 2017 14:19:30 -0300 Subject: Respose status code after validation check. --- src/lib/ndpi_main.c | 5 +++++ src/lib/protocols/http.c | 6 ------ 2 files changed, 5 insertions(+), 6 deletions(-) (limited to 'src') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 7d1e62df4..69313a88e 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -3817,6 +3817,11 @@ void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struc packet->http_response.len = packet->line[0].len - NDPI_STATICSTRING_LEN("HTTP/1.1 "); packet->http_num_headers++; + /* Set server HTTP response code */ + strncpy((char*)flow->http.response_status_code, (char*)packet->http_response.ptr, 3); + flow->http.response_status_code[4]='\0'; + + NDPI_LOG(NDPI_PROTOCOL_UNKNOWN, ndpi_struct, NDPI_LOG_DEBUG, "ndpi_parse_packet_line_info: HTTP response parsed: \"%.*s\"\n", packet->http_response.len, packet->http_response.ptr); diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index e9b011c51..3fd304867 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -826,12 +826,6 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct ndpi_parse_packet_line_info(ndpi_struct, flow); check_content_type_and_change_protocol(ndpi_struct, flow); - /* Set server HTTP response code, if available */ - if(packet->http_response.len>=3){ - strncpy((char*)flow->http.response_status_code, (char*)packet->http_response.ptr, 3); - flow->http.response_status_code[4]='\0'; - } - if(packet->packet_direction == 1 /* server -> client */){ flow->http.num_response_headers += packet->http_num_headers; /* flow structs are initialized with zeros */ } -- cgit v1.2.3 From 31478703c21f0a65f42335e5157c6601bf7c7c44 Mon Sep 17 00:00:00 2001 From: Konstantin Shalygin Date: Sat, 26 Aug 2017 14:07:57 +0700 Subject: Backported CSGO/DOTA2 protocol. --- src/include/ndpi_protocol_ids.h | 3 +- src/include/ndpi_protocols.h | 2 + src/include/ndpi_typedefs.h | 4 ++ src/lib/Makefile.am | 1 + src/lib/ndpi_main.c | 12 +++- src/lib/protocols/bittorrent.c | 21 +++---- src/lib/protocols/csgo.c | 124 ++++++++++++++++++++++++++++++++++++++++ 7 files changed, 154 insertions(+), 13 deletions(-) create mode 100644 src/lib/protocols/csgo.c (limited to 'src') diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index ed39d7184..1ba8d3b89 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -272,9 +272,10 @@ #define NDPI_PROTOCOL_PASTEBIN 232 /* Paulo Angelo */ #define NDPI_PROTOCOL_LINKEDIN 233 /* Paulo Angelo */ #define NDPI_PROTOCOL_SOUNDCLOUD 234 +#define NDPI_PROTOCOL_CSGO 235 /* Counter-Strike Global Offensive, Dota 2 */ /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ -#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_SOUNDCLOUD +#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_CSGO #define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1) #define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL) diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index c585a6551..adfd19b17 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -198,6 +198,7 @@ void ndpi_search_bjnp(struct ndpi_detection_module_struct *ndpi_struct, struct n void ndpi_search_smpp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_tinc(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_fix(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); +void ndpi_search_csgo(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); /* --- INIT FUNCTIONS --- */ void init_afp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_aimini_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); @@ -344,5 +345,6 @@ void init_smpp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int void init_tinc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_fix_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_nintendo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); +void init_csgo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); #endif /* __NDPI_PROTOCOLS_H__ */ diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 124504b79..b0efab6af 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -1081,6 +1081,10 @@ struct ndpi_flow_struct { u_int8_t tinc_state; struct tinc_cache_entry tinc_cache_entry; #endif +#ifdef NDPI_PROTOCOL_CSGO + u_int8_t csgo_strid[18],csgo_state,csgo_s2; + u_int32_t csgo_id2; +#endif /* internal structures to save functions calls */ struct ndpi_packet_struct packet; diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index 90eb38ecd..740e3ee48 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -32,6 +32,7 @@ libndpi_la_SOURCES = ndpi_content_match.c.inc \ protocols/collectd.c \ protocols/corba.c \ protocols/crossfire.c \ + protocols/csgo.c \ protocols/dcerpc.c \ protocols/dhcp.c \ protocols/dhcpv6.c \ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 6ff836402..71c1d4c23 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1616,7 +1616,12 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "Nintendo", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_CSGO, + no_master, + no_master, "CSGO", NDPI_PROTOCOL_CATEGORY_GAME, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + /* calling function for host and content matched protocols */ init_string_based_protocols(ndpi_mod); @@ -2712,7 +2717,7 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* FIX */ init_fix_dissector(ndpi_struct, &a, detection_bitmask); - + /* NINTENDO */ init_nintendo_dissector(ndpi_struct, &a, detection_bitmask); @@ -2727,6 +2732,9 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* AMQP */ init_amqp_dissector(ndpi_struct, &a, detection_bitmask); + /* CSGO */ + init_csgo_dissector(ndpi_struct, &a, detection_bitmask); + /* ----------------------------------------------------------------- */ ndpi_struct->callback_buffer_size = a; diff --git a/src/lib/protocols/bittorrent.c b/src/lib/protocols/bittorrent.c index a88b1cce5..e7a5e890a 100644 --- a/src/lib/protocols/bittorrent.c +++ b/src/lib/protocols/bittorrent.c @@ -59,14 +59,14 @@ static void ndpi_add_connection_as_bittorrent(struct ndpi_detection_module_struc const char *bt_hash = NULL; /* 20 bytes long */ if(bt_offset == -1) { - const char *bt_magic = ndpi_strnstr((const char *)flow->packet.payload, + const char *bt_magic = ndpi_strnstr((const char *)flow->packet.payload, "BitTorrent protocol", flow->packet.payload_packet_len); if(bt_magic) bt_hash = &bt_magic[19]; } else bt_hash = (const char*)&flow->packet.payload[28]; - + if(bt_hash) memcpy(flow->bittorent_hash, bt_hash, 20); } @@ -387,15 +387,15 @@ void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, st char *bt_proto = NULL; /* This is broadcast */ - if(packet->iph + if(packet->iph && (((packet->iph->saddr == 0xFFFFFFFF) || (packet->iph->daddr == 0xFFFFFFFF)) - || (packet->udp + || (packet->udp && ((ntohs(packet->udp->source) == 3544) /* teredo.c */ || (ntohs(packet->udp->dest) == 3544))))) { NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_BITTORRENT); return; } - + if(packet->detected_protocol_stack[0] != NDPI_PROTOCOL_BITTORRENT) { /* check for tcp retransmission here */ @@ -441,7 +441,8 @@ void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, st /* Heuristic */ bt_proto = ndpi_strnstr((const char *)&packet->payload[20], "BitTorrent protocol", packet->payload_packet_len-20); goto bittorrent_found; - } else if(((v1_version & 0x0f) == 1) + /* CSGO/DOTA conflict */ + } else if(flow->packet_counter > 8 && ((v1_version & 0x0f) == 1) && ((v1_version >> 4) < 5 /* ST_NUM_STATES */) && (v1_extension < 3 /* EXT_NUM_EXT */) && (v1_window_size < 32768 /* 32k */) @@ -466,8 +467,8 @@ void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, st if(flow->bittorrent_stage < 10) { /* We have detected bittorrent but we need to wait until we get a hash */ - - if(packet->payload_packet_len > 19 /* min size */) { + + if(packet->payload_packet_len > 19 /* min size */) { if(ndpi_strnstr((const char *)packet->payload, ":target20:", packet->payload_packet_len) || ndpi_strnstr((const char *)packet->payload, ":find_node1:", packet->payload_packet_len) || ndpi_strnstr((const char *)packet->payload, "d1:ad2:id20:", packet->payload_packet_len) @@ -475,7 +476,7 @@ void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, st || ndpi_strnstr((const char *)packet->payload, ":filter64", packet->payload_packet_len) || ndpi_strnstr((const char *)packet->payload, "d1:rd2:id20:", packet->payload_packet_len) || (bt_proto = ndpi_strnstr((const char *)packet->payload, "BitTorrent protocol", packet->payload_packet_len)) - ) { + ) { bittorrent_found: if(bt_proto && (packet->payload_packet_len > 47)) memcpy(flow->bittorent_hash, &bt_proto[27], 20); @@ -486,7 +487,7 @@ void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, st NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION); return; } - } + } return; } diff --git a/src/lib/protocols/csgo.c b/src/lib/protocols/csgo.c new file mode 100644 index 000000000..14073aef7 --- /dev/null +++ b/src/lib/protocols/csgo.c @@ -0,0 +1,124 @@ +/* + * csgo.c + * + * Copyright (C) 2016-2017 Vitaly Lavrov + * + * This file is part of nDPI, an open source deep packet inspection + * library based on the OpenDPI and PACE technology by ipoque GmbH + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ + + +#include "ndpi_api.h" + +#ifdef NDPI_PROTOCOL_CSGO + +void ndpi_search_csgo(struct ndpi_detection_module_struct* ndpi_struct, struct ndpi_flow_struct* flow) { + struct ndpi_packet_struct* packet = &flow->packet; + + if (packet->udp != NULL) { + uint32_t w = htonl(get_u_int32_t(packet->payload, 0)); + NDPI_LOG(NDPI_PROTOCOL_CSGO, ndpi_struct, NDPI_LOG_DEBUG, "CSGO: word %08x\n", w); + + if (!flow->csgo_state && packet->payload_packet_len == 23 && w == 0xfffffffful) { + if (!memcmp(packet->payload + 5, "connect0x", 9)) { + NDPI_LOG(NDPI_PROTOCOL_CSGO, ndpi_struct, NDPI_LOG_DEBUG, "Found csgo connect0x.\n"); + flow->csgo_state++; + memcpy(flow->csgo_strid, packet->payload + 5, 18); + return; + } + } + if (flow->csgo_state == 1 && packet->payload_packet_len >= 42 && w == 0xfffffffful) { + if (!memcmp(packet->payload + 24, flow->csgo_strid, 18)) { + NDPI_LOG(NDPI_PROTOCOL_CSGO, ndpi_struct, NDPI_LOG_DEBUG, "Found csgo connect0x reply.\n"); + flow->csgo_state++; + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN); + return; + } + } + if (packet->payload_packet_len == 8 && ( w == 0x3a180000 || w == 0x39180000) ) { + NDPI_LOG(NDPI_PROTOCOL_CSGO, ndpi_struct, NDPI_LOG_DEBUG, "Found csgo udp 8b.\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN); + return; + } + if (packet->payload_packet_len >= 36 && w == 0x56533031ul) { + NDPI_LOG(NDPI_PROTOCOL_CSGO, ndpi_struct, NDPI_LOG_DEBUG, "Found csgo udp.\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN); + return; + } + if (packet->payload_packet_len >= 36 && w == 0x01007364) { + uint32_t w2 = htonl(get_u_int32_t(packet->payload, 4)); + if (w2 == 0x70696e67) { + NDPI_LOG(NDPI_PROTOCOL_CSGO, ndpi_struct, NDPI_LOG_DEBUG, "Found csgo udp ping.\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN); + return; + } + } + if (flow->csgo_s2 < 3 && (w & 0xffff0000ul) == 0x0d1d0000) { + uint32_t w2 = get_u_int32_t(packet->payload, 2); + if (packet->payload_packet_len == 13) { + if (!flow->csgo_s2) { + flow->csgo_id2 = w2; + flow->csgo_s2 = 1; + NDPI_LOG(NDPI_PROTOCOL_CSGO, ndpi_struct, NDPI_LOG_DEBUG, "Found csgo udp 0d1d step1.\n"); + return; + } + if (flow->csgo_s2 == 1 && flow->csgo_id2 == w2) { + NDPI_LOG(NDPI_PROTOCOL_CSGO, ndpi_struct, NDPI_LOG_DEBUG, "Found csgo udp 0d1d step1 DUP.\n"); + return; + } + flow->csgo_s2 = 3; + return; + } + if (packet->payload_packet_len == 15) { + if (flow->csgo_s2 == 1 && flow->csgo_id2 == w2) { + NDPI_LOG(NDPI_PROTOCOL_CSGO, ndpi_struct, NDPI_LOG_DEBUG, "Found csgo udp 0d1d.\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN); + return; + } + } + flow->csgo_s2 = 3; + } + if (packet->payload_packet_len >= 140 && (w == 0x02124c6c || w == 0x02125c6c) && + !memcmp(&packet->payload[3], "lta\000mob\000tpc\000bhj\000bxd\000tae\000urg\000gkh\000", 32)) { + NDPI_LOG(NDPI_PROTOCOL_CSGO, ndpi_struct, NDPI_LOG_DEBUG, "Found csgo dictionary udp.\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN); + return; + } + if (packet->payload_packet_len >= 33 && packet->iph && packet->iph->daddr == 0xffffffff && + !memcmp(&packet->payload[17], "LanSearch", 9)) { + NDPI_LOG(NDPI_PROTOCOL_CSGO, ndpi_struct, NDPI_LOG_DEBUG, "Found csgo LanSearch udp.\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN); + return; + } + } + if (flow->packet_counter > 20) + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_CSGO); +} + +void init_csgo_dissector(struct ndpi_detection_module_struct *ndpi_struct, + u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { + ndpi_set_bitmask_protocol_detection("CSGO", ndpi_struct, detection_bitmask, *id, + NDPI_PROTOCOL_CSGO, + ndpi_search_csgo, + NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, + ADD_TO_DETECTION_BITMASK); + + *id += 1; +} + +#endif -- cgit v1.2.3 From 299b9435d0948c822d8aa7b129619c91a2b58138 Mon Sep 17 00:00:00 2001 From: Luca Date: Tue, 29 Aug 2017 19:56:32 +0200 Subject: Fixed memory out-of-bound issue Added extra check for fixing #366 --- src/include/ndpi_typedefs.h | 2 +- src/lib/protocols/fasttrack.c | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 124504b79..5624e030f 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -961,7 +961,7 @@ struct ndpi_flow_struct { char *url, *content_type; u_int8_t num_request_headers, num_response_headers; u_int8_t request_version; /* 0=1.0 and 1=1.1. Create an enum for this? */ - u_char response_status_code[4]; /* 200, 404, etc. */ + u_char response_status_code[5]; /* 200, 404, etc. */ } http; union { diff --git a/src/lib/protocols/fasttrack.c b/src/lib/protocols/fasttrack.c index cb2f20343..c432f6754 100644 --- a/src/lib/protocols/fasttrack.c +++ b/src/lib/protocols/fasttrack.c @@ -42,7 +42,9 @@ void ndpi_search_fasttrack_tcp(struct ndpi_detection_module_struct *ndpi_struct, // struct ndpi_id_struct *src=ndpi_struct->src; // struct ndpi_id_struct *dst=ndpi_struct->dst; - if (packet->payload_packet_len > 6 && ntohs(get_u_int16_t(packet->payload, packet->payload_packet_len - 2)) == 0x0d0a) { + if ( (packet->payload != NULL) + && (packet->payload_packet_len > 6) + && (ntohs(get_u_int16_t(packet->payload, packet->payload_packet_len - 2)) == 0x0d0a)) { NDPI_LOG(NDPI_PROTOCOL_FASTTRACK, ndpi_struct, NDPI_LOG_TRACE, "detected 0d0a at the end of the packet.\n"); if (memcmp(packet->payload, "GIVE ", 5) == 0 && packet->payload_packet_len >= 8) { -- cgit v1.2.3 From 22beb7714d2a78d4a57a4cf78cf8da7102e549e3 Mon Sep 17 00:00:00 2001 From: Luca Date: Tue, 29 Aug 2017 20:56:08 +0200 Subject: Implements #376 --- autogen.sh | 5 + configure.ac | 105 --------------- configure.seed | 116 +++++++++++++++++ src/include/ndpi_define.h | 293 ------------------------------------------ src/include/ndpi_define.h.in | 297 +++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 418 insertions(+), 398 deletions(-) delete mode 100644 configure.ac create mode 100644 configure.seed delete mode 100644 src/include/ndpi_define.h create mode 100644 src/include/ndpi_define.h.in (limited to 'src') diff --git a/autogen.sh b/autogen.sh index 492ef3bf6..0f366966a 100755 --- a/autogen.sh +++ b/autogen.sh @@ -1,5 +1,9 @@ #!/bin/sh +NDPI_MAJOR="2" +NDPI_MINOR="1" +NDPI_PATCH="0" +NDPI_VERSION_SHORT="$NDPI_MAJOR.$NDPI_MINOR.$NDPI_PATCH" /bin/rm -f configure config.h config.h.in src/lib/Makefile.in @@ -29,5 +33,6 @@ if test -z $AUTORECONF; then exit fi +cat configure.seed | sed "s/@NDPI_MAJOR@/$NDPI_MAJOR/g" | sed "s/@NDPI_MINOR@/$NDPI_MINOR/g" | sed "s/@NDPI_PATCH@/$NDPI_PATCH/g" | sed "s/@NDPI_VERSION_SHORT@/$NDPI_VERSION_SHORT/g" > configure.ac autoreconf -ivf ./configure $* diff --git a/configure.ac b/configure.ac deleted file mode 100644 index eec6878f5..000000000 --- a/configure.ac +++ /dev/null @@ -1,105 +0,0 @@ -AC_INIT([libndpi], [2.1.0]) - -AC_CONFIG_MACRO_DIR([m4]) - -AM_INIT_AUTOMAKE([foreign subdir-objects]) - -LT_INIT - -AC_PROG_CC -AM_PROG_CC_C_O -AX_PTHREAD - -if test -d ".git"; then : - GIT_TAG=`git log -1 --format=%h` - GIT_DATE=`git log -1 --format=%cd` - # - # On CentOS 6 `git rev-list HEAD --count` does not work - # - # - GIT_NUM=`git log --pretty=oneline | wc -l | tr -d '[[:space:]]'` - GIT_RELEASE="${PACKAGE_VERSION}-${GIT_NUM}-${GIT_TAG}" -else - GIT_RELEASE="${PACKAGE_VERSION}" - GIT_DATE=`date` -fi - -AC_DEFINE_UNQUOTED(NDPI_GIT_RELEASE, "${GIT_RELEASE}", [GIT Release]) -AC_DEFINE_UNQUOTED(NDPI_GIT_DATE, "${GIT_DATE}", [Last GIT change]) - -AC_CHECK_HEADERS([netinet/in.h stdint.h stdlib.h string.h unistd.h]) - -PCAP_HOME=$HOME/PF_RING/userland - -if test -d $PCAP_HOME; then : - echo -n "" -else - PCAP_HOME=`pwd`/../../PF_RING/userland -fi -SHORT_MACHINE=`uname -m | cut -b1-3` -if test $SHORT_MACHINE = "arm"; then - LIBNUMA="" -else - AC_CHECK_LIB([numa], [numa_available], [LIBNUMA="-lnuma"]) -fi - -if test -f $PCAP_HOME/libpcap/libpcap.a; then : - echo "Using libpcap from $PCAP_HOME" - PCAP_INC="-I $PCAP_HOME/libpcap" - PCAP_LIB="$PCAP_HOME/libpcap/libpcap.a $PCAP_HOME/lib/libpfring.a $LIBNUMA `$PCAP_HOME/lib/pfring_config --libs`" - - AC_CHECK_LIB([rt], [clock_gettime], [PCAP_LIB="$PCAP_LIB -lrt"]) - AC_CHECK_LIB([nl], [nl_handle_alloc], [PCAP_LIB="$PCAP_LIB -lnl"]) - # The dlopen() function is in libdl on GLIBC-based systems - # and in the C library for *BSD systems - AC_CHECK_LIB([dl], [dlopen, dlsym], [DL_LIB="-ldl"], - [AC_CHECK_LIB([c], [dlopen, dlsym], [DL_LIB="-lc"], - [AC_MSG_ERROR([unable to find the dlopen(), dlsym() functions]) ]) ]) -else - AC_CHECK_LIB([pcap], [pcap_open_live], [PCAP_LIB="-lpcap"]) - - if test $ac_cv_lib_pcap_pcap_open_live = "no"; then : - echo "" - echo "ERROR: Missing libpcap(-dev) library required to compile the example application" - echo "ERROR: Please install it and try again" - exit - fi -fi - -dnl> https://github.com/json-c/json-c -AC_ARG_ENABLE([json-c], - AS_HELP_STRING([--disable-json-c], [Disable json-c support])) - -AS_IF([test "x$enable_json_c" != "xno"], [ - PKG_CONFIG_PATH=/usr/local/share/pkgconfig:$PKG_CONFIG_PATH - pkg-config --exists json-c - AS_IF([test "$?" == "0"], - [ - CFLAGS="$CFLAGS $(pkg-config --cflags json-c)" - LDFLAGS="$LDFLAGS $(pkg-config --libs json-c)" - AC_CHECK_LIB(json-c, json_object_new_object, AC_DEFINE_UNQUOTED(HAVE_JSON_C, 1, [The JSON-C library is present])) - ], - [ - JSONC_HOME="$HOME/json-c" - if test -d "$JSONC_HOME"; then : - CFLAGS="$CFLAGS -I $JSONC_HOME" - LDFLAGS="$LDFLAGS $JSONC_HOME/.libs/libjson-c.a" - AC_MSG_RESULT([Found json-c in $JSONC_HOME]) - AC_DEFINE_UNQUOTED(HAVE_JSON_C, 1, [The JSON-C library is present]) - fi - ]) - ]) - -AC_CHECK_LIB(pthread, pthread_setaffinity_np, AC_DEFINE_UNQUOTED(HAVE_PTHREAD_SETAFFINITY_NP, 1, [libc has pthread_setaffinity_np])) - -AC_CONFIG_FILES([Makefile src/lib/Makefile example/Makefile tests/Makefile libndpi.pc]) -AC_CONFIG_HEADERS(config.h) -AC_SUBST(GIT_RELEASE) -AC_SUBST(SVN_DATE) -AC_SUBST(JSON_C_LIB) -AC_SUBST(PCAP_INC) -AC_SUBST(PCAP_LIB) -AC_SUBST(DL_LIB) -AC_SUBST(HAVE_PTHREAD_SETAFFINITY_NP) - -AC_OUTPUT diff --git a/configure.seed b/configure.seed new file mode 100644 index 000000000..2b2392a16 --- /dev/null +++ b/configure.seed @@ -0,0 +1,116 @@ +AC_INIT([libndpi], [@NDPI_VERSION_SHORT@]) + +AC_CONFIG_MACRO_DIR([m4]) + +AM_INIT_AUTOMAKE([foreign subdir-objects]) + +LT_INIT + +AC_PROG_CC +AM_PROG_CC_C_O +AX_PTHREAD + +NDPI_MAJOR="@NDPI_MAJOR@" +NDPI_MINOR="@NDPI_MINOR@" +NDPI_PATCH="@NDPI_PATCH@" + +AC_DEFINE_UNQUOTED(NDPI_MAJOR_RELEASE, "${NDPI_MAJOR}", [nDPI major release]) +AC_DEFINE_UNQUOTED(NDPI_MINOR_RELEASE, "${NDPI_MINOR}", [nDPI minor release]) +AC_DEFINE_UNQUOTED(NDPI_PATCH_LEVEL, "${NDPI_PATCH}", [nDPI patch level]) + +if test -d ".git"; then : + GIT_TAG=`git log -1 --format=%h` + GIT_DATE=`git log -1 --format=%cd` + # + # On CentOS 6 `git rev-list HEAD --count` does not work + # + # + GIT_NUM=`git log --pretty=oneline | wc -l | tr -d '[[:space:]]'` + GIT_RELEASE="${PACKAGE_VERSION}-${GIT_NUM}-${GIT_TAG}" +else + GIT_RELEASE="${PACKAGE_VERSION}" + GIT_DATE=`date` +fi + +AC_DEFINE_UNQUOTED(NDPI_GIT_RELEASE, "${GIT_RELEASE}", [GIT Release]) +AC_DEFINE_UNQUOTED(NDPI_GIT_DATE, "${GIT_DATE}", [Last GIT change]) + +AC_CHECK_HEADERS([netinet/in.h stdint.h stdlib.h string.h unistd.h]) + +PCAP_HOME=$HOME/PF_RING/userland + +if test -d $PCAP_HOME; then : + echo -n "" +else + PCAP_HOME=`pwd`/../../PF_RING/userland +fi +SHORT_MACHINE=`uname -m | cut -b1-3` +if test $SHORT_MACHINE = "arm"; then + LIBNUMA="" +else + AC_CHECK_LIB([numa], [numa_available], [LIBNUMA="-lnuma"]) +fi + +if test -f $PCAP_HOME/libpcap/libpcap.a; then : + echo "Using libpcap from $PCAP_HOME" + PCAP_INC="-I $PCAP_HOME/libpcap" + PCAP_LIB="$PCAP_HOME/libpcap/libpcap.a $PCAP_HOME/lib/libpfring.a $LIBNUMA `$PCAP_HOME/lib/pfring_config --libs`" + + AC_CHECK_LIB([rt], [clock_gettime], [PCAP_LIB="$PCAP_LIB -lrt"]) + AC_CHECK_LIB([nl], [nl_handle_alloc], [PCAP_LIB="$PCAP_LIB -lnl"]) + # The dlopen() function is in libdl on GLIBC-based systems + # and in the C library for *BSD systems + AC_CHECK_LIB([dl], [dlopen, dlsym], [DL_LIB="-ldl"], + [AC_CHECK_LIB([c], [dlopen, dlsym], [DL_LIB="-lc"], + [AC_MSG_ERROR([unable to find the dlopen(), dlsym() functions]) ]) ]) +else + AC_CHECK_LIB([pcap], [pcap_open_live], [PCAP_LIB="-lpcap"]) + + if test $ac_cv_lib_pcap_pcap_open_live = "no"; then : + echo "" + echo "ERROR: Missing libpcap(-dev) library required to compile the example application" + echo "ERROR: Please install it and try again" + exit + fi +fi + +dnl> https://github.com/json-c/json-c +AC_ARG_ENABLE([json-c], + AS_HELP_STRING([--disable-json-c], [Disable json-c support])) + +AS_IF([test "x$enable_json_c" != "xno"], [ + PKG_CONFIG_PATH=/usr/local/share/pkgconfig:$PKG_CONFIG_PATH + pkg-config --exists json-c + AS_IF([test "$?" == "0"], + [ + CFLAGS="$CFLAGS $(pkg-config --cflags json-c)" + LDFLAGS="$LDFLAGS $(pkg-config --libs json-c)" + AC_CHECK_LIB(json-c, json_object_new_object, AC_DEFINE_UNQUOTED(HAVE_JSON_C, 1, [The JSON-C library is present])) + ], + [ + JSONC_HOME="$HOME/json-c" + if test -d "$JSONC_HOME"; then : + CFLAGS="$CFLAGS -I $JSONC_HOME" + LDFLAGS="$LDFLAGS $JSONC_HOME/.libs/libjson-c.a" + AC_MSG_RESULT([Found json-c in $JSONC_HOME]) + AC_DEFINE_UNQUOTED(HAVE_JSON_C, 1, [The JSON-C library is present]) + fi + ]) + ]) + +AC_CHECK_LIB(pthread, pthread_setaffinity_np, AC_DEFINE_UNQUOTED(HAVE_PTHREAD_SETAFFINITY_NP, 1, [libc has pthread_setaffinity_np])) + +AC_CONFIG_FILES([Makefile src/lib/Makefile example/Makefile tests/Makefile libndpi.pc src/include/ndpi_define.h]) +AC_CONFIG_HEADERS(config.h) +AC_SUBST(GIT_RELEASE) +AC_SUBST(NDPI_MAJOR) +AC_SUBST(NDPI_MINOR) +AC_SUBST(NDPI_PATCH) +AC_SUBST(SVN_DATE) +AC_SUBST(JSON_C_LIB) +AC_SUBST(PCAP_INC) +AC_SUBST(PCAP_LIB) +AC_SUBST(DL_LIB) +AC_SUBST(HAVE_PTHREAD_SETAFFINITY_NP) + +AC_OUTPUT diff --git a/src/include/ndpi_define.h b/src/include/ndpi_define.h deleted file mode 100644 index 4878ff748..000000000 --- a/src/include/ndpi_define.h +++ /dev/null @@ -1,293 +0,0 @@ -/* - * - * Copyright (C) 2011-17 - ntop.org - * - * This file is part of nDPI, an open source deep packet inspection - * library based on the OpenDPI and PACE technology by ipoque GmbH - * - * nDPI is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * nDPI is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with nDPI. If not, see . - * - */ - -#ifndef __NDPI_DEFINE_INCLUDE_FILE__ -#define __NDPI_DEFINE_INCLUDE_FILE__ - -/* - gcc -E -dM - < /dev/null |grep ENDIAN -*/ - -#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) -#include -#endif - -#ifdef __OpenBSD__ -#include -#define __BYTE_ORDER BYTE_ORDER -#if BYTE_ORDER == LITTLE_ENDIAN -#define __LITTLE_ENDIAN__ -#else -#define __BIG_ENDIAN__ -#endif/* BYTE_ORDER */ -#endif/* __OPENBSD__ */ - - -#if __BYTE_ORDER == __LITTLE_ENDIAN -#ifndef __LITTLE_ENDIAN__ -#define __LITTLE_ENDIAN__ -#endif -#else -#ifndef __BIG_ENDIAN__ -#define __BIG_ENDIAN__ -#endif -#endif - -#ifdef WIN32 -#ifndef __LITTLE_ENDIAN__ -#define __LITTLE_ENDIAN__ 1 -#endif -#endif - -#if !(defined(__LITTLE_ENDIAN__) || defined(__BIG_ENDIAN__)) -#if defined(__mips__) -#undef __LITTLE_ENDIAN__ -#undef __LITTLE_ENDIAN -#define __BIG_ENDIAN__ -#endif - -/* Everything else */ -#if (defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__)) -#if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ -#define __LITTLE_ENDIAN__ -#else -#define __BIG_ENDIAN__ -#endif -#endif - -#endif - -#define NDPI_USE_ASYMMETRIC_DETECTION 0 -#define NDPI_SELECTION_BITMASK_PROTOCOL_SIZE u_int32_t - -#define NDPI_SELECTION_BITMASK_PROTOCOL_IP (1<<0) -#define NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP (1<<1) -#define NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP (1<<2) -#define NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP (1<<3) -#define NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD (1<<4) -#define NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION (1<<5) -#define NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 (1<<6) -#define NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 (1<<7) -#define NDPI_SELECTION_BITMASK_PROTOCOL_COMPLETE_TRAFFIC (1<<8) -/* now combined detections */ - -/* v4 */ -#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP (NDPI_SELECTION_BITMASK_PROTOCOL_IP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP) -#define NDPI_SELECTION_BITMASK_PROTOCOL_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP) -#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP) - -/* v6 */ -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP) - -/* v4 or v6 */ -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP) - - -#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) - -/* does it make sense to talk about udp with payload ??? have you ever seen empty udp packets ? */ -#define NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V6_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) - -#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) - -#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) - -#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) - -#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) - -#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) - -/* safe src/dst protocol check macros... */ - -#define NDPI_SRC_HAS_PROTOCOL(src,protocol) ((src) != NULL && NDPI_COMPARE_PROTOCOL_TO_BITMASK((src)->detected_protocol_bitmask,(protocol)) != 0) - -#define NDPI_DST_HAS_PROTOCOL(dst,protocol) ((dst) != NULL && NDPI_COMPARE_PROTOCOL_TO_BITMASK((dst)->detected_protocol_bitmask,(protocol)) != 0) - -#define NDPI_SRC_OR_DST_HAS_PROTOCOL(src,dst,protocol) (NDPI_SRC_HAS_PROTOCOL(src,protocol) || NDPI_SRC_HAS_PROTOCOL(dst,protocol)) - -/** - * convenience macro to check for excluded protocol - * a protocol is excluded if the flow is known and either the protocol is not detected at all - * or the excluded bitmask contains the protocol - */ -#define NDPI_FLOW_PROTOCOL_EXCLUDED(ndpi_struct,flow,protocol) ((flow) != NULL && \ - ( NDPI_COMPARE_PROTOCOL_TO_BITMASK((ndpi_struct)->detection_bitmask, (protocol)) == 0 || \ - NDPI_COMPARE_PROTOCOL_TO_BITMASK((flow)->excluded_protocol_bitmask, (protocol)) != 0 ) ) - -/* misc definitions */ -#define NDPI_DEFAULT_MAX_TCP_RETRANSMISSION_WINDOW_SIZE 0x10000 - - -/* TODO: rebuild all memory areas to have a more aligned memory block here */ - -/* DEFINITION OF MAX LINE NUMBERS FOR line parse algorithm */ -#define NDPI_MAX_PARSE_LINES_PER_PACKET 64 - -#define MAX_PACKET_COUNTER 65000 -#define MAX_DEFAULT_PORTS 5 - -#define NDPI_DIRECTCONNECT_CONNECTION_IP_TICK_TIMEOUT 600 -#define NDPI_IRC_CONNECTION_TIMEOUT 120 -#define NDPI_GNUTELLA_CONNECTION_TIMEOUT 60 -#define NDPI_BATTLEFIELD_CONNECTION_TIMEOUT 60 -#define NDPI_THUNDER_CONNECTION_TIMEOUT 30 -#define NDPI_RTSP_CONNECTION_TIMEOUT 5 -#define NDPI_TVANTS_CONNECTION_TIMEOUT 5 -#define NDPI_YAHOO_DETECT_HTTP_CONNECTIONS 1 -#define NDPI_YAHOO_LAN_VIDEO_TIMEOUT 30 -#define NDPI_ZATTOO_CONNECTION_TIMEOUT 120 -#define NDPI_ZATTOO_FLASH_TIMEOUT 5 -#define NDPI_JABBER_STUN_TIMEOUT 30 -#define NDPI_JABBER_FT_TIMEOUT 5 -#define NDPI_SOULSEEK_CONNECTION_IP_TICK_TIMEOUT 600 - -#ifdef NDPI_ENABLE_DEBUG_MESSAGES -#define NDPI_LOG(proto, m, log_level, args...) \ - { \ - struct ndpi_detection_module_struct *mod = (struct ndpi_detection_module_struct*) m; \ - if(mod != NULL) { \ - mod->ndpi_debug_print_file=__FILE__; \ - mod->ndpi_debug_print_function=__FUNCTION__; \ - mod->ndpi_debug_print_line=__LINE__; \ - (*(mod->ndpi_debug_printf))(proto, mod, log_level, args); \ - } \ - } -#else /* NDPI_ENABLE_DEBUG_MESSAGES */ -#ifdef WIN32 -#define NDPI_LOG(...) {} -#else -#define NDPI_LOG(proto, mod, log_level, args...) {} -#endif -#endif /* NDPI_ENABLE_DEBUG_MESSAGES */ - -/** - * macro for getting the string len of a static string - * - * use it instead of strlen to avoid runtime calculations - */ -#define NDPI_STATICSTRING_LEN( s ) ( sizeof( s ) - 1 ) - -/** macro to compare 2 IPv6 addresses with each other to identify the "smaller" IPv6 address */ -#define NDPI_COMPARE_IPV6_ADDRESS_STRUCTS(x,y) \ - ((((u_int64_t *)(x))[0]) < (((u_int64_t *)(y))[0]) || ( (((u_int64_t *)(x))[0]) == (((u_int64_t *)(y))[0]) && (((u_int64_t *)(x))[1]) < (((u_int64_t *)(y))[1])) ) - -#define NDPI_NUM_BITS 256 - -#define NDPI_BITS /* 32 */ (sizeof(ndpi_ndpi_mask) * 8 /* number of bits in a byte */) /* bits per mask */ -#define howmanybits(x, y) (((x)+((y)-1))/(y)) - - -#define NDPI_SET(p, n) ((p)->fds_bits[(n)/NDPI_BITS] |= (1 << (((u_int32_t)n) % NDPI_BITS))) -#define NDPI_CLR(p, n) ((p)->fds_bits[(n)/NDPI_BITS] &= ~(1 << (((u_int32_t)n) % NDPI_BITS))) -#define NDPI_ISSET(p, n) ((p)->fds_bits[(n)/NDPI_BITS] & (1 << (((u_int32_t)n) % NDPI_BITS))) -#define NDPI_ZERO(p) memset((char *)(p), 0, sizeof(*(p))) -#define NDPI_ONE(p) memset((char *)(p), 0xFF, sizeof(*(p))) - -#define NDPI_NUM_FDS_BITS howmanybits(NDPI_NUM_BITS, NDPI_BITS) - -#define NDPI_PROTOCOL_BITMASK ndpi_protocol_bitmask_struct_t - -#define NDPI_BITMASK_ADD(a,b) NDPI_SET(&a,b) -#define NDPI_BITMASK_DEL(a,b) NDPI_CLR(&a,b) -#define NDPI_BITMASK_RESET(a) NDPI_ZERO(&a) -#define NDPI_BITMASK_SET_ALL(a) NDPI_ONE(&a) -#define NDPI_BITMASK_SET(a, b) { memcpy(&a, &b, sizeof(NDPI_PROTOCOL_BITMASK)); } - -/* this is a very very tricky macro *g*, - * the compiler will remove all shifts here if the protocol is static... - */ -#define NDPI_ADD_PROTOCOL_TO_BITMASK(bmask,value) NDPI_SET(&bmask,value) -#define NDPI_DEL_PROTOCOL_FROM_BITMASK(bmask,value) NDPI_CLR(&bmask,value) -#define NDPI_COMPARE_PROTOCOL_TO_BITMASK(bmask,value) NDPI_ISSET(&bmask,value) - -#define NDPI_SAVE_AS_BITMASK(bmask,value) { NDPI_ZERO(&bmask) ; NDPI_ADD_PROTOCOL_TO_BITMASK(bmask, value); } - - -#define ndpi_min(a,b) ((a < b) ? a : b) -#define ndpi_max(a,b) ((a > b) ? a : b) - -#define NDPI_PARSE_PACKET_LINE_INFO(ndpi_struct,flow,packet) \ - if (packet->packet_lines_parsed_complete != 1) { \ - ndpi_parse_packet_line_info(ndpi_struct,flow); \ - } \ - -#define NDPI_IPSEC_PROTOCOL_ESP 50 -#define NDPI_IPSEC_PROTOCOL_AH 51 -#define NDPI_GRE_PROTOCOL_TYPE 0x2F -#define NDPI_ICMP_PROTOCOL_TYPE 0x01 -#define NDPI_IGMP_PROTOCOL_TYPE 0x02 -#define NDPI_EGP_PROTOCOL_TYPE 0x08 -#define NDPI_OSPF_PROTOCOL_TYPE 0x59 -#define NDPI_SCTP_PROTOCOL_TYPE 132 -#define NDPI_IPIP_PROTOCOL_TYPE 0x04 -#define NDPI_ICMPV6_PROTOCOL_TYPE 0x3a - -/* the get_uXX will return raw network packet bytes !! */ -#define get_u_int8_t(X,O) (*(u_int8_t *)(((u_int8_t *)X) + O)) -#define get_u_int16_t(X,O) (*(u_int16_t *)(((u_int8_t *)X) + O)) -#define get_u_int32_t(X,O) (*(u_int32_t *)(((u_int8_t *)X) + O)) -#define get_u_int64_t(X,O) (*(u_int64_t *)(((u_int8_t *)X) + O)) - -/* new definitions to get little endian from network bytes */ -#define get_ul8(X,O) get_u_int8_t(X,O) - - -#if defined(__LITTLE_ENDIAN__) || defined(_LITTLE_ENDIAN) -#define get_l16(X,O) get_u_int16_t(X,O) -#define get_l32(X,O) get_u_int32_t(X,O) -#elif defined(__BIG_ENDIAN__) || defined(__BIG_ENDIAN) -/* convert the bytes from big to little endian */ -# define get_l16(X,O) bswap_16(get_u_int16_t(X,O)) -# define get_l32(X,O) bswap_32(get_u_int32_t(X,O)) -#else -#error "__BYTE_ORDER MUST BE DEFINED !" -#endif /* __BYTE_ORDER */ - -/* define memory callback function */ -#define match_first_bytes(payload,st) (memcmp((payload),(st),(sizeof(st)-1))==0) - -#if defined(WIN32) && !defined(snprintf) -#define snprintf _snprintf -#endif - -#define NDPI_MAX_DNS_REQUESTS 16 - -#endif /* __NDPI_DEFINE_INCLUDE_FILE__ */ diff --git a/src/include/ndpi_define.h.in b/src/include/ndpi_define.h.in new file mode 100644 index 000000000..5a8a1527b --- /dev/null +++ b/src/include/ndpi_define.h.in @@ -0,0 +1,297 @@ +/* + * + * Copyright (C) 2011-17 - ntop.org + * + * This file is part of nDPI, an open source deep packet inspection + * library based on the OpenDPI and PACE technology by ipoque GmbH + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ + +#ifndef __NDPI_DEFINE_INCLUDE_FILE__ +#define __NDPI_DEFINE_INCLUDE_FILE__ + +/* + gcc -E -dM - < /dev/null |grep ENDIAN +*/ + +#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) +#include +#endif + +#ifdef __OpenBSD__ +#include +#define __BYTE_ORDER BYTE_ORDER +#if BYTE_ORDER == LITTLE_ENDIAN +#define __LITTLE_ENDIAN__ +#else +#define __BIG_ENDIAN__ +#endif/* BYTE_ORDER */ +#endif/* __OPENBSD__ */ + + +#if __BYTE_ORDER == __LITTLE_ENDIAN +#ifndef __LITTLE_ENDIAN__ +#define __LITTLE_ENDIAN__ +#endif +#else +#ifndef __BIG_ENDIAN__ +#define __BIG_ENDIAN__ +#endif +#endif + +#ifdef WIN32 +#ifndef __LITTLE_ENDIAN__ +#define __LITTLE_ENDIAN__ 1 +#endif +#endif + +#if !(defined(__LITTLE_ENDIAN__) || defined(__BIG_ENDIAN__)) +#if defined(__mips__) +#undef __LITTLE_ENDIAN__ +#undef __LITTLE_ENDIAN +#define __BIG_ENDIAN__ +#endif + +/* Everything else */ +#if (defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__)) +#if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ +#define __LITTLE_ENDIAN__ +#else +#define __BIG_ENDIAN__ +#endif +#endif + +#endif + +#define NDPI_USE_ASYMMETRIC_DETECTION 0 +#define NDPI_SELECTION_BITMASK_PROTOCOL_SIZE u_int32_t + +#define NDPI_SELECTION_BITMASK_PROTOCOL_IP (1<<0) +#define NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP (1<<1) +#define NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP (1<<2) +#define NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP (1<<3) +#define NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD (1<<4) +#define NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION (1<<5) +#define NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 (1<<6) +#define NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 (1<<7) +#define NDPI_SELECTION_BITMASK_PROTOCOL_COMPLETE_TRAFFIC (1<<8) +/* now combined detections */ + +/* v4 */ +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP (NDPI_SELECTION_BITMASK_PROTOCOL_IP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP) +#define NDPI_SELECTION_BITMASK_PROTOCOL_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP) +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP) + +/* v6 */ +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP) + +/* v4 or v6 */ +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP) + + +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) + +/* does it make sense to talk about udp with payload ??? have you ever seen empty udp packets ? */ +#define NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V6_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) + +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) + +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) + +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) + +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) + +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) + +/* safe src/dst protocol check macros... */ + +#define NDPI_SRC_HAS_PROTOCOL(src,protocol) ((src) != NULL && NDPI_COMPARE_PROTOCOL_TO_BITMASK((src)->detected_protocol_bitmask,(protocol)) != 0) + +#define NDPI_DST_HAS_PROTOCOL(dst,protocol) ((dst) != NULL && NDPI_COMPARE_PROTOCOL_TO_BITMASK((dst)->detected_protocol_bitmask,(protocol)) != 0) + +#define NDPI_SRC_OR_DST_HAS_PROTOCOL(src,dst,protocol) (NDPI_SRC_HAS_PROTOCOL(src,protocol) || NDPI_SRC_HAS_PROTOCOL(dst,protocol)) + +/** + * convenience macro to check for excluded protocol + * a protocol is excluded if the flow is known and either the protocol is not detected at all + * or the excluded bitmask contains the protocol + */ +#define NDPI_FLOW_PROTOCOL_EXCLUDED(ndpi_struct,flow,protocol) ((flow) != NULL && \ + ( NDPI_COMPARE_PROTOCOL_TO_BITMASK((ndpi_struct)->detection_bitmask, (protocol)) == 0 || \ + NDPI_COMPARE_PROTOCOL_TO_BITMASK((flow)->excluded_protocol_bitmask, (protocol)) != 0 ) ) + +/* misc definitions */ +#define NDPI_DEFAULT_MAX_TCP_RETRANSMISSION_WINDOW_SIZE 0x10000 + + +/* TODO: rebuild all memory areas to have a more aligned memory block here */ + +/* DEFINITION OF MAX LINE NUMBERS FOR line parse algorithm */ +#define NDPI_MAX_PARSE_LINES_PER_PACKET 64 + +#define MAX_PACKET_COUNTER 65000 +#define MAX_DEFAULT_PORTS 5 + +#define NDPI_DIRECTCONNECT_CONNECTION_IP_TICK_TIMEOUT 600 +#define NDPI_IRC_CONNECTION_TIMEOUT 120 +#define NDPI_GNUTELLA_CONNECTION_TIMEOUT 60 +#define NDPI_BATTLEFIELD_CONNECTION_TIMEOUT 60 +#define NDPI_THUNDER_CONNECTION_TIMEOUT 30 +#define NDPI_RTSP_CONNECTION_TIMEOUT 5 +#define NDPI_TVANTS_CONNECTION_TIMEOUT 5 +#define NDPI_YAHOO_DETECT_HTTP_CONNECTIONS 1 +#define NDPI_YAHOO_LAN_VIDEO_TIMEOUT 30 +#define NDPI_ZATTOO_CONNECTION_TIMEOUT 120 +#define NDPI_ZATTOO_FLASH_TIMEOUT 5 +#define NDPI_JABBER_STUN_TIMEOUT 30 +#define NDPI_JABBER_FT_TIMEOUT 5 +#define NDPI_SOULSEEK_CONNECTION_IP_TICK_TIMEOUT 600 + +#ifdef NDPI_ENABLE_DEBUG_MESSAGES +#define NDPI_LOG(proto, m, log_level, args...) \ + { \ + struct ndpi_detection_module_struct *mod = (struct ndpi_detection_module_struct*) m; \ + if(mod != NULL) { \ + mod->ndpi_debug_print_file=__FILE__; \ + mod->ndpi_debug_print_function=__FUNCTION__; \ + mod->ndpi_debug_print_line=__LINE__; \ + (*(mod->ndpi_debug_printf))(proto, mod, log_level, args); \ + } \ + } +#else /* NDPI_ENABLE_DEBUG_MESSAGES */ +#ifdef WIN32 +#define NDPI_LOG(...) {} +#else +#define NDPI_LOG(proto, mod, log_level, args...) {} +#endif +#endif /* NDPI_ENABLE_DEBUG_MESSAGES */ + +/** + * macro for getting the string len of a static string + * + * use it instead of strlen to avoid runtime calculations + */ +#define NDPI_STATICSTRING_LEN( s ) ( sizeof( s ) - 1 ) + +/** macro to compare 2 IPv6 addresses with each other to identify the "smaller" IPv6 address */ +#define NDPI_COMPARE_IPV6_ADDRESS_STRUCTS(x,y) \ + ((((u_int64_t *)(x))[0]) < (((u_int64_t *)(y))[0]) || ( (((u_int64_t *)(x))[0]) == (((u_int64_t *)(y))[0]) && (((u_int64_t *)(x))[1]) < (((u_int64_t *)(y))[1])) ) + +#define NDPI_NUM_BITS 256 + +#define NDPI_BITS /* 32 */ (sizeof(ndpi_ndpi_mask) * 8 /* number of bits in a byte */) /* bits per mask */ +#define howmanybits(x, y) (((x)+((y)-1))/(y)) + + +#define NDPI_SET(p, n) ((p)->fds_bits[(n)/NDPI_BITS] |= (1 << (((u_int32_t)n) % NDPI_BITS))) +#define NDPI_CLR(p, n) ((p)->fds_bits[(n)/NDPI_BITS] &= ~(1 << (((u_int32_t)n) % NDPI_BITS))) +#define NDPI_ISSET(p, n) ((p)->fds_bits[(n)/NDPI_BITS] & (1 << (((u_int32_t)n) % NDPI_BITS))) +#define NDPI_ZERO(p) memset((char *)(p), 0, sizeof(*(p))) +#define NDPI_ONE(p) memset((char *)(p), 0xFF, sizeof(*(p))) + +#define NDPI_NUM_FDS_BITS howmanybits(NDPI_NUM_BITS, NDPI_BITS) + +#define NDPI_PROTOCOL_BITMASK ndpi_protocol_bitmask_struct_t + +#define NDPI_BITMASK_ADD(a,b) NDPI_SET(&a,b) +#define NDPI_BITMASK_DEL(a,b) NDPI_CLR(&a,b) +#define NDPI_BITMASK_RESET(a) NDPI_ZERO(&a) +#define NDPI_BITMASK_SET_ALL(a) NDPI_ONE(&a) +#define NDPI_BITMASK_SET(a, b) { memcpy(&a, &b, sizeof(NDPI_PROTOCOL_BITMASK)); } + +/* this is a very very tricky macro *g*, + * the compiler will remove all shifts here if the protocol is static... + */ +#define NDPI_ADD_PROTOCOL_TO_BITMASK(bmask,value) NDPI_SET(&bmask,value) +#define NDPI_DEL_PROTOCOL_FROM_BITMASK(bmask,value) NDPI_CLR(&bmask,value) +#define NDPI_COMPARE_PROTOCOL_TO_BITMASK(bmask,value) NDPI_ISSET(&bmask,value) + +#define NDPI_SAVE_AS_BITMASK(bmask,value) { NDPI_ZERO(&bmask) ; NDPI_ADD_PROTOCOL_TO_BITMASK(bmask, value); } + + +#define ndpi_min(a,b) ((a < b) ? a : b) +#define ndpi_max(a,b) ((a > b) ? a : b) + +#define NDPI_PARSE_PACKET_LINE_INFO(ndpi_struct,flow,packet) \ + if (packet->packet_lines_parsed_complete != 1) { \ + ndpi_parse_packet_line_info(ndpi_struct,flow); \ + } \ + +#define NDPI_IPSEC_PROTOCOL_ESP 50 +#define NDPI_IPSEC_PROTOCOL_AH 51 +#define NDPI_GRE_PROTOCOL_TYPE 0x2F +#define NDPI_ICMP_PROTOCOL_TYPE 0x01 +#define NDPI_IGMP_PROTOCOL_TYPE 0x02 +#define NDPI_EGP_PROTOCOL_TYPE 0x08 +#define NDPI_OSPF_PROTOCOL_TYPE 0x59 +#define NDPI_SCTP_PROTOCOL_TYPE 132 +#define NDPI_IPIP_PROTOCOL_TYPE 0x04 +#define NDPI_ICMPV6_PROTOCOL_TYPE 0x3a + +/* the get_uXX will return raw network packet bytes !! */ +#define get_u_int8_t(X,O) (*(u_int8_t *)(((u_int8_t *)X) + O)) +#define get_u_int16_t(X,O) (*(u_int16_t *)(((u_int8_t *)X) + O)) +#define get_u_int32_t(X,O) (*(u_int32_t *)(((u_int8_t *)X) + O)) +#define get_u_int64_t(X,O) (*(u_int64_t *)(((u_int8_t *)X) + O)) + +/* new definitions to get little endian from network bytes */ +#define get_ul8(X,O) get_u_int8_t(X,O) + + +#if defined(__LITTLE_ENDIAN__) || defined(_LITTLE_ENDIAN) +#define get_l16(X,O) get_u_int16_t(X,O) +#define get_l32(X,O) get_u_int32_t(X,O) +#elif defined(__BIG_ENDIAN__) || defined(__BIG_ENDIAN) +/* convert the bytes from big to little endian */ +# define get_l16(X,O) bswap_16(get_u_int16_t(X,O)) +# define get_l32(X,O) bswap_32(get_u_int32_t(X,O)) +#else +#error "__BYTE_ORDER MUST BE DEFINED !" +#endif /* __BYTE_ORDER */ + +/* define memory callback function */ +#define match_first_bytes(payload,st) (memcmp((payload),(st),(sizeof(st)-1))==0) + +#if defined(WIN32) && !defined(snprintf) +#define snprintf _snprintf +#endif + +#define NDPI_MAX_DNS_REQUESTS 16 + +#define NDPI_MAJOR @NDPI_MAJOR@ +#define NDPI_MINOR @NDPI_MINOR@ +#define NDPI_PATCH @NDPI_PATCH@ + +#endif /* __NDPI_DEFINE_INCLUDE_FILE__ */ -- cgit v1.2.3 From b2bc6039da3b75a1537013c978d5779fd9109a5e Mon Sep 17 00:00:00 2001 From: Luca Date: Tue, 29 Aug 2017 21:32:52 +0200 Subject: Partial fix for #410: added case insensitive HTTP header checks. If the user will provide a pcap for reproducing further potential issues reported we will consider them --- src/include/ndpi_api.h | 12 +++++++ src/lib/ndpi_main.c | 87 ++++++++++++++++++++++++++++++++------------------ 2 files changed, 68 insertions(+), 31 deletions(-) (limited to 'src') diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 03a73d66b..76285cb70 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -98,6 +98,18 @@ extern "C" { */ char* ndpi_strnstr(const char *s, const char *find, size_t slen); + /** + * Same as ndpi_strnstr but case insensitive + * + * @par s = string to parse + * @par find = string to match with -s- + * @par slen = max length to match between -s- and -find- + * @return a pointer to the beginning of the located substring; + * NULL if the substring is not found + * + */ + char* ndpi_strncasestr(const char *s, const char *find, size_t slen); + /** * Returns the nDPI protocol id for IP-based protocol detection diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 6ff836402..19d77f62e 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -3809,7 +3809,7 @@ void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struc /* First line of a HTTP response parsing. Expected a "HTTP/1.? ???" */ if(packet->parsed_lines == 0 && packet->line[0].len >= NDPI_STATICSTRING_LEN("HTTP/1.X 200 ") && - memcmp(packet->line[0].ptr, "HTTP/1.", NDPI_STATICSTRING_LEN("HTTP/1.")) == 0 && + strncasecmp((const char *)packet->line[0].ptr, "HTTP/1.", NDPI_STATICSTRING_LEN("HTTP/1.")) == 0 && packet->line[0].ptr[NDPI_STATICSTRING_LEN("HTTP/1.X ")] > '0' && /* response code between 000 and 699 */ packet->line[0].ptr[NDPI_STATICSTRING_LEN("HTTP/1.X ")] < '6') { @@ -3828,7 +3828,7 @@ void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struc } /* "Server:" header line in HTTP response */ if(packet->line[packet->parsed_lines].len > NDPI_STATICSTRING_LEN("Server:") + 1 - && memcmp(packet->line[packet->parsed_lines].ptr, "Server:", NDPI_STATICSTRING_LEN("Server:")) == 0) { + && strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Server:", NDPI_STATICSTRING_LEN("Server:")) == 0) { // some stupid clients omit a space and place the servername directly after the colon if(packet->line[packet->parsed_lines].ptr[NDPI_STATICSTRING_LEN("Server:")] == ' ') { packet->server_line.ptr = @@ -3843,7 +3843,8 @@ void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struc } /* "Host:" header line in HTTP request */ if(packet->line[packet->parsed_lines].len > 6 - && memcmp(packet->line[packet->parsed_lines].ptr, "Host:", 5) == 0) { + && strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, + "Host:", 5) == 0) { // some stupid clients omit a space and place the hostname directly after the colon if(packet->line[packet->parsed_lines].ptr[5] == ' ') { packet->host_line.ptr = &packet->line[packet->parsed_lines].ptr[6]; @@ -3856,7 +3857,7 @@ void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struc } /* "X-Forwarded-For:" header line in HTTP request. Commonly used for HTTP proxies. */ if(packet->line[packet->parsed_lines].len > 17 - && memcmp(packet->line[packet->parsed_lines].ptr, "X-Forwarded-For:", 16) == 0) { + && strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "X-Forwarded-For:", 16) == 0) { // some stupid clients omit a space and place the hostname directly after the colon if(packet->line[packet->parsed_lines].ptr[16] == ' ') { packet->forwarded_line.ptr = &packet->line[packet->parsed_lines].ptr[17]; @@ -3869,80 +3870,80 @@ void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struc } /* "Content-Type:" header line in HTTP. */ if(packet->line[packet->parsed_lines].len > 14 - && (memcmp(packet->line[packet->parsed_lines].ptr, "Content-Type: ", 14) == 0 - || memcmp(packet->line[packet->parsed_lines].ptr, "Content-type: ", 14) == 0)) { + && (strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Content-Type: ", 14) == 0 + || strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Content-type: ", 14) == 0)) { packet->content_line.ptr = &packet->line[packet->parsed_lines].ptr[14]; packet->content_line.len = packet->line[packet->parsed_lines].len - 14; packet->http_num_headers++; } /* "Content-Type:" header line in HTTP AGAIN. Probably a bogus response without space after ":" */ if(packet->line[packet->parsed_lines].len > 13 - && memcmp(packet->line[packet->parsed_lines].ptr, "Content-type:", 13) == 0) { + && strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Content-type:", 13) == 0) { packet->content_line.ptr = &packet->line[packet->parsed_lines].ptr[13]; packet->content_line.len = packet->line[packet->parsed_lines].len - 13; packet->http_num_headers++; } /* "Accept:" header line in HTTP request. */ if(packet->line[packet->parsed_lines].len > 8 - && memcmp(packet->line[packet->parsed_lines].ptr, "Accept: ", 8) == 0) { + && strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Accept: ", 8) == 0) { packet->accept_line.ptr = &packet->line[packet->parsed_lines].ptr[8]; packet->accept_line.len = packet->line[packet->parsed_lines].len - 8; packet->http_num_headers++; } /* "Referer:" header line in HTTP request. */ if(packet->line[packet->parsed_lines].len > 9 - && memcmp(packet->line[packet->parsed_lines].ptr, "Referer: ", 9) == 0) { + && strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Referer: ", 9) == 0) { packet->referer_line.ptr = &packet->line[packet->parsed_lines].ptr[9]; packet->referer_line.len = packet->line[packet->parsed_lines].len - 9; packet->http_num_headers++; } /* "User-Agent:" header line in HTTP request. */ if(packet->line[packet->parsed_lines].len > 12 - && (memcmp(packet->line[packet->parsed_lines].ptr, "User-Agent: ", 12) == 0 - || memcmp(packet->line[packet->parsed_lines].ptr, "User-agent: ", 12) == 0)) { + && (strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "User-Agent: ", 12) == 0 + || strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "User-agent: ", 12) == 0)) { packet->user_agent_line.ptr = &packet->line[packet->parsed_lines].ptr[12]; packet->user_agent_line.len = packet->line[packet->parsed_lines].len - 12; packet->http_num_headers++; } /* "Content-Encoding:" header line in HTTP response (and request?). */ if(packet->line[packet->parsed_lines].len > 18 - && memcmp(packet->line[packet->parsed_lines].ptr, "Content-Encoding: ", 18) == 0) { + && strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Content-Encoding: ", 18) == 0) { packet->http_encoding.ptr = &packet->line[packet->parsed_lines].ptr[18]; packet->http_encoding.len = packet->line[packet->parsed_lines].len - 18; packet->http_num_headers++; } /* "Transfer-Encoding:" header line in HTTP. */ if(packet->line[packet->parsed_lines].len > 19 - && memcmp(packet->line[packet->parsed_lines].ptr, "Transfer-Encoding: ", 19) == 0) { + && strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Transfer-Encoding: ", 19) == 0) { packet->http_transfer_encoding.ptr = &packet->line[packet->parsed_lines].ptr[19]; packet->http_transfer_encoding.len = packet->line[packet->parsed_lines].len - 19; packet->http_num_headers++; } /* "Content-Length:" header line in HTTP. */ if(packet->line[packet->parsed_lines].len > 16 - && ((memcmp(packet->line[packet->parsed_lines].ptr, "Content-Length: ", 16) == 0) - || (memcmp(packet->line[packet->parsed_lines].ptr, "content-length: ", 16) == 0))) { + && ((strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Content-Length: ", 16) == 0) + || (strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "content-length: ", 16) == 0))) { packet->http_contentlen.ptr = &packet->line[packet->parsed_lines].ptr[16]; packet->http_contentlen.len = packet->line[packet->parsed_lines].len - 16; packet->http_num_headers++; } /* "Cookie:" header line in HTTP. */ if(packet->line[packet->parsed_lines].len > 8 - && memcmp(packet->line[packet->parsed_lines].ptr, "Cookie: ", 8) == 0) { + && strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Cookie: ", 8) == 0) { packet->http_cookie.ptr = &packet->line[packet->parsed_lines].ptr[8]; packet->http_cookie.len = packet->line[packet->parsed_lines].len - 8; packet->http_num_headers++; } /* "Origin:" header line in HTTP. */ if(packet->line[packet->parsed_lines].len > 8 - && memcmp(packet->line[packet->parsed_lines].ptr, "Origin: ", 8) == 0) { + && strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Origin: ", 8) == 0) { packet->http_origin.ptr = &packet->line[packet->parsed_lines].ptr[8]; packet->http_origin.len = packet->line[packet->parsed_lines].len - 8; packet->http_num_headers++; } /* "X-Session-Type:" header line in HTTP. */ if(packet->line[packet->parsed_lines].len > 16 - && memcmp(packet->line[packet->parsed_lines].ptr, "X-Session-Type: ", 16) == 0) { + && strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "X-Session-Type: ", 16) == 0) { packet->http_x_session_type.ptr = &packet->line[packet->parsed_lines].ptr[16]; packet->http_x_session_type.len = packet->line[packet->parsed_lines].len - 16; packet->http_num_headers++; @@ -3953,19 +3954,19 @@ void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struc * - https://tools.ietf.org/html/rfc7230 * - https://en.wikipedia.org/wiki/List_of_HTTP_header_fields */ - if((packet->line[packet->parsed_lines].len > 6 && ( memcmp(packet->line[packet->parsed_lines].ptr, "Date: ", 6) == 0 || - memcmp(packet->line[packet->parsed_lines].ptr, "Vary: ", 6) == 0 || - memcmp(packet->line[packet->parsed_lines].ptr, "ETag: ", 6) == 0 )) || - (packet->line[packet->parsed_lines].len > 8 && memcmp(packet->line[packet->parsed_lines].ptr, "Pragma: ", 8) == 0) || - (packet->line[packet->parsed_lines].len > 9 && memcmp(packet->line[packet->parsed_lines].ptr, "Expires: ", 9) == 0) || - (packet->line[packet->parsed_lines].len > 12 && ( memcmp(packet->line[packet->parsed_lines].ptr, "Set-Cookie: ", 12) == 0 || - memcmp(packet->line[packet->parsed_lines].ptr, "Keep-Alive: ", 12) == 0 || - memcmp(packet->line[packet->parsed_lines].ptr, "Connection: ", 12) == 0)) || - (packet->line[packet->parsed_lines].len > 15 && ( memcmp(packet->line[packet->parsed_lines].ptr, "Last-Modified: ", 15) == 0 || - memcmp(packet->line[packet->parsed_lines].ptr, "Accept-Ranges: ", 15) == 0)) || - (packet->line[packet->parsed_lines].len > 17 && ( memcmp(packet->line[packet->parsed_lines].ptr, "Accept-Language: ", 17) == 0 || - memcmp(packet->line[packet->parsed_lines].ptr, "Accept-Encoding: ", 17) == 0)) || - (packet->line[packet->parsed_lines].len > 27 && memcmp(packet->line[packet->parsed_lines].ptr, "Upgrade-Insecure-Requests: ", 27) == 0)) { + if((packet->line[packet->parsed_lines].len > 6 && ( strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Date: ", 6) == 0 || + strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Vary: ", 6) == 0 || + strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "ETag: ", 6) == 0 )) || + (packet->line[packet->parsed_lines].len > 8 && strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Pragma: ", 8) == 0) || + (packet->line[packet->parsed_lines].len > 9 && strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Expires: ", 9) == 0) || + (packet->line[packet->parsed_lines].len > 12 && ( strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Set-Cookie: ", 12) == 0 || + strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Keep-Alive: ", 12) == 0 || + strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Connection: ", 12) == 0)) || + (packet->line[packet->parsed_lines].len > 15 && ( strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Last-Modified: ", 15) == 0 || + strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Accept-Ranges: ", 15) == 0)) || + (packet->line[packet->parsed_lines].len > 17 && ( strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Accept-Language: ", 17) == 0 || + strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Accept-Encoding: ", 17) == 0)) || + (packet->line[packet->parsed_lines].len > 27 && strncasecmp((const char *)packet->line[packet->parsed_lines].ptr, "Upgrade-Insecure-Requests: ", 27) == 0)) { /* Just count. In the future, if needed, this if can be splited to parse these headers */ packet->http_num_headers++; } @@ -4707,6 +4708,30 @@ char* ndpi_strnstr(const char *s, const char *find, size_t slen) { /* ****************************************************** */ +/* + * Same as ndpi_strnstr but case-insensitive + */ +char* ndpi_strncasestr(const char *s, const char *find, size_t slen) { + char c, sc; + size_t len; + + if((c = *find++) != '\0') { + len = strlen(find); + do { + do { + if(slen-- < 1 || (sc = *s++) == '\0') + return (NULL); + } while (sc != c); + if(len > slen) + return (NULL); + } while (strncasecmp(s, find, len) != 0); + s--; + } + return ((char *)s); +} + +/* ****************************************************** */ + int ndpi_match_prefix(const u_int8_t *payload, size_t payload_len, const char *str, size_t str_len) { -- cgit v1.2.3 From 8e8445e02f9190c9fb12b01c097dda68a4c88856 Mon Sep 17 00:00:00 2001 From: Campus Date: Sun, 3 Sep 2017 16:40:41 +0200 Subject: fix telegram detection --- src/lib/ndpi_content_match.c.inc | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src') diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 54043d581..b2131e413 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -849,6 +849,7 @@ static ndpi_network host_protocol_list[] = { { 0x5B6C0800 /* 91.108.8.0/22 */, 22, NDPI_PROTOCOL_TELEGRAM }, { 0x5B6C0C00 /* 91.108.12.0/22 */, 22, NDPI_PROTOCOL_TELEGRAM }, { 0x5B6C1000 /* 91.108.16.0/22 */, 22, NDPI_PROTOCOL_TELEGRAM }, + { 0x5B6C1400 /* 91.108.20.0/22 */, 22, NDPI_PROTOCOL_TELEGRAM }, { 0x5B6C3800 /* 91.108.56.0/22 */, 22, NDPI_PROTOCOL_TELEGRAM }, { 0x959AA000 /* 149.154.160.0/20 */, 20, NDPI_PROTOCOL_TELEGRAM }, @@ -8305,6 +8306,7 @@ ndpi_protocol_match host_match[] = { { ".soundcloud.com", "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "getrockerbox.com", "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "web.telegram.org", "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, { NULL, 0 } }; -- cgit v1.2.3 From d3d6a95da74df48d66cfbc5eca4df72eacf85906 Mon Sep 17 00:00:00 2001 From: "huniya arif, xflowResearch" Date: Thu, 14 Sep 2017 11:05:20 +0500 Subject: Added protocol LISP. By Huniya Arif xFlow Research --- configure.ac | 116 ++++++++++++++++ src/include/ndpi_define.h | 297 ++++++++++++++++++++++++++++++++++++++++ src/include/ndpi_protocol_ids.h | 3 +- src/include/ndpi_protocols.h | 2 + src/lib/Makefile.am | 1 + src/lib/ndpi_main.c | 8 ++ src/lib/protocols/lisp.c | 68 +++++++++ 7 files changed, 494 insertions(+), 1 deletion(-) create mode 100644 configure.ac create mode 100644 src/include/ndpi_define.h create mode 100644 src/lib/protocols/lisp.c (limited to 'src') diff --git a/configure.ac b/configure.ac new file mode 100644 index 000000000..5e54d7813 --- /dev/null +++ b/configure.ac @@ -0,0 +1,116 @@ +AC_INIT([libndpi], [2.1.0]) + +AC_CONFIG_MACRO_DIR([m4]) + +AM_INIT_AUTOMAKE([foreign subdir-objects]) + +LT_INIT + +AC_PROG_CC +AM_PROG_CC_C_O +AX_PTHREAD + +NDPI_MAJOR="2" +NDPI_MINOR="1" +NDPI_PATCH="0" + +AC_DEFINE_UNQUOTED(NDPI_MAJOR_RELEASE, "${NDPI_MAJOR}", [nDPI major release]) +AC_DEFINE_UNQUOTED(NDPI_MINOR_RELEASE, "${NDPI_MINOR}", [nDPI minor release]) +AC_DEFINE_UNQUOTED(NDPI_PATCH_LEVEL, "${NDPI_PATCH}", [nDPI patch level]) + +if test -d ".git"; then : + GIT_TAG=`git log -1 --format=%h` + GIT_DATE=`git log -1 --format=%cd` + # + # On CentOS 6 `git rev-list HEAD --count` does not work + # + # + GIT_NUM=`git log --pretty=oneline | wc -l | tr -d '[[:space:]]'` + GIT_RELEASE="${PACKAGE_VERSION}-${GIT_NUM}-${GIT_TAG}" +else + GIT_RELEASE="${PACKAGE_VERSION}" + GIT_DATE=`date` +fi + +AC_DEFINE_UNQUOTED(NDPI_GIT_RELEASE, "${GIT_RELEASE}", [GIT Release]) +AC_DEFINE_UNQUOTED(NDPI_GIT_DATE, "${GIT_DATE}", [Last GIT change]) + +AC_CHECK_HEADERS([netinet/in.h stdint.h stdlib.h string.h unistd.h]) + +PCAP_HOME=$HOME/PF_RING/userland + +if test -d $PCAP_HOME; then : + echo -n "" +else + PCAP_HOME=`pwd`/../../PF_RING/userland +fi +SHORT_MACHINE=`uname -m | cut -b1-3` +if test $SHORT_MACHINE = "arm"; then + LIBNUMA="" +else + AC_CHECK_LIB([numa], [numa_available], [LIBNUMA="-lnuma"]) +fi + +if test -f $PCAP_HOME/libpcap/libpcap.a; then : + echo "Using libpcap from $PCAP_HOME" + PCAP_INC="-I $PCAP_HOME/libpcap" + PCAP_LIB="$PCAP_HOME/libpcap/libpcap.a $PCAP_HOME/lib/libpfring.a $LIBNUMA `$PCAP_HOME/lib/pfring_config --libs`" + + AC_CHECK_LIB([rt], [clock_gettime], [PCAP_LIB="$PCAP_LIB -lrt"]) + AC_CHECK_LIB([nl], [nl_handle_alloc], [PCAP_LIB="$PCAP_LIB -lnl"]) + # The dlopen() function is in libdl on GLIBC-based systems + # and in the C library for *BSD systems + AC_CHECK_LIB([dl], [dlopen, dlsym], [DL_LIB="-ldl"], + [AC_CHECK_LIB([c], [dlopen, dlsym], [DL_LIB="-lc"], + [AC_MSG_ERROR([unable to find the dlopen(), dlsym() functions]) ]) ]) +else + AC_CHECK_LIB([pcap], [pcap_open_live], [PCAP_LIB="-lpcap"]) + + if test $ac_cv_lib_pcap_pcap_open_live = "no"; then : + echo "" + echo "ERROR: Missing libpcap(-dev) library required to compile the example application" + echo "ERROR: Please install it and try again" + exit + fi +fi + +dnl> https://github.com/json-c/json-c +AC_ARG_ENABLE([json-c], + AS_HELP_STRING([--disable-json-c], [Disable json-c support])) + +AS_IF([test "x$enable_json_c" != "xno"], [ + PKG_CONFIG_PATH=/usr/local/share/pkgconfig:$PKG_CONFIG_PATH + pkg-config --exists json-c + AS_IF([test "$?" == "0"], + [ + CFLAGS="$CFLAGS $(pkg-config --cflags json-c)" + LDFLAGS="$LDFLAGS $(pkg-config --libs json-c)" + AC_CHECK_LIB(json-c, json_object_new_object, AC_DEFINE_UNQUOTED(HAVE_JSON_C, 1, [The JSON-C library is present])) + ], + [ + JSONC_HOME="$HOME/json-c" + if test -d "$JSONC_HOME"; then : + CFLAGS="$CFLAGS -I $JSONC_HOME" + LDFLAGS="$LDFLAGS $JSONC_HOME/.libs/libjson-c.a" + AC_MSG_RESULT([Found json-c in $JSONC_HOME]) + AC_DEFINE_UNQUOTED(HAVE_JSON_C, 1, [The JSON-C library is present]) + fi + ]) + ]) + +AC_CHECK_LIB(pthread, pthread_setaffinity_np, AC_DEFINE_UNQUOTED(HAVE_PTHREAD_SETAFFINITY_NP, 1, [libc has pthread_setaffinity_np])) + +AC_CONFIG_FILES([Makefile src/lib/Makefile example/Makefile tests/Makefile libndpi.pc src/include/ndpi_define.h]) +AC_CONFIG_HEADERS(config.h) +AC_SUBST(GIT_RELEASE) +AC_SUBST(NDPI_MAJOR) +AC_SUBST(NDPI_MINOR) +AC_SUBST(NDPI_PATCH) +AC_SUBST(SVN_DATE) +AC_SUBST(JSON_C_LIB) +AC_SUBST(PCAP_INC) +AC_SUBST(PCAP_LIB) +AC_SUBST(DL_LIB) +AC_SUBST(HAVE_PTHREAD_SETAFFINITY_NP) + +AC_OUTPUT diff --git a/src/include/ndpi_define.h b/src/include/ndpi_define.h new file mode 100644 index 000000000..84155d027 --- /dev/null +++ b/src/include/ndpi_define.h @@ -0,0 +1,297 @@ +/* + * + * Copyright (C) 2011-17 - ntop.org + * + * This file is part of nDPI, an open source deep packet inspection + * library based on the OpenDPI and PACE technology by ipoque GmbH + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ + +#ifndef __NDPI_DEFINE_INCLUDE_FILE__ +#define __NDPI_DEFINE_INCLUDE_FILE__ + +/* + gcc -E -dM - < /dev/null |grep ENDIAN +*/ + +#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) +#include +#endif + +#ifdef __OpenBSD__ +#include +#define __BYTE_ORDER BYTE_ORDER +#if BYTE_ORDER == LITTLE_ENDIAN +#define __LITTLE_ENDIAN__ +#else +#define __BIG_ENDIAN__ +#endif/* BYTE_ORDER */ +#endif/* __OPENBSD__ */ + + +#if __BYTE_ORDER == __LITTLE_ENDIAN +#ifndef __LITTLE_ENDIAN__ +#define __LITTLE_ENDIAN__ +#endif +#else +#ifndef __BIG_ENDIAN__ +#define __BIG_ENDIAN__ +#endif +#endif + +#ifdef WIN32 +#ifndef __LITTLE_ENDIAN__ +#define __LITTLE_ENDIAN__ 1 +#endif +#endif + +#if !(defined(__LITTLE_ENDIAN__) || defined(__BIG_ENDIAN__)) +#if defined(__mips__) +#undef __LITTLE_ENDIAN__ +#undef __LITTLE_ENDIAN +#define __BIG_ENDIAN__ +#endif + +/* Everything else */ +#if (defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__)) +#if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ +#define __LITTLE_ENDIAN__ +#else +#define __BIG_ENDIAN__ +#endif +#endif + +#endif + +#define NDPI_USE_ASYMMETRIC_DETECTION 0 +#define NDPI_SELECTION_BITMASK_PROTOCOL_SIZE u_int32_t + +#define NDPI_SELECTION_BITMASK_PROTOCOL_IP (1<<0) +#define NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP (1<<1) +#define NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP (1<<2) +#define NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP (1<<3) +#define NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD (1<<4) +#define NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION (1<<5) +#define NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 (1<<6) +#define NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 (1<<7) +#define NDPI_SELECTION_BITMASK_PROTOCOL_COMPLETE_TRAFFIC (1<<8) +/* now combined detections */ + +/* v4 */ +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP (NDPI_SELECTION_BITMASK_PROTOCOL_IP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP) +#define NDPI_SELECTION_BITMASK_PROTOCOL_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP) +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP) + +/* v6 */ +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP) + +/* v4 or v6 */ +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP) + + +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) + +/* does it make sense to talk about udp with payload ??? have you ever seen empty udp packets ? */ +#define NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V6_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) + +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) + +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) + +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) + +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) + +#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) +#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) + +/* safe src/dst protocol check macros... */ + +#define NDPI_SRC_HAS_PROTOCOL(src,protocol) ((src) != NULL && NDPI_COMPARE_PROTOCOL_TO_BITMASK((src)->detected_protocol_bitmask,(protocol)) != 0) + +#define NDPI_DST_HAS_PROTOCOL(dst,protocol) ((dst) != NULL && NDPI_COMPARE_PROTOCOL_TO_BITMASK((dst)->detected_protocol_bitmask,(protocol)) != 0) + +#define NDPI_SRC_OR_DST_HAS_PROTOCOL(src,dst,protocol) (NDPI_SRC_HAS_PROTOCOL(src,protocol) || NDPI_SRC_HAS_PROTOCOL(dst,protocol)) + +/** + * convenience macro to check for excluded protocol + * a protocol is excluded if the flow is known and either the protocol is not detected at all + * or the excluded bitmask contains the protocol + */ +#define NDPI_FLOW_PROTOCOL_EXCLUDED(ndpi_struct,flow,protocol) ((flow) != NULL && \ + ( NDPI_COMPARE_PROTOCOL_TO_BITMASK((ndpi_struct)->detection_bitmask, (protocol)) == 0 || \ + NDPI_COMPARE_PROTOCOL_TO_BITMASK((flow)->excluded_protocol_bitmask, (protocol)) != 0 ) ) + +/* misc definitions */ +#define NDPI_DEFAULT_MAX_TCP_RETRANSMISSION_WINDOW_SIZE 0x10000 + + +/* TODO: rebuild all memory areas to have a more aligned memory block here */ + +/* DEFINITION OF MAX LINE NUMBERS FOR line parse algorithm */ +#define NDPI_MAX_PARSE_LINES_PER_PACKET 64 + +#define MAX_PACKET_COUNTER 65000 +#define MAX_DEFAULT_PORTS 5 + +#define NDPI_DIRECTCONNECT_CONNECTION_IP_TICK_TIMEOUT 600 +#define NDPI_IRC_CONNECTION_TIMEOUT 120 +#define NDPI_GNUTELLA_CONNECTION_TIMEOUT 60 +#define NDPI_BATTLEFIELD_CONNECTION_TIMEOUT 60 +#define NDPI_THUNDER_CONNECTION_TIMEOUT 30 +#define NDPI_RTSP_CONNECTION_TIMEOUT 5 +#define NDPI_TVANTS_CONNECTION_TIMEOUT 5 +#define NDPI_YAHOO_DETECT_HTTP_CONNECTIONS 1 +#define NDPI_YAHOO_LAN_VIDEO_TIMEOUT 30 +#define NDPI_ZATTOO_CONNECTION_TIMEOUT 120 +#define NDPI_ZATTOO_FLASH_TIMEOUT 5 +#define NDPI_JABBER_STUN_TIMEOUT 30 +#define NDPI_JABBER_FT_TIMEOUT 5 +#define NDPI_SOULSEEK_CONNECTION_IP_TICK_TIMEOUT 600 + +#ifdef NDPI_ENABLE_DEBUG_MESSAGES +#define NDPI_LOG(proto, m, log_level, args...) \ + { \ + struct ndpi_detection_module_struct *mod = (struct ndpi_detection_module_struct*) m; \ + if(mod != NULL) { \ + mod->ndpi_debug_print_file=__FILE__; \ + mod->ndpi_debug_print_function=__FUNCTION__; \ + mod->ndpi_debug_print_line=__LINE__; \ + (*(mod->ndpi_debug_printf))(proto, mod, log_level, args); \ + } \ + } +#else /* NDPI_ENABLE_DEBUG_MESSAGES */ +#ifdef WIN32 +#define NDPI_LOG(...) {} +#else +#define NDPI_LOG(proto, mod, log_level, args...) {} +#endif +#endif /* NDPI_ENABLE_DEBUG_MESSAGES */ + +/** + * macro for getting the string len of a static string + * + * use it instead of strlen to avoid runtime calculations + */ +#define NDPI_STATICSTRING_LEN( s ) ( sizeof( s ) - 1 ) + +/** macro to compare 2 IPv6 addresses with each other to identify the "smaller" IPv6 address */ +#define NDPI_COMPARE_IPV6_ADDRESS_STRUCTS(x,y) \ + ((((u_int64_t *)(x))[0]) < (((u_int64_t *)(y))[0]) || ( (((u_int64_t *)(x))[0]) == (((u_int64_t *)(y))[0]) && (((u_int64_t *)(x))[1]) < (((u_int64_t *)(y))[1])) ) + +#define NDPI_NUM_BITS 256 + +#define NDPI_BITS /* 32 */ (sizeof(ndpi_ndpi_mask) * 8 /* number of bits in a byte */) /* bits per mask */ +#define howmanybits(x, y) (((x)+((y)-1))/(y)) + + +#define NDPI_SET(p, n) ((p)->fds_bits[(n)/NDPI_BITS] |= (1 << (((u_int32_t)n) % NDPI_BITS))) +#define NDPI_CLR(p, n) ((p)->fds_bits[(n)/NDPI_BITS] &= ~(1 << (((u_int32_t)n) % NDPI_BITS))) +#define NDPI_ISSET(p, n) ((p)->fds_bits[(n)/NDPI_BITS] & (1 << (((u_int32_t)n) % NDPI_BITS))) +#define NDPI_ZERO(p) memset((char *)(p), 0, sizeof(*(p))) +#define NDPI_ONE(p) memset((char *)(p), 0xFF, sizeof(*(p))) + +#define NDPI_NUM_FDS_BITS howmanybits(NDPI_NUM_BITS, NDPI_BITS) + +#define NDPI_PROTOCOL_BITMASK ndpi_protocol_bitmask_struct_t + +#define NDPI_BITMASK_ADD(a,b) NDPI_SET(&a,b) +#define NDPI_BITMASK_DEL(a,b) NDPI_CLR(&a,b) +#define NDPI_BITMASK_RESET(a) NDPI_ZERO(&a) +#define NDPI_BITMASK_SET_ALL(a) NDPI_ONE(&a) +#define NDPI_BITMASK_SET(a, b) { memcpy(&a, &b, sizeof(NDPI_PROTOCOL_BITMASK)); } + +/* this is a very very tricky macro *g*, + * the compiler will remove all shifts here if the protocol is static... + */ +#define NDPI_ADD_PROTOCOL_TO_BITMASK(bmask,value) NDPI_SET(&bmask,value) +#define NDPI_DEL_PROTOCOL_FROM_BITMASK(bmask,value) NDPI_CLR(&bmask,value) +#define NDPI_COMPARE_PROTOCOL_TO_BITMASK(bmask,value) NDPI_ISSET(&bmask,value) + +#define NDPI_SAVE_AS_BITMASK(bmask,value) { NDPI_ZERO(&bmask) ; NDPI_ADD_PROTOCOL_TO_BITMASK(bmask, value); } + + +#define ndpi_min(a,b) ((a < b) ? a : b) +#define ndpi_max(a,b) ((a > b) ? a : b) + +#define NDPI_PARSE_PACKET_LINE_INFO(ndpi_struct,flow,packet) \ + if (packet->packet_lines_parsed_complete != 1) { \ + ndpi_parse_packet_line_info(ndpi_struct,flow); \ + } \ + +#define NDPI_IPSEC_PROTOCOL_ESP 50 +#define NDPI_IPSEC_PROTOCOL_AH 51 +#define NDPI_GRE_PROTOCOL_TYPE 0x2F +#define NDPI_ICMP_PROTOCOL_TYPE 0x01 +#define NDPI_IGMP_PROTOCOL_TYPE 0x02 +#define NDPI_EGP_PROTOCOL_TYPE 0x08 +#define NDPI_OSPF_PROTOCOL_TYPE 0x59 +#define NDPI_SCTP_PROTOCOL_TYPE 132 +#define NDPI_IPIP_PROTOCOL_TYPE 0x04 +#define NDPI_ICMPV6_PROTOCOL_TYPE 0x3a + +/* the get_uXX will return raw network packet bytes !! */ +#define get_u_int8_t(X,O) (*(u_int8_t *)(((u_int8_t *)X) + O)) +#define get_u_int16_t(X,O) (*(u_int16_t *)(((u_int8_t *)X) + O)) +#define get_u_int32_t(X,O) (*(u_int32_t *)(((u_int8_t *)X) + O)) +#define get_u_int64_t(X,O) (*(u_int64_t *)(((u_int8_t *)X) + O)) + +/* new definitions to get little endian from network bytes */ +#define get_ul8(X,O) get_u_int8_t(X,O) + + +#if defined(__LITTLE_ENDIAN__) || defined(_LITTLE_ENDIAN) +#define get_l16(X,O) get_u_int16_t(X,O) +#define get_l32(X,O) get_u_int32_t(X,O) +#elif defined(__BIG_ENDIAN__) || defined(__BIG_ENDIAN) +/* convert the bytes from big to little endian */ +# define get_l16(X,O) bswap_16(get_u_int16_t(X,O)) +# define get_l32(X,O) bswap_32(get_u_int32_t(X,O)) +#else +#error "__BYTE_ORDER MUST BE DEFINED !" +#endif /* __BYTE_ORDER */ + +/* define memory callback function */ +#define match_first_bytes(payload,st) (memcmp((payload),(st),(sizeof(st)-1))==0) + +#if defined(WIN32) && !defined(snprintf) +#define snprintf _snprintf +#endif + +#define NDPI_MAX_DNS_REQUESTS 16 + +#define NDPI_MAJOR 2 +#define NDPI_MINOR 1 +#define NDPI_PATCH 0 + +#endif /* __NDPI_DEFINE_INCLUDE_FILE__ */ diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 1ba8d3b89..bd0c8e999 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -273,9 +273,10 @@ #define NDPI_PROTOCOL_LINKEDIN 233 /* Paulo Angelo */ #define NDPI_PROTOCOL_SOUNDCLOUD 234 #define NDPI_PROTOCOL_CSGO 235 /* Counter-Strike Global Offensive, Dota 2 */ +#define NDPI_PROTOCOL_LISP 236 /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ -#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_CSGO +#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_LISP #define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1) #define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL) diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index adfd19b17..ef248027a 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -53,6 +53,7 @@ void ndpi_search_tcp_or_udp(struct ndpi_detection_module_struct *ndpi_struct, st /* Applications and other protocols. */ void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); +void ndpi_search_lisp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_edonkey(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_fasttrack_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); @@ -209,6 +210,7 @@ void init_amqp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int void init_battlefield_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_bgp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_bittorrent_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); +void init_lisp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_teredo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_ciscovpn_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_citrix_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index 740e3ee48..c2b4e4b13 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -71,6 +71,7 @@ libndpi_la_SOURCES = ndpi_content_match.c.inc \ protocols/kontiki.c \ protocols/ldap.c \ protocols/lotus_notes.c \ + protocols/lisp.c \ protocols/mail_imap.c \ protocols/mail_pop.c \ protocols/mail_smtp.c \ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index ffb4ed909..f0b0407bb 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1390,6 +1390,11 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "Dropbox", NDPI_PROTOCOL_CATEGORY_CLOUD, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 17500, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LISP, + no_master, + no_master, "LISP", NDPI_PROTOCOL_CATEGORY_CLOUD, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 4342, 4341, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_EAQ, no_master, no_master, "EAQ", NDPI_PROTOCOL_CATEGORY_NETWORK, @@ -2735,6 +2740,9 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* CSGO */ init_csgo_dissector(ndpi_struct, &a, detection_bitmask); + /* LISP */ + init_my_lisp_dissector(ndpi_struct, &a, detection_bitmask); + /* ----------------------------------------------------------------- */ ndpi_struct->callback_buffer_size = a; diff --git a/src/lib/protocols/lisp.c b/src/lib/protocols/lisp.c new file mode 100644 index 000000000..37077029c --- /dev/null +++ b/src/lib/protocols/lisp.c @@ -0,0 +1,68 @@ +#include "ndpi_api.h" +#ifdef NDPI_PROTOCOL_LISP + +#define LISP_PORT 4341 +#define LISP_PORT1 4342 + +static void ndpi_int_lisp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, + u_int8_t due_to_correlation) +{ + + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_LISP, NDPI_PROTOCOL_UNKNOWN); +} + +static void ndpi_check_lisp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) +{ + + struct ndpi_packet_struct *packet = &flow->packet; + u_int32_t payload_len = packet->payload_packet_len; + + if(packet->udp != NULL) { + + u_int16_t lisp_port = htons(LISP_PORT); + u_int16_t lisp_port1 = htons(LISP_PORT1); + + if(((packet->udp->source == lisp_port) + && (packet->udp->dest == lisp_port)) || + ((packet->udp->source == lisp_port1) + && (packet->udp->dest == lisp_port1)) ) { + + NDPI_LOG(NDPI_PROTOCOL_LISP, ndpi_struct, NDPI_LOG_DEBUG, "Found lisp.\n"); + ndpi_int_lisp_add_connection(ndpi_struct, flow, 0); + return; + + } + } + + NDPI_LOG(NDPI_PROTOCOL_lisp, ndpi_struct, NDPI_LOG_DEBUG, "exclude lisp.\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_LISP); +} + +void ndpi_search_lisp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) +{ + struct ndpi_packet_struct *packet = &flow->packet; + + NDPI_LOG(NDPI_PROTOCOL_LISP, ndpi_struct, NDPI_LOG_DEBUG, "lisp detection...\n"); + + /* skip marked packets */ + if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_LISP) { + + ndpi_check_lisp(ndpi_struct, flow); + + } +} + + +void init_my_lisp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +{ + ndpi_set_bitmask_protocol_detection("LISP", ndpi_struct, detection_bitmask, *id, + NDPI_PROTOCOL_LISP, + ndpi_search_lisp, + NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, + ADD_TO_DETECTION_BITMASK); + *id += 1; +} + +#endif -- cgit v1.2.3 From d4d4f2a17c9fdd641f754305ef6de2711ab2c19f Mon Sep 17 00:00:00 2001 From: "huniya arif, xflowResearch" Date: Thu, 14 Sep 2017 11:38:31 +0500 Subject: Added LISP protocol. By Huniya Arif (xFlowResearch) --- src/include/ndpi_main.h | 2 +- src/lib/ndpi_main.c | 2 +- src/lib/protocols/lisp.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/include/ndpi_main.h b/src/include/ndpi_main.h index 24bdcb171..79eeab8f1 100644 --- a/src/include/ndpi_main.h +++ b/src/include/ndpi_main.h @@ -28,8 +28,8 @@ #include "ndpi_define.h" #include "ndpi_protocol_ids.h" #include "ndpi_typedefs.h" -#include "ndpi_protocols.h" #include "ndpi_api.h" +#include "ndpi_protocols.h" #ifdef __cplusplus extern "C" { diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index f0b0407bb..26983f0a8 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -2741,7 +2741,7 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n init_csgo_dissector(ndpi_struct, &a, detection_bitmask); /* LISP */ - init_my_lisp_dissector(ndpi_struct, &a, detection_bitmask); + init_lisp_dissector(ndpi_struct, &a, detection_bitmask); /* ----------------------------------------------------------------- */ diff --git a/src/lib/protocols/lisp.c b/src/lib/protocols/lisp.c index 37077029c..531f7f68f 100644 --- a/src/lib/protocols/lisp.c +++ b/src/lib/protocols/lisp.c @@ -54,7 +54,7 @@ void ndpi_search_lisp(struct ndpi_detection_module_struct *ndpi_struct, struct n } -void init_my_lisp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +void init_lisp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { ndpi_set_bitmask_protocol_detection("LISP", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_LISP, -- cgit v1.2.3 From f7e9264c36d0e94844a645588cddaafa192fd48d Mon Sep 17 00:00:00 2001 From: "huniya arif, xflowResearch" Date: Thu, 14 Sep 2017 12:52:18 +0500 Subject: LISP PROTOCOL by Huniya Arif (xFlowResearch) --- configure.ac | 116 ------------------ src/include/ndpi_define.h | 297 ---------------------------------------------- 2 files changed, 413 deletions(-) delete mode 100644 configure.ac delete mode 100644 src/include/ndpi_define.h (limited to 'src') diff --git a/configure.ac b/configure.ac deleted file mode 100644 index 5e54d7813..000000000 --- a/configure.ac +++ /dev/null @@ -1,116 +0,0 @@ -AC_INIT([libndpi], [2.1.0]) - -AC_CONFIG_MACRO_DIR([m4]) - -AM_INIT_AUTOMAKE([foreign subdir-objects]) - -LT_INIT - -AC_PROG_CC -AM_PROG_CC_C_O -AX_PTHREAD - -NDPI_MAJOR="2" -NDPI_MINOR="1" -NDPI_PATCH="0" - -AC_DEFINE_UNQUOTED(NDPI_MAJOR_RELEASE, "${NDPI_MAJOR}", [nDPI major release]) -AC_DEFINE_UNQUOTED(NDPI_MINOR_RELEASE, "${NDPI_MINOR}", [nDPI minor release]) -AC_DEFINE_UNQUOTED(NDPI_PATCH_LEVEL, "${NDPI_PATCH}", [nDPI patch level]) - -if test -d ".git"; then : - GIT_TAG=`git log -1 --format=%h` - GIT_DATE=`git log -1 --format=%cd` - # - # On CentOS 6 `git rev-list HEAD --count` does not work - # - # - GIT_NUM=`git log --pretty=oneline | wc -l | tr -d '[[:space:]]'` - GIT_RELEASE="${PACKAGE_VERSION}-${GIT_NUM}-${GIT_TAG}" -else - GIT_RELEASE="${PACKAGE_VERSION}" - GIT_DATE=`date` -fi - -AC_DEFINE_UNQUOTED(NDPI_GIT_RELEASE, "${GIT_RELEASE}", [GIT Release]) -AC_DEFINE_UNQUOTED(NDPI_GIT_DATE, "${GIT_DATE}", [Last GIT change]) - -AC_CHECK_HEADERS([netinet/in.h stdint.h stdlib.h string.h unistd.h]) - -PCAP_HOME=$HOME/PF_RING/userland - -if test -d $PCAP_HOME; then : - echo -n "" -else - PCAP_HOME=`pwd`/../../PF_RING/userland -fi -SHORT_MACHINE=`uname -m | cut -b1-3` -if test $SHORT_MACHINE = "arm"; then - LIBNUMA="" -else - AC_CHECK_LIB([numa], [numa_available], [LIBNUMA="-lnuma"]) -fi - -if test -f $PCAP_HOME/libpcap/libpcap.a; then : - echo "Using libpcap from $PCAP_HOME" - PCAP_INC="-I $PCAP_HOME/libpcap" - PCAP_LIB="$PCAP_HOME/libpcap/libpcap.a $PCAP_HOME/lib/libpfring.a $LIBNUMA `$PCAP_HOME/lib/pfring_config --libs`" - - AC_CHECK_LIB([rt], [clock_gettime], [PCAP_LIB="$PCAP_LIB -lrt"]) - AC_CHECK_LIB([nl], [nl_handle_alloc], [PCAP_LIB="$PCAP_LIB -lnl"]) - # The dlopen() function is in libdl on GLIBC-based systems - # and in the C library for *BSD systems - AC_CHECK_LIB([dl], [dlopen, dlsym], [DL_LIB="-ldl"], - [AC_CHECK_LIB([c], [dlopen, dlsym], [DL_LIB="-lc"], - [AC_MSG_ERROR([unable to find the dlopen(), dlsym() functions]) ]) ]) -else - AC_CHECK_LIB([pcap], [pcap_open_live], [PCAP_LIB="-lpcap"]) - - if test $ac_cv_lib_pcap_pcap_open_live = "no"; then : - echo "" - echo "ERROR: Missing libpcap(-dev) library required to compile the example application" - echo "ERROR: Please install it and try again" - exit - fi -fi - -dnl> https://github.com/json-c/json-c -AC_ARG_ENABLE([json-c], - AS_HELP_STRING([--disable-json-c], [Disable json-c support])) - -AS_IF([test "x$enable_json_c" != "xno"], [ - PKG_CONFIG_PATH=/usr/local/share/pkgconfig:$PKG_CONFIG_PATH - pkg-config --exists json-c - AS_IF([test "$?" == "0"], - [ - CFLAGS="$CFLAGS $(pkg-config --cflags json-c)" - LDFLAGS="$LDFLAGS $(pkg-config --libs json-c)" - AC_CHECK_LIB(json-c, json_object_new_object, AC_DEFINE_UNQUOTED(HAVE_JSON_C, 1, [The JSON-C library is present])) - ], - [ - JSONC_HOME="$HOME/json-c" - if test -d "$JSONC_HOME"; then : - CFLAGS="$CFLAGS -I $JSONC_HOME" - LDFLAGS="$LDFLAGS $JSONC_HOME/.libs/libjson-c.a" - AC_MSG_RESULT([Found json-c in $JSONC_HOME]) - AC_DEFINE_UNQUOTED(HAVE_JSON_C, 1, [The JSON-C library is present]) - fi - ]) - ]) - -AC_CHECK_LIB(pthread, pthread_setaffinity_np, AC_DEFINE_UNQUOTED(HAVE_PTHREAD_SETAFFINITY_NP, 1, [libc has pthread_setaffinity_np])) - -AC_CONFIG_FILES([Makefile src/lib/Makefile example/Makefile tests/Makefile libndpi.pc src/include/ndpi_define.h]) -AC_CONFIG_HEADERS(config.h) -AC_SUBST(GIT_RELEASE) -AC_SUBST(NDPI_MAJOR) -AC_SUBST(NDPI_MINOR) -AC_SUBST(NDPI_PATCH) -AC_SUBST(SVN_DATE) -AC_SUBST(JSON_C_LIB) -AC_SUBST(PCAP_INC) -AC_SUBST(PCAP_LIB) -AC_SUBST(DL_LIB) -AC_SUBST(HAVE_PTHREAD_SETAFFINITY_NP) - -AC_OUTPUT diff --git a/src/include/ndpi_define.h b/src/include/ndpi_define.h deleted file mode 100644 index 84155d027..000000000 --- a/src/include/ndpi_define.h +++ /dev/null @@ -1,297 +0,0 @@ -/* - * - * Copyright (C) 2011-17 - ntop.org - * - * This file is part of nDPI, an open source deep packet inspection - * library based on the OpenDPI and PACE technology by ipoque GmbH - * - * nDPI is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * nDPI is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with nDPI. If not, see . - * - */ - -#ifndef __NDPI_DEFINE_INCLUDE_FILE__ -#define __NDPI_DEFINE_INCLUDE_FILE__ - -/* - gcc -E -dM - < /dev/null |grep ENDIAN -*/ - -#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) -#include -#endif - -#ifdef __OpenBSD__ -#include -#define __BYTE_ORDER BYTE_ORDER -#if BYTE_ORDER == LITTLE_ENDIAN -#define __LITTLE_ENDIAN__ -#else -#define __BIG_ENDIAN__ -#endif/* BYTE_ORDER */ -#endif/* __OPENBSD__ */ - - -#if __BYTE_ORDER == __LITTLE_ENDIAN -#ifndef __LITTLE_ENDIAN__ -#define __LITTLE_ENDIAN__ -#endif -#else -#ifndef __BIG_ENDIAN__ -#define __BIG_ENDIAN__ -#endif -#endif - -#ifdef WIN32 -#ifndef __LITTLE_ENDIAN__ -#define __LITTLE_ENDIAN__ 1 -#endif -#endif - -#if !(defined(__LITTLE_ENDIAN__) || defined(__BIG_ENDIAN__)) -#if defined(__mips__) -#undef __LITTLE_ENDIAN__ -#undef __LITTLE_ENDIAN -#define __BIG_ENDIAN__ -#endif - -/* Everything else */ -#if (defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__)) -#if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ -#define __LITTLE_ENDIAN__ -#else -#define __BIG_ENDIAN__ -#endif -#endif - -#endif - -#define NDPI_USE_ASYMMETRIC_DETECTION 0 -#define NDPI_SELECTION_BITMASK_PROTOCOL_SIZE u_int32_t - -#define NDPI_SELECTION_BITMASK_PROTOCOL_IP (1<<0) -#define NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP (1<<1) -#define NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP (1<<2) -#define NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP (1<<3) -#define NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD (1<<4) -#define NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION (1<<5) -#define NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 (1<<6) -#define NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 (1<<7) -#define NDPI_SELECTION_BITMASK_PROTOCOL_COMPLETE_TRAFFIC (1<<8) -/* now combined detections */ - -/* v4 */ -#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP (NDPI_SELECTION_BITMASK_PROTOCOL_IP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP) -#define NDPI_SELECTION_BITMASK_PROTOCOL_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP) -#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP) - -/* v6 */ -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP) - -/* v4 or v6 */ -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_UDP) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP (NDPI_SELECTION_BITMASK_PROTOCOL_IPV4_OR_IPV6 | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP) - - -#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) - -/* does it make sense to talk about udp with payload ??? have you ever seen empty udp packets ? */ -#define NDPI_SELECTION_BITMASK_PROTOCOL_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V6_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) - -#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) - -#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) - -#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION) - -#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) - -#define NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) -#define NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION (NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_NO_TCP_RETRANSMISSION | NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) - -/* safe src/dst protocol check macros... */ - -#define NDPI_SRC_HAS_PROTOCOL(src,protocol) ((src) != NULL && NDPI_COMPARE_PROTOCOL_TO_BITMASK((src)->detected_protocol_bitmask,(protocol)) != 0) - -#define NDPI_DST_HAS_PROTOCOL(dst,protocol) ((dst) != NULL && NDPI_COMPARE_PROTOCOL_TO_BITMASK((dst)->detected_protocol_bitmask,(protocol)) != 0) - -#define NDPI_SRC_OR_DST_HAS_PROTOCOL(src,dst,protocol) (NDPI_SRC_HAS_PROTOCOL(src,protocol) || NDPI_SRC_HAS_PROTOCOL(dst,protocol)) - -/** - * convenience macro to check for excluded protocol - * a protocol is excluded if the flow is known and either the protocol is not detected at all - * or the excluded bitmask contains the protocol - */ -#define NDPI_FLOW_PROTOCOL_EXCLUDED(ndpi_struct,flow,protocol) ((flow) != NULL && \ - ( NDPI_COMPARE_PROTOCOL_TO_BITMASK((ndpi_struct)->detection_bitmask, (protocol)) == 0 || \ - NDPI_COMPARE_PROTOCOL_TO_BITMASK((flow)->excluded_protocol_bitmask, (protocol)) != 0 ) ) - -/* misc definitions */ -#define NDPI_DEFAULT_MAX_TCP_RETRANSMISSION_WINDOW_SIZE 0x10000 - - -/* TODO: rebuild all memory areas to have a more aligned memory block here */ - -/* DEFINITION OF MAX LINE NUMBERS FOR line parse algorithm */ -#define NDPI_MAX_PARSE_LINES_PER_PACKET 64 - -#define MAX_PACKET_COUNTER 65000 -#define MAX_DEFAULT_PORTS 5 - -#define NDPI_DIRECTCONNECT_CONNECTION_IP_TICK_TIMEOUT 600 -#define NDPI_IRC_CONNECTION_TIMEOUT 120 -#define NDPI_GNUTELLA_CONNECTION_TIMEOUT 60 -#define NDPI_BATTLEFIELD_CONNECTION_TIMEOUT 60 -#define NDPI_THUNDER_CONNECTION_TIMEOUT 30 -#define NDPI_RTSP_CONNECTION_TIMEOUT 5 -#define NDPI_TVANTS_CONNECTION_TIMEOUT 5 -#define NDPI_YAHOO_DETECT_HTTP_CONNECTIONS 1 -#define NDPI_YAHOO_LAN_VIDEO_TIMEOUT 30 -#define NDPI_ZATTOO_CONNECTION_TIMEOUT 120 -#define NDPI_ZATTOO_FLASH_TIMEOUT 5 -#define NDPI_JABBER_STUN_TIMEOUT 30 -#define NDPI_JABBER_FT_TIMEOUT 5 -#define NDPI_SOULSEEK_CONNECTION_IP_TICK_TIMEOUT 600 - -#ifdef NDPI_ENABLE_DEBUG_MESSAGES -#define NDPI_LOG(proto, m, log_level, args...) \ - { \ - struct ndpi_detection_module_struct *mod = (struct ndpi_detection_module_struct*) m; \ - if(mod != NULL) { \ - mod->ndpi_debug_print_file=__FILE__; \ - mod->ndpi_debug_print_function=__FUNCTION__; \ - mod->ndpi_debug_print_line=__LINE__; \ - (*(mod->ndpi_debug_printf))(proto, mod, log_level, args); \ - } \ - } -#else /* NDPI_ENABLE_DEBUG_MESSAGES */ -#ifdef WIN32 -#define NDPI_LOG(...) {} -#else -#define NDPI_LOG(proto, mod, log_level, args...) {} -#endif -#endif /* NDPI_ENABLE_DEBUG_MESSAGES */ - -/** - * macro for getting the string len of a static string - * - * use it instead of strlen to avoid runtime calculations - */ -#define NDPI_STATICSTRING_LEN( s ) ( sizeof( s ) - 1 ) - -/** macro to compare 2 IPv6 addresses with each other to identify the "smaller" IPv6 address */ -#define NDPI_COMPARE_IPV6_ADDRESS_STRUCTS(x,y) \ - ((((u_int64_t *)(x))[0]) < (((u_int64_t *)(y))[0]) || ( (((u_int64_t *)(x))[0]) == (((u_int64_t *)(y))[0]) && (((u_int64_t *)(x))[1]) < (((u_int64_t *)(y))[1])) ) - -#define NDPI_NUM_BITS 256 - -#define NDPI_BITS /* 32 */ (sizeof(ndpi_ndpi_mask) * 8 /* number of bits in a byte */) /* bits per mask */ -#define howmanybits(x, y) (((x)+((y)-1))/(y)) - - -#define NDPI_SET(p, n) ((p)->fds_bits[(n)/NDPI_BITS] |= (1 << (((u_int32_t)n) % NDPI_BITS))) -#define NDPI_CLR(p, n) ((p)->fds_bits[(n)/NDPI_BITS] &= ~(1 << (((u_int32_t)n) % NDPI_BITS))) -#define NDPI_ISSET(p, n) ((p)->fds_bits[(n)/NDPI_BITS] & (1 << (((u_int32_t)n) % NDPI_BITS))) -#define NDPI_ZERO(p) memset((char *)(p), 0, sizeof(*(p))) -#define NDPI_ONE(p) memset((char *)(p), 0xFF, sizeof(*(p))) - -#define NDPI_NUM_FDS_BITS howmanybits(NDPI_NUM_BITS, NDPI_BITS) - -#define NDPI_PROTOCOL_BITMASK ndpi_protocol_bitmask_struct_t - -#define NDPI_BITMASK_ADD(a,b) NDPI_SET(&a,b) -#define NDPI_BITMASK_DEL(a,b) NDPI_CLR(&a,b) -#define NDPI_BITMASK_RESET(a) NDPI_ZERO(&a) -#define NDPI_BITMASK_SET_ALL(a) NDPI_ONE(&a) -#define NDPI_BITMASK_SET(a, b) { memcpy(&a, &b, sizeof(NDPI_PROTOCOL_BITMASK)); } - -/* this is a very very tricky macro *g*, - * the compiler will remove all shifts here if the protocol is static... - */ -#define NDPI_ADD_PROTOCOL_TO_BITMASK(bmask,value) NDPI_SET(&bmask,value) -#define NDPI_DEL_PROTOCOL_FROM_BITMASK(bmask,value) NDPI_CLR(&bmask,value) -#define NDPI_COMPARE_PROTOCOL_TO_BITMASK(bmask,value) NDPI_ISSET(&bmask,value) - -#define NDPI_SAVE_AS_BITMASK(bmask,value) { NDPI_ZERO(&bmask) ; NDPI_ADD_PROTOCOL_TO_BITMASK(bmask, value); } - - -#define ndpi_min(a,b) ((a < b) ? a : b) -#define ndpi_max(a,b) ((a > b) ? a : b) - -#define NDPI_PARSE_PACKET_LINE_INFO(ndpi_struct,flow,packet) \ - if (packet->packet_lines_parsed_complete != 1) { \ - ndpi_parse_packet_line_info(ndpi_struct,flow); \ - } \ - -#define NDPI_IPSEC_PROTOCOL_ESP 50 -#define NDPI_IPSEC_PROTOCOL_AH 51 -#define NDPI_GRE_PROTOCOL_TYPE 0x2F -#define NDPI_ICMP_PROTOCOL_TYPE 0x01 -#define NDPI_IGMP_PROTOCOL_TYPE 0x02 -#define NDPI_EGP_PROTOCOL_TYPE 0x08 -#define NDPI_OSPF_PROTOCOL_TYPE 0x59 -#define NDPI_SCTP_PROTOCOL_TYPE 132 -#define NDPI_IPIP_PROTOCOL_TYPE 0x04 -#define NDPI_ICMPV6_PROTOCOL_TYPE 0x3a - -/* the get_uXX will return raw network packet bytes !! */ -#define get_u_int8_t(X,O) (*(u_int8_t *)(((u_int8_t *)X) + O)) -#define get_u_int16_t(X,O) (*(u_int16_t *)(((u_int8_t *)X) + O)) -#define get_u_int32_t(X,O) (*(u_int32_t *)(((u_int8_t *)X) + O)) -#define get_u_int64_t(X,O) (*(u_int64_t *)(((u_int8_t *)X) + O)) - -/* new definitions to get little endian from network bytes */ -#define get_ul8(X,O) get_u_int8_t(X,O) - - -#if defined(__LITTLE_ENDIAN__) || defined(_LITTLE_ENDIAN) -#define get_l16(X,O) get_u_int16_t(X,O) -#define get_l32(X,O) get_u_int32_t(X,O) -#elif defined(__BIG_ENDIAN__) || defined(__BIG_ENDIAN) -/* convert the bytes from big to little endian */ -# define get_l16(X,O) bswap_16(get_u_int16_t(X,O)) -# define get_l32(X,O) bswap_32(get_u_int32_t(X,O)) -#else -#error "__BYTE_ORDER MUST BE DEFINED !" -#endif /* __BYTE_ORDER */ - -/* define memory callback function */ -#define match_first_bytes(payload,st) (memcmp((payload),(st),(sizeof(st)-1))==0) - -#if defined(WIN32) && !defined(snprintf) -#define snprintf _snprintf -#endif - -#define NDPI_MAX_DNS_REQUESTS 16 - -#define NDPI_MAJOR 2 -#define NDPI_MINOR 1 -#define NDPI_PATCH 0 - -#endif /* __NDPI_DEFINE_INCLUDE_FILE__ */ -- cgit v1.2.3 From 83b1b34c18408f969da6689972e2394aa06efc2c Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Fri, 15 Sep 2017 11:13:25 +0200 Subject: Added custom 5 protocol categories to be used by applications. They are currently empty Added ndpi_is_custom_category() to check if a defined category is custom --- src/include/ndpi_api.h | 9 +++ src/include/ndpi_typedefs.h | 11 +++- src/lib/ndpi_content_match.c.inc | 34 +++++------ src/lib/ndpi_main.c | 123 ++++++++++++++++++++++++++------------- 4 files changed, 116 insertions(+), 61 deletions(-) (limited to 'src') diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 76285cb70..325ee0564 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -410,6 +410,15 @@ extern "C" { */ char* ndpi_protocol2name(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol proto, char *buf, u_int buf_len); + /** + * Find out if a given category is custom/user-defined + * + * @par category = the category associated to the protocol + * @return 1 if this is a custom user category, 0 otherwise + * + */ + int ndpi_is_custom_category(ndpi_protocol_category_t category); + /** * Get protocol category as string * diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index e5e9053e8..51c0df449 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -748,10 +748,10 @@ typedef enum { NDPI_PROTOCOL_CATEGORY_MEDIA, /* Multimedia and streaming */ NDPI_PROTOCOL_CATEGORY_VPN, /* Virtual Private Networks */ NDPI_PROTOCOL_CATEGORY_MAIL, /* Protocols to send/receive/sync emails */ - NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, /* FTP and similar protocols */ + NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER, /* AFS/NFS and similar protocols */ NDPI_PROTOCOL_CATEGORY_WEB, /* Web protocols and services */ NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, /* Social networks */ - NDPI_PROTOCOL_CATEGORY_P2P, /* File sharing and P2P */ + NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, /* Download, FTP, file transfer/sharing and P2P */ NDPI_PROTOCOL_CATEGORY_GAME, /* Online games */ NDPI_PROTOCOL_CATEGORY_CHAT, /* Instant messaging */ NDPI_PROTOCOL_CATEGORY_VOIP, /* Real-time communications and conferencing */ @@ -762,8 +762,13 @@ typedef enum { NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, /* Software for collaborative development, including Webmail */ NDPI_PROTOCOL_CATEGORY_RPC, /* High level network communication protocols */ NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, /* Network administration and monitor protocols */ - NDPI_PROTOCOL_CATEGORY_SYSTEM, /* System level applications */ + NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, /* System/Operating System level applications */ NDPI_PROTOCOL_CATEGORY_SW_UPDATE, /* Software update */ + NDPI_PROTOCOL_CATEGORY_CUSTOM_1, /* User custom category 1 */ + NDPI_PROTOCOL_CATEGORY_CUSTOM_2, /* User custom category 2 */ + NDPI_PROTOCOL_CATEGORY_CUSTOM_3, /* User custom category 3 */ + NDPI_PROTOCOL_CATEGORY_CUSTOM_4, /* User custom category 4 */ + NDPI_PROTOCOL_CATEGORY_CUSTOM_5, /* User custom category 5 */ NDPI_PROTOCOL_NUM_CATEGORIES /* NOTE: Keep this as last member diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index b2131e413..3def0f7b7 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8192,8 +8192,8 @@ ndpi_protocol_match host_match[] = { { ".deezer.com", "Deezer", NDPI_PROTOCOL_DEEZER, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { ".microsoft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { "i-msdn.sec.s-msft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, - { "i2-msdn.sec.s-msft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM, NDPI_PROTOCOL_ACCEPTABLE }, + { "i-msdn.sec.s-msft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, NDPI_PROTOCOL_ACCEPTABLE }, + { "i2-msdn.sec.s-msft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, NDPI_PROTOCOL_ACCEPTABLE }, { ".webtrends.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".msecnd.net", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "bing.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, @@ -8287,9 +8287,9 @@ ndpi_protocol_match host_match[] = { { "dnscrypt.org", "DNScrypt", NDPI_PROTOCOL_DNSCRYPT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, - { "torrent.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_P2P, NDPI_PROTOCOL_UNSAFE }, - { "torrents.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_P2P, NDPI_PROTOCOL_UNSAFE }, - { "torrentz.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_P2P, NDPI_PROTOCOL_UNSAFE }, + { "torrent.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE }, + { "torrents.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE }, + { "torrentz.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE }, { ".nintendo.net", "Nintendo", NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, { ".nintendo.com", "Nintendo", NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, @@ -8297,7 +8297,7 @@ ndpi_protocol_match host_match[] = { { ".playstation.com", "Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, { ".sonyentertainmentnetwork.com","Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".pastebin.com", "Pastebin", NDPI_PROTOCOL_PASTEBIN, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, + { ".pastebin.com", "Pastebin", NDPI_PROTOCOL_PASTEBIN, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, { ".linkedin.com", "LinkedIn", NDPI_PROTOCOL_LINKEDIN, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { ".licdn.com", "LinkedIn", NDPI_PROTOCOL_LINKEDIN, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, @@ -8354,17 +8354,17 @@ ndpi_protocol_match content_match[] = { { "video/webm", NULL, NDPI_CONTENT_WEBM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "application/x-rtsp-tunnelled", NULL, NDPI_PROTOCOL_RTSP, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "application/vnd.apple.mpegurl",NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/x-tar", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, - { "application/octet-stream", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, - { "application/mac-binary", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, - { "/x-bzip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, - { "/x-gzip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, - { "/x-zip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, - { "/zip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, - { "binhex", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, - { "/base64", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, - { "application/gnutar", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, - { "application/x-compressed", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, NDPI_PROTOCOL_ACCEPTABLE }, + { "application/x-tar", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "application/octet-stream", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "application/mac-binary", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "/x-bzip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "/x-gzip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "/x-zip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "/zip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "binhex", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "/base64", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "application/gnutar", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "application/x-compressed", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, { NULL, 0 } }; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 26983f0a8..fccedecb0 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -436,8 +436,7 @@ void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol_breed_t breed, u_int16_t protoId, u_int16_t tcp_master_protoId[2], u_int16_t udp_master_protoId[2], char *protoName, ndpi_protocol_category_t protoCategory, - ndpi_port_range *tcpDefPorts, ndpi_port_range *udpDefPorts) -{ + ndpi_port_range *tcpDefPorts, ndpi_port_range *udpDefPorts) { char *name; int j; @@ -706,12 +705,12 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_FTP_CONTROL, no_master, - no_master, "FTP_CONTROL", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, + no_master, "FTP_CONTROL", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 21, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_FTP_DATA, no_master, - no_master, "FTP_DATA", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, + no_master, "FTP_DATA", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 20, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MAIL_POP, @@ -751,7 +750,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 53, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IPP, no_master, - no_master, "IPP", NDPI_PROTOCOL_CATEGORY_SYSTEM, + no_master, "IPP", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HEP, @@ -771,22 +770,22 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 5353, 5354, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NTP, no_master, - no_master, "NTP", NDPI_PROTOCOL_CATEGORY_SYSTEM, + no_master, "NTP", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 123, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NETBIOS, no_master, - no_master, "NetBIOS", NDPI_PROTOCOL_CATEGORY_SYSTEM, + no_master, "NetBIOS", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, ndpi_build_default_ports(ports_a, 139, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 137, 138, 139, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NFS, no_master, - no_master, "NFS", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, + no_master, "NFS", NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER, ndpi_build_default_ports(ports_a, 2049, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 2049, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SSDP, no_master, - no_master, "SSDP", NDPI_PROTOCOL_CATEGORY_SYSTEM, + no_master, "SSDP", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BGP, @@ -806,12 +805,12 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 177, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SMB, no_master, - no_master, "SMB", NDPI_PROTOCOL_CATEGORY_SYSTEM, + no_master, "SMB", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, ndpi_build_default_ports(ports_a, 445, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SYSLOG, no_master, - no_master, "Syslog", NDPI_PROTOCOL_CATEGORY_SYSTEM, + no_master, "Syslog", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, ndpi_build_default_ports(ports_a, 514, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 514, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DHCP, @@ -831,17 +830,17 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK, no_master, - no_master, "Direct_Download_Link", NDPI_PROTOCOL_CATEGORY_P2P, + no_master, "Direct_Download_Link", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_APPLEJUICE, no_master, - no_master, "AppleJuice", NDPI_PROTOCOL_CATEGORY_P2P, + no_master, "AppleJuice", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_DIRECTCONNECT, no_master, - no_master, "DirectConnect", NDPI_PROTOCOL_CATEGORY_P2P, + no_master, "DirectConnect", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_SOCRATES, @@ -856,7 +855,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 902, 903, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_FILETOPIA, no_master, - no_master, "Filetopia", NDPI_PROTOCOL_CATEGORY_P2P, + no_master, "Filetopia", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_KONTIKI, @@ -866,29 +865,34 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_OPENFT, no_master, - no_master, "OpenFT", NDPI_PROTOCOL_CATEGORY_P2P, + no_master, "OpenFT", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_FASTTRACK, no_master, - no_master, "FastTrack", NDPI_PROTOCOL_CATEGORY_P2P, + no_master, "FastTrack", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_GNUTELLA, no_master, - no_master, "Gnutella", NDPI_PROTOCOL_CATEGORY_P2P, + no_master, "Gnutella", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_EDONKEY, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_EDONKEY, no_master, - no_master, "eDonkey", NDPI_PROTOCOL_CATEGORY_P2P, + no_master, "eDonkey", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_BITTORRENT, no_master, - no_master, "BitTorrent", NDPI_PROTOCOL_CATEGORY_P2P, + no_master, "BitTorrent", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 51413, 53646, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 6771, 51413, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYPE, + no_master, + no_master, "Skype", NDPI_PROTOCOL_CATEGORY_VOIP, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TEREDO, no_master, no_master, "Teredo", NDPI_PROTOCOL_CATEGORY_NETWORK, @@ -1001,7 +1005,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP_DOWNLOAD, no_master, - no_master, "HTTP_Download", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, + no_master, "HTTP_Download", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_QQLIVE, @@ -1011,12 +1015,12 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_THUNDER, no_master, - no_master, "Thunder", NDPI_PROTOCOL_CATEGORY_P2P, + no_master, "Thunder", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_SOULSEEK, no_master, - no_master, "Soulseek", NDPI_PROTOCOL_CATEGORY_P2P, + no_master, "Soulseek", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); @@ -1187,17 +1191,17 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 4569, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_AFP, no_master, - no_master, "AFP", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, + no_master, "AFP", NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER, ndpi_build_default_ports(ports_a, 548, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 548, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_STEALTHNET, no_master, - no_master, "Stealthnet", NDPI_PROTOCOL_CATEGORY_P2P, + no_master, "Stealthnet", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_AIMINI, no_master, - no_master, "Aimini", NDPI_PROTOCOL_CATEGORY_P2P, + no_master, "Aimini", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SIP, @@ -1262,7 +1266,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 88, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LDAP, no_master, - no_master, "LDAP", NDPI_PROTOCOL_CATEGORY_SYSTEM, + no_master, "LDAP", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, ndpi_build_default_ports(ports_a, 389, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 389, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_MAPLESTORY, @@ -1463,7 +1467,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RSYNC, no_master, - no_master, "RSYNC", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, + no_master, "RSYNC", NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER, ndpi_build_default_ports(ports_a, 873, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_ORACLE, @@ -1488,7 +1492,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_COLLECTD, no_master, - no_master, "Collectd", NDPI_PROTOCOL_CATEGORY_SYSTEM, + no_master, "Collectd", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 25826, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SOCKS, @@ -1498,7 +1502,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 1080, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TFTP, no_master, - no_master, "TFTP", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, + no_master, "TFTP", NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 69, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RTMP, @@ -1583,12 +1587,12 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BJNP, no_master, - no_master, "BJNP", NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, + no_master, "BJNP", NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 8612, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SMPP, no_master, - no_master, "SMPP", NDPI_PROTOCOL_CATEGORY_P2P, + no_master, "SMPP", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_OOKLA, @@ -1631,8 +1635,12 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp init_string_based_protocols(ndpi_mod); for(i=0; i<(int)ndpi_mod->ndpi_num_supported_protocols; i++) { - if(ndpi_mod->proto_defaults[i].protoName == NULL) { - printf("[NDPI] %s(missing protoId=%d) INTERNAL ERROR: not all protocols have been initialized\n", __FUNCTION__, i); + if((ndpi_mod->proto_defaults[i].protoName == NULL) + || ((i != NDPI_PROTOCOL_UNKNOWN) + && (ndpi_mod->proto_defaults[i].protoCategory == NDPI_PROTOCOL_CATEGORY_UNSPECIFIED))) { + printf("[NDPI] %s(missing protoId=%d/%s) INTERNAL ERROR: not all protocols have been initialized\n", + __FUNCTION__, i, + ndpi_mod->proto_defaults[i].protoName ? ndpi_mod->proto_defaults[i].protoName : "???"); } } } @@ -4543,6 +4551,24 @@ char* ndpi_protocol2name(struct ndpi_detection_module_struct *ndpi_mod, /* ****************************************************** */ +int ndpi_is_custom_category(ndpi_protocol_category_t category) { + switch(category) { + case NDPI_PROTOCOL_CATEGORY_CUSTOM_1: + case NDPI_PROTOCOL_CATEGORY_CUSTOM_2: + case NDPI_PROTOCOL_CATEGORY_CUSTOM_3: + case NDPI_PROTOCOL_CATEGORY_CUSTOM_4: + case NDPI_PROTOCOL_CATEGORY_CUSTOM_5: + return(1); + break; + + default: + return(0); + break; + } +} + +/* ****************************************************** */ + const char* ndpi_category_str(ndpi_protocol_category_t category) { switch(category) { case NDPI_PROTOCOL_CATEGORY_MEDIA: @@ -4551,11 +4577,14 @@ const char* ndpi_category_str(ndpi_protocol_category_t category) { case NDPI_PROTOCOL_CATEGORY_VPN: return("VPN"); break; + case NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER: + return("DataTransfer"); + break; case NDPI_PROTOCOL_CATEGORY_MAIL: return("Email"); break; - case NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER: - return("FileTransfer"); + case NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT: + return("Download/P2P/FileTransfer/FileSharing"); break; case NDPI_PROTOCOL_CATEGORY_WEB: return("Web"); @@ -4563,9 +4592,6 @@ const char* ndpi_category_str(ndpi_protocol_category_t category) { case NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK: return("SocialNetwork"); break; - case NDPI_PROTOCOL_CATEGORY_P2P: - return("P2P"); - break; case NDPI_PROTOCOL_CATEGORY_GAME: return("Game"); break; @@ -4596,7 +4622,7 @@ const char* ndpi_category_str(ndpi_protocol_category_t category) { case NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL: return("NetworkTool"); break; - case NDPI_PROTOCOL_CATEGORY_SYSTEM: + case NDPI_PROTOCOL_CATEGORY_SYSTEM_OS: return("System"); break; case NDPI_PROTOCOL_CATEGORY_UNSPECIFIED: @@ -4605,6 +4631,21 @@ const char* ndpi_category_str(ndpi_protocol_category_t category) { case NDPI_PROTOCOL_CATEGORY_SW_UPDATE: return("SoftwareUpdate"); break; + case NDPI_PROTOCOL_CATEGORY_CUSTOM_1: + return("User custom category 1"); + break; + case NDPI_PROTOCOL_CATEGORY_CUSTOM_2: + return("User custom category 2"); + break; + case NDPI_PROTOCOL_CATEGORY_CUSTOM_3: + return("User custom category 3"); + break; + case NDPI_PROTOCOL_CATEGORY_CUSTOM_4: + return("User custom category 4"); + break; + case NDPI_PROTOCOL_CATEGORY_CUSTOM_5: + return("User custom category 5"); + break; case NDPI_PROTOCOL_NUM_CATEGORIES: return("Code should not use this internal constant"); break; -- cgit v1.2.3 From 1808519b5bee1d53ce10e76c2d529ac47d83d504 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Fri, 15 Sep 2017 11:23:34 +0200 Subject: Reorganized protocol families Added new API calls ndpi_set_proto_breed() and ndpi_set_proto_category() for overwriting nDPI protocol specifications --- src/include/ndpi_api.h | 27 ++++++++++++++++++++++++--- src/lib/ndpi_main.c | 20 ++++++++++++++++++++ 2 files changed, 44 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 325ee0564..5b0fe617b 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -387,17 +387,16 @@ extern "C" { /** * Check if the string -bigram_to_match- match with a bigram of -automa- * - * @par ndpi_struct = the detection module + * @par ndpi_mod = the detection module * @par automa = the struct ndpi_automa for the bigram * @par bigram_to_match = the bigram string to match * @return 0 * */ - int ndpi_match_bigram(struct ndpi_detection_module_struct *ndpi_struct, + int ndpi_match_bigram(struct ndpi_detection_module_struct *ndpi_mod, ndpi_automa *automa, char *bigram_to_match); - /** * Write the protocol name in the buffer -buf- as master_protocol.protocol * @@ -419,6 +418,28 @@ extern "C" { */ int ndpi_is_custom_category(ndpi_protocol_category_t category); + /** + * Overwrite a protocol category defined by nDPI with the custom category + * + * @par ndpi_mod = the detection module + * @par protoId = the protocol identifier to overwrite + * @par breed = the breed to be associated to the protocol + * + */ + void ndpi_set_proto_breed(struct ndpi_detection_module_struct *ndpi_mod, + u_int16_t protoId, ndpi_protocol_breed_t breed); + + /** + * Overwrite a protocol category defined by nDPI with the custom category + * + * @par ndpi_mod = the detection module + * @par protoId = the protocol identifier to overwrite + * @par category = the category associated to the protocol + * + */ + void ndpi_set_proto_category(struct ndpi_detection_module_struct *ndpi_mod, + u_int16_t protoId, ndpi_protocol_category_t protoCategory); + /** * Get protocol category as string * diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index fccedecb0..0a0d30bbb 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -432,6 +432,26 @@ ndpi_port_range * ndpi_build_default_ports(ndpi_port_range *ports, /* ********************************************************************************** */ +void ndpi_set_proto_breed(struct ndpi_detection_module_struct *ndpi_mod, + u_int16_t protoId, ndpi_protocol_breed_t breed) { + if(protoId >= NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS) + return; + else + ndpi_mod->proto_defaults[protoId].protoBreed = breed; +} + +/* ********************************************************************************** */ + +void ndpi_set_proto_category(struct ndpi_detection_module_struct *ndpi_mod, + u_int16_t protoId, ndpi_protocol_category_t protoCategory) { + if(protoId >= NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS) + return; + else + ndpi_mod->proto_defaults[protoId].protoCategory = protoCategory; +} + +/* ********************************************************************************** */ + void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol_breed_t breed, u_int16_t protoId, u_int16_t tcp_master_protoId[2], u_int16_t udp_master_protoId[2], -- cgit v1.2.3 From 4176fd5068ed84c9f662a4b9ba97aa7794354fa4 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Fri, 15 Sep 2017 11:56:40 +0200 Subject: Reworked categories --- src/include/ndpi_typedefs.h | 2 +- src/lib/ndpi_content_match.c.inc | 30 +++++++++++++++--------------- src/lib/ndpi_main.c | 38 +++++++++++++++++++------------------- 3 files changed, 35 insertions(+), 35 deletions(-) (limited to 'src') diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 51c0df449..71e2ba560 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -751,7 +751,7 @@ typedef enum { NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER, /* AFS/NFS and similar protocols */ NDPI_PROTOCOL_CATEGORY_WEB, /* Web protocols and services */ NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, /* Social networks */ - NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, /* Download, FTP, file transfer/sharing and P2P */ + NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, /* Download, FTP, file transfer/sharing */ NDPI_PROTOCOL_CATEGORY_GAME, /* Online games */ NDPI_PROTOCOL_CATEGORY_CHAT, /* Instant messaging */ NDPI_PROTOCOL_CATEGORY_VOIP, /* Real-time communications and conferencing */ diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 3def0f7b7..e06740871 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8287,9 +8287,9 @@ ndpi_protocol_match host_match[] = { { "dnscrypt.org", "DNScrypt", NDPI_PROTOCOL_DNSCRYPT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, - { "torrent.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE }, - { "torrents.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE }, - { "torrentz.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE }, + { "torrent.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE }, + { "torrents.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE }, + { "torrentz.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE }, { ".nintendo.net", "Nintendo", NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, { ".nintendo.com", "Nintendo", NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, @@ -8297,7 +8297,7 @@ ndpi_protocol_match host_match[] = { { ".playstation.com", "Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, { ".sonyentertainmentnetwork.com","Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".pastebin.com", "Pastebin", NDPI_PROTOCOL_PASTEBIN, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, + { ".pastebin.com", "Pastebin", NDPI_PROTOCOL_PASTEBIN, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, { ".linkedin.com", "LinkedIn", NDPI_PROTOCOL_LINKEDIN, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { ".licdn.com", "LinkedIn", NDPI_PROTOCOL_LINKEDIN, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, @@ -8354,17 +8354,17 @@ ndpi_protocol_match content_match[] = { { "video/webm", NULL, NDPI_CONTENT_WEBM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "application/x-rtsp-tunnelled", NULL, NDPI_PROTOCOL_RTSP, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "application/vnd.apple.mpegurl",NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/x-tar", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, - { "application/octet-stream", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, - { "application/mac-binary", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, - { "/x-bzip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, - { "/x-gzip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, - { "/x-zip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, - { "/zip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, - { "binhex", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, - { "/base64", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, - { "application/gnutar", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, - { "application/x-compressed", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "application/x-tar", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "application/octet-stream", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "application/mac-binary", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "/x-bzip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "/x-gzip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "/x-zip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "/zip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "binhex", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "/base64", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "application/gnutar", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "application/x-compressed", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, { NULL, 0 } }; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 0a0d30bbb..a35a27042 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -725,12 +725,12 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_FTP_CONTROL, no_master, - no_master, "FTP_CONTROL", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, + no_master, "FTP_CONTROL", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 21, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_FTP_DATA, no_master, - no_master, "FTP_DATA", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, + no_master, "FTP_DATA", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 20, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_MAIL_POP, @@ -850,17 +850,17 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK, no_master, - no_master, "Direct_Download_Link", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, + no_master, "Direct_Download_Link", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_APPLEJUICE, no_master, - no_master, "AppleJuice", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, + no_master, "AppleJuice", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_DIRECTCONNECT, no_master, - no_master, "DirectConnect", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, + no_master, "DirectConnect", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_SOCRATES, @@ -875,7 +875,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 902, 903, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_FILETOPIA, no_master, - no_master, "Filetopia", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, + no_master, "Filetopia", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_KONTIKI, @@ -885,27 +885,27 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_OPENFT, no_master, - no_master, "OpenFT", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, + no_master, "OpenFT", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_FASTTRACK, no_master, - no_master, "FastTrack", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, + no_master, "FastTrack", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_GNUTELLA, no_master, - no_master, "Gnutella", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, + no_master, "Gnutella", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_EDONKEY, no_master, - no_master, "eDonkey", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, + no_master, "eDonkey", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_UNSAFE, NDPI_PROTOCOL_BITTORRENT, no_master, - no_master, "BitTorrent", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, + no_master, "BitTorrent", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 51413, 53646, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 6771, 51413, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYPE, @@ -1025,7 +1025,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP_DOWNLOAD, no_master, - no_master, "HTTP_Download", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, + no_master, "HTTP_Download", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_QQLIVE, @@ -1035,12 +1035,12 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_THUNDER, no_master, - no_master, "Thunder", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, + no_master, "Thunder", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_SOULSEEK, no_master, - no_master, "Soulseek", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, + no_master, "Soulseek", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); @@ -1216,12 +1216,12 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 548, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_STEALTHNET, no_master, - no_master, "Stealthnet", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, + no_master, "Stealthnet", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_AIMINI, no_master, - no_master, "Aimini", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, + no_master, "Aimini", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SIP, @@ -1612,7 +1612,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 8612, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SMPP, no_master, - no_master, "SMPP", NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT, + no_master, "SMPP", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_OOKLA, @@ -4603,8 +4603,8 @@ const char* ndpi_category_str(ndpi_protocol_category_t category) { case NDPI_PROTOCOL_CATEGORY_MAIL: return("Email"); break; - case NDPI_PROTOCOL_CATEGORY_P2P_DOWNLOAD_FT: - return("Download/P2P/FileTransfer/FileSharing"); + case NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT: + return("Download/FileTransfer/FileSharing"); break; case NDPI_PROTOCOL_CATEGORY_WEB: return("Web"); -- cgit v1.2.3 From d6f7dd9c08b8abcaa964f19c3f34c24ed2c558cd Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sun, 17 Sep 2017 21:25:55 +0200 Subject: Implemented DHCP field 55 decode --- src/include/ndpi_typedefs.h | 4 +++- src/lib/protocols/dhcp.c | 25 +++++++++++++++++++------ 2 files changed, 22 insertions(+), 7 deletions(-) (limited to 'src') diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 71e2ba560..55c056bfb 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -908,6 +908,8 @@ struct ndpi_detection_module_struct { direction_detect_disable:1; /* disable internal detection of packet direction */ }; +#define dhcp_fingerprint host_server_name + struct ndpi_flow_struct { u_int16_t detected_protocol_stack[NDPI_PROTOCOL_SIZE]; #ifndef WIN32 @@ -946,7 +948,7 @@ struct ndpi_flow_struct { */ struct ndpi_id_struct *server_id; /* HTTP host or DNS query */ - u_char host_server_name[256]; + u_char host_server_name[256]; /* Shared with dhcp_fingerprint */ /* Via HTTP User-Agent */ u_char detected_os[32]; /* Via HTTP X-Forwarded-For */ diff --git a/src/lib/protocols/dhcp.c b/src/lib/protocols/dhcp.c index 38711c911..ee5b12834 100644 --- a/src/lib/protocols/dhcp.c +++ b/src/lib/protocols/dhcp.c @@ -78,24 +78,36 @@ void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct, stru while(i < DHCP_VEND_LEN) { u_int8_t id = dhcp->options[i]; - if(id == 0xFF) break; + + if(id == 0xFF) + break; else { u_int8_t len = dhcp->options[i+1]; - + if(len == 0) break; - + #ifdef DHCP_DEBUG printf("[DHCP] Id=%d [len=%d]\n", id, len); #endif - + if(id == 53 /* DHCP Message Type */) { u_int8_t msg_type = dhcp->options[i+2]; - + if(msg_type <= 8) foundValidMsgType = 1; + } else if(id == 55 /* Parameter Request List / Fingerprint */) { + u_int idx, offset = 0, + hex_len = ndpi_min(len * 2, sizeof(flow->dhcp_fingerprint)); + + for(idx=0; idxdhcp_fingerprint[offset], + sizeof(flow->dhcp_fingerprint)-offset-1, + "%02X", dhcp->options[i+2+idx] & 0xFF); + offset += 2; + } } else if(id == 12 /* Host Name */) { char *name = (char*)&dhcp->options[i+2]; int j = 0; - + #ifdef DHCP_DEBUG printf("[DHCP] "); while(j < len) { printf("%c", name[j]); j++; } @@ -105,6 +117,7 @@ void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct, stru strncpy((char*)flow->host_server_name, name, j); flow->host_server_name[j] = '\0'; } + i += len + 2; } } -- cgit v1.2.3 From 1a4e57e7366685e5ece5ed8576155c5e7c934efb Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sun, 17 Sep 2017 23:34:46 +0200 Subject: Code rework --- example/ndpi_util.c | 4 ++-- src/include/ndpi_typedefs.h | 26 +++++++++++++++++--------- src/lib/protocols/bittorrent.c | 4 ++-- src/lib/protocols/dhcp.c | 6 +++--- src/lib/protocols/http.c | 8 ++++---- 5 files changed, 28 insertions(+), 20 deletions(-) (limited to 'src') diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 618a51882..d57e9e90e 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -421,8 +421,8 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl int i, j, n = 0; for(i=0, j = 0; j < sizeof(flow->bittorent_hash)-1; i++) { - sprintf(&flow->bittorent_hash[j], "%02x", flow->ndpi_flow->bittorent_hash[i]); - j += 2, n += flow->ndpi_flow->bittorent_hash[i]; + sprintf(&flow->bittorent_hash[j], "%02x", flow->ndpi_flow->protos.bittorrent.hash[i]); + j += 2, n += flow->ndpi_flow->protos.bittorrent.hash[i]; } if(n == 0) flow->bittorent_hash[0] = '\0'; diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 55c056bfb..58cb8263d 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -908,8 +908,6 @@ struct ndpi_detection_module_struct { direction_detect_disable:1; /* disable internal detection of packet direction */ }; -#define dhcp_fingerprint host_server_name - struct ndpi_flow_struct { u_int16_t detected_protocol_stack[NDPI_PROTOCOL_SIZE]; #ifndef WIN32 @@ -948,13 +946,7 @@ struct ndpi_flow_struct { */ struct ndpi_id_struct *server_id; /* HTTP host or DNS query */ - u_char host_server_name[256]; /* Shared with dhcp_fingerprint */ - /* Via HTTP User-Agent */ - u_char detected_os[32]; - /* Via HTTP X-Forwarded-For */ - u_char nat_ip[24]; - /* Bittorrent hash */ - u_char bittorent_hash[20]; + u_char host_server_name[256]; /* This structure below will not not stay inside the protos @@ -998,6 +990,22 @@ struct ndpi_flow_struct { struct { char version[96]; } ubntac2; + + struct { + /* Via HTTP User-Agent */ + u_char detected_os[32]; + /* Via HTTP X-Forwarded-For */ + u_char nat_ip[24]; + } http; + + struct { + /* Bittorrent hash */ + u_char hash[20]; + } bittorrent; + + struct { + char fingerprint[48]; + } dhcp; } protos; /*** ALL protocol specific 64 bit variables here ***/ diff --git a/src/lib/protocols/bittorrent.c b/src/lib/protocols/bittorrent.c index e7a5e890a..a3eef585c 100644 --- a/src/lib/protocols/bittorrent.c +++ b/src/lib/protocols/bittorrent.c @@ -67,7 +67,7 @@ static void ndpi_add_connection_as_bittorrent(struct ndpi_detection_module_struc } else bt_hash = (const char*)&flow->packet.payload[28]; - if(bt_hash) memcpy(flow->bittorent_hash, bt_hash, 20); + if(bt_hash) memcpy(flow->protos.bittorrent.hash, bt_hash, 20); } ndpi_int_change_protocol(ndpi_struct, flow, NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_UNKNOWN); @@ -479,7 +479,7 @@ void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, st ) { bittorrent_found: if(bt_proto && (packet->payload_packet_len > 47)) - memcpy(flow->bittorent_hash, &bt_proto[27], 20); + memcpy(flow->protos.bittorrent.hash, &bt_proto[27], 20); NDPI_LOG(NDPI_PROTOCOL_BITTORRENT, ndpi_struct, NDPI_LOG_TRACE, "BT: plain BitTorrent protocol detected\n"); diff --git a/src/lib/protocols/dhcp.c b/src/lib/protocols/dhcp.c index ee5b12834..cdf33947e 100644 --- a/src/lib/protocols/dhcp.c +++ b/src/lib/protocols/dhcp.c @@ -96,11 +96,11 @@ void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct, stru if(msg_type <= 8) foundValidMsgType = 1; } else if(id == 55 /* Parameter Request List / Fingerprint */) { u_int idx, offset = 0, - hex_len = ndpi_min(len * 2, sizeof(flow->dhcp_fingerprint)); + hex_len = ndpi_min(len * 2, sizeof(flow->protos.dhcp.fingerprint)); for(idx=0; idxdhcp_fingerprint[offset], - sizeof(flow->dhcp_fingerprint)-offset-1, + snprintf((char*)&flow->protos.dhcp.fingerprint[offset], + sizeof(flow->protos.dhcp.fingerprint)-offset-1, "%02X", dhcp->options[i+2+idx] & 0xFF); offset += 2; } diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 3fd304867..4ff65096b 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -167,7 +167,7 @@ static void setHttpUserAgent(struct ndpi_flow_struct *flow, char *ua) { * https://github.com/ua-parser/uap-core/blob/master/regexes.yaml */ //printf("==> %s\n", ua); - snprintf((char*)flow->detected_os, sizeof(flow->detected_os), "%s", ua); + snprintf((char*)flow->protos.http.detected_os, sizeof(flow->protos.http.detected_os), "%s", ua); } static void parseHttpSubprotocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -360,9 +360,9 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ strncpy((char*)flow->host_server_name, (char*)packet->host_line.ptr, len); flow->host_server_name[len] = '\0', flow->server_id = flow->dst; - len = ndpi_min(packet->forwarded_line.len, sizeof(flow->nat_ip)-1); - strncpy((char*)flow->nat_ip, (char*)packet->forwarded_line.ptr, len); - flow->nat_ip[len] = '\0'; + len = ndpi_min(packet->forwarded_line.len, sizeof(flow->protos.http.nat_ip)-1); + strncpy((char*)flow->protos.http.nat_ip, (char*)packet->forwarded_line.ptr, len); + flow->protos.http.nat_ip[len] = '\0'; if(ndpi_struct->http_dont_dissect_response) parseHttpSubprotocol(ndpi_struct, flow); -- cgit v1.2.3 From 9fb5981128b3d2bc75e72cc805df918b3944b92e Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 19 Sep 2017 22:39:00 +0200 Subject: Added ndpi_category_set_name() API call --- example/ndpiReader.c | 4 --- libndpi.sym | 5 ++- src/include/ndpi_api.h | 15 ++++++++- src/include/ndpi_typedefs.h | 6 +++- src/lib/ndpi_main.c | 78 +++++++++++++++++++++++++++++++++++---------- 5 files changed, 84 insertions(+), 24 deletions(-) (limited to 'src') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 1d1215548..9def14de1 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -2783,7 +2783,6 @@ static void produceBpfFilter(char *filePath) { @brief MAIN FUNCTION **/ int main(int argc, char **argv) { - int i; automataUnitTest(); @@ -2799,7 +2798,6 @@ int main(int argc, char **argv) { #endif } - if((!json_flag) && (!quiet_mode)) { printf("\n-----------------------------------------------------------\n" "* NOTE: This is demo app to show *some* nDPI features.\n" @@ -2823,7 +2821,6 @@ int main(int argc, char **argv) { return 0; } - #ifdef WIN32 #ifndef __GNUC__ #define EPOCHFILETIME (116444736000000000i64) @@ -2831,7 +2828,6 @@ int main(int argc, char **argv) { #define EPOCHFILETIME (116444736000000000LL) #endif - /** @brief Timezone **/ diff --git a/libndpi.sym b/libndpi.sym index 6eb2f7bcb..61058e84e 100644 --- a/libndpi.sym +++ b/libndpi.sym @@ -51,4 +51,7 @@ set_ndpi_free set_ndpi_debug_function ndpi_category_str ndpi_get_proto_category -ndpi_netbios_name_interpret \ No newline at end of file +ndpi_netbios_name_interpret +ndpi_category_set_name +ndpi_category_get_name +ndpi_is_custom_category diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 5b0fe617b..7d9c1bab7 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -443,11 +443,24 @@ extern "C" { /** * Get protocol category as string * + * @par mod = the detection module * @par category = the category associated to the protocol * @return the string name of the category * */ - const char* ndpi_category_str(ndpi_protocol_category_t category); + const char* ndpi_category_get_name(struct ndpi_detection_module_struct *ndpi_mod, + ndpi_protocol_category_t category); + + /** + * Set protocol category string + * + * @par mod = the detection module + * @par category = the category associated to the protocol + * @paw name = the string name of the category + * + */ + void ndpi_category_set_name(struct ndpi_detection_module_struct *ndpi_mod, + ndpi_protocol_category_t category, char *name); /** * Get protocol category diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 58cb8263d..d15114b40 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -764,6 +764,7 @@ typedef enum { NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, /* Network administration and monitor protocols */ NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, /* System/Operating System level applications */ NDPI_PROTOCOL_CATEGORY_SW_UPDATE, /* Software update */ + /* See #define NUM_CUSTOM_CATEGORIES */ NDPI_PROTOCOL_CATEGORY_CUSTOM_1, /* User custom category 1 */ NDPI_PROTOCOL_CATEGORY_CUSTOM_2, /* User custom category 2 */ NDPI_PROTOCOL_CATEGORY_CUSTOM_3, /* User custom category 3 */ @@ -804,6 +805,9 @@ typedef struct ndpi_proto { #define NDPI_PROTOCOL_NULL { NDPI_PROTOCOL_UNKNOWN , NDPI_PROTOCOL_UNKNOWN } +#define NUM_CUSTOM_CATEGORIES 5 +#define CUSTOM_CATEGORY_LABEL_LEN 32 + struct ndpi_detection_module_struct { NDPI_PROTOCOL_BITMASK detection_bitmask; NDPI_PROTOCOL_BITMASK generic_http_packet_bitmask; @@ -814,7 +818,7 @@ struct ndpi_detection_module_struct { #ifdef NDPI_ENABLE_DEBUG_MESSAGES void *user_data; #endif - + char custom_category_labels[NUM_CUSTOM_CATEGORIES][CUSTOM_CATEGORY_LABEL_LEN]; /* callback function buffer */ struct ndpi_call_function_struct callback_buffer[NDPI_MAX_SUPPORTED_PROTOCOLS + 1]; u_int32_t callback_buffer_size; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index a35a27042..b2a564bee 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1839,7 +1839,8 @@ void set_ndpi_debug_function(struct ndpi_detection_module_struct *ndpi_str, ndpi struct ndpi_detection_module_struct *ndpi_init_detection_module(void) { struct ndpi_detection_module_struct *ndpi_str = ndpi_malloc(sizeof(struct ndpi_detection_module_struct)); - + int i; + if(ndpi_str == NULL) { #ifdef NDPI_ENABLE_DEBUG_MESSAGES NDPI_LOG(0, ndpi_str, NDPI_LOG_DEBUG, "ndpi_init_detection_module initial malloc failed for ndpi_str\n"); @@ -1890,6 +1891,11 @@ struct ndpi_detection_module_struct *ndpi_init_detection_module(void) { ndpi_str->impossible_bigrams_automa.ac_automa = ac_automata_init(ac_match_handler); ndpi_init_protocol_defaults(ndpi_str); + + for(i=0; icustom_category_labels[i], + CUSTOM_CATEGORY_LABEL_LEN, "User custom category %u", i+1); + return ndpi_str; } @@ -2269,17 +2275,18 @@ int ndpi_load_protocols_file(struct ndpi_detection_module_struct *ndpi_mod, char return(0); } +/* ******************************************************************** */ + /* ntop */ -void ndpi_set_bitmask_protocol_detection( char * label, - struct ndpi_detection_module_struct *ndpi_struct, - const NDPI_PROTOCOL_BITMASK * detection_bitmask, - const u_int32_t idx, - u_int16_t ndpi_protocol_id, - void (*func) (struct ndpi_detection_module_struct *, struct ndpi_flow_struct *flow), - const NDPI_SELECTION_BITMASK_PROTOCOL_SIZE ndpi_selection_bitmask, - u_int8_t b_save_bitmask_unknow, - u_int8_t b_add_detection_bitmask) -{ +void ndpi_set_bitmask_protocol_detection(char * label, + struct ndpi_detection_module_struct *ndpi_struct, + const NDPI_PROTOCOL_BITMASK * detection_bitmask, + const u_int32_t idx, + u_int16_t ndpi_protocol_id, + void (*func) (struct ndpi_detection_module_struct *, struct ndpi_flow_struct *flow), + const NDPI_SELECTION_BITMASK_PROTOCOL_SIZE ndpi_selection_bitmask, + u_int8_t b_save_bitmask_unknow, + u_int8_t b_add_detection_bitmask) { /* Compare specify protocol bitmask with main detection bitmask */ @@ -4589,7 +4596,44 @@ int ndpi_is_custom_category(ndpi_protocol_category_t category) { /* ****************************************************** */ -const char* ndpi_category_str(ndpi_protocol_category_t category) { +void ndpi_category_set_name(struct ndpi_detection_module_struct *ndpi_mod, + ndpi_protocol_category_t category, char *name) { + + if(!name) return; + + switch(category) { + case NDPI_PROTOCOL_CATEGORY_CUSTOM_1: + snprintf(ndpi_mod->custom_category_labels[0], CUSTOM_CATEGORY_LABEL_LEN, "%s", name); + break; + + case NDPI_PROTOCOL_CATEGORY_CUSTOM_2: + snprintf(ndpi_mod->custom_category_labels[1], CUSTOM_CATEGORY_LABEL_LEN, "%s", name); + break; + + case NDPI_PROTOCOL_CATEGORY_CUSTOM_3: + snprintf(ndpi_mod->custom_category_labels[2], CUSTOM_CATEGORY_LABEL_LEN, "%s", name); + break; + + case NDPI_PROTOCOL_CATEGORY_CUSTOM_4: + snprintf(ndpi_mod->custom_category_labels[3], CUSTOM_CATEGORY_LABEL_LEN, "%s", name); + break; + + case NDPI_PROTOCOL_CATEGORY_CUSTOM_5: + snprintf(ndpi_mod->custom_category_labels[4], CUSTOM_CATEGORY_LABEL_LEN, "%s", name); + break; + + default: + break; + } +} + +/* ****************************************************** */ + +const char* ndpi_category_get_name(struct ndpi_detection_module_struct *ndpi_mod, + ndpi_protocol_category_t category) { + + if(!ndpi_mod) return(NULL); + switch(category) { case NDPI_PROTOCOL_CATEGORY_MEDIA: return("Media"); @@ -4652,19 +4696,19 @@ const char* ndpi_category_str(ndpi_protocol_category_t category) { return("SoftwareUpdate"); break; case NDPI_PROTOCOL_CATEGORY_CUSTOM_1: - return("User custom category 1"); + return(ndpi_mod->custom_category_labels[0]); break; case NDPI_PROTOCOL_CATEGORY_CUSTOM_2: - return("User custom category 2"); + return(ndpi_mod->custom_category_labels[1]); break; case NDPI_PROTOCOL_CATEGORY_CUSTOM_3: - return("User custom category 3"); + return(ndpi_mod->custom_category_labels[2]); break; case NDPI_PROTOCOL_CATEGORY_CUSTOM_4: - return("User custom category 4"); + return(ndpi_mod->custom_category_labels[3]); break; case NDPI_PROTOCOL_CATEGORY_CUSTOM_5: - return("User custom category 5"); + return(ndpi_mod->custom_category_labels[4]); break; case NDPI_PROTOCOL_NUM_CATEGORIES: return("Code should not use this internal constant"); -- cgit v1.2.3 From c2002cd48f5a8cbc7d806350a3543960c00a3579 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Thu, 21 Sep 2017 19:35:03 +0200 Subject: Removed / from category names that can cause issues in applications --- src/lib/ndpi_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index b2a564bee..917b074ea 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -4648,7 +4648,7 @@ const char* ndpi_category_get_name(struct ndpi_detection_module_struct *ndpi_mod return("Email"); break; case NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT: - return("Download/FileTransfer/FileSharing"); + return("Download-FileTransfer-FileSharing"); break; case NDPI_PROTOCOL_CATEGORY_WEB: return("Web"); -- cgit v1.2.3 From 8cc2b04f3cd08273b33b608c4eded26534385f3a Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sat, 23 Sep 2017 11:34:12 +0200 Subject: Fixed category for email services --- src/lib/ndpi_content_match.c.inc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index e06740871..ba14f50f1 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8069,7 +8069,7 @@ ndpi_protocol_match host_match[] = { { "drive-thirdparty.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, { "docs.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, { ".docs.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "drive.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "drive.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, { "android.clients.google.com", "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, { "ggpht.com", "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, @@ -8091,10 +8091,10 @@ ndpi_protocol_match host_match[] = { { "maps.google.", "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { "maps.gstatic.com", "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".gmail.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "mail.google.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".gmail.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_MAIL, NDPI_PROTOCOL_ACCEPTABLE }, + { "mail.google.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_MAIL, NDPI_PROTOCOL_ACCEPTABLE }, - { "mail.outlook.com", "Hotmail", NDPI_PROTOCOL_HOTMAIL, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "mail.outlook.com", "Hotmail", NDPI_PROTOCOL_HOTMAIL, NDPI_PROTOCOL_CATEGORY_MAIL, NDPI_PROTOCOL_ACCEPTABLE }, { ".last.fm", "LastFM", NDPI_PROTOCOL_LASTFM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, -- cgit v1.2.3 From c115903fbb4df21c489226900a739cccd3f8f057 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sun, 24 Sep 2017 22:49:07 +0200 Subject: Patch for giving prority in case of match to custom-defined protocols --- src/include/ndpi_api.h | 13 ++++++------- src/lib/ndpi_main.c | 26 ++++++++++++++++++-------- 2 files changed, 24 insertions(+), 15 deletions(-) (limited to 'src') diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 7d9c1bab7..ce8489829 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -233,13 +233,12 @@ extern "C" { * */ void ndpi_process_extra_packet(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow, - const unsigned char *packet, - const unsigned short packetlen, - const u_int64_t current_tick, - struct ndpi_id_struct *src, - struct ndpi_id_struct *dst); - + struct ndpi_flow_struct *flow, + const unsigned char *packet, + const unsigned short packetlen, + const u_int64_t current_tick, + struct ndpi_id_struct *src, + struct ndpi_id_struct *dst); /** * Processes one packet and returns the ID of the detected protocol. diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 917b074ea..93a1d062b 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -3478,13 +3478,12 @@ ndpi_protocol ndpi_detection_giveup(struct ndpi_detection_module_struct *ndpi_st /* ********************************************************************************* */ void ndpi_process_extra_packet(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow, - const unsigned char *packet, - const unsigned short packetlen, - const u_int64_t current_tick_l, - struct ndpi_id_struct *src, - struct ndpi_id_struct *dst) -{ + struct ndpi_flow_struct *flow, + const unsigned char *packet, + const unsigned short packetlen, + const u_int64_t current_tick_l, + struct ndpi_id_struct *src, + struct ndpi_id_struct *dst) { if(flow == NULL) return; @@ -3615,8 +3614,13 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct /* guess protocol */ flow->guessed_protocol_id = (int16_t) ndpi_guess_protocol_id(ndpi_struct, protocol, sport, dport, &user_defined_proto); - if(user_defined_proto && flow->guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) { + if(flow->guessed_protocol_id >= (NDPI_MAX_SUPPORTED_PROTOCOLS-1)) { + /* This is a custom protocol and it has priority over everything else */ + ret.master_protocol = flow->guessed_protocol_id, ret.app_protocol = NDPI_PROTOCOL_UNKNOWN; + return(ret); + } + if(user_defined_proto && flow->guessed_protocol_id != NDPI_PROTOCOL_UNKNOWN) { if(flow->packet.iph) { /* guess host protocol */ flow->guessed_host_protocol_id = ndpi_network_ptree_match(ndpi_struct, (struct in_addr *)&flow->packet.iph->saddr); @@ -3638,6 +3642,12 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct } } + if(flow->guessed_host_protocol_id >= (NDPI_MAX_SUPPORTED_PROTOCOLS-1)) { + /* This is a custom protocol and it has priority over everything else */ + ret.master_protocol = flow->guessed_host_protocol_id, ret.app_protocol = NDPI_PROTOCOL_UNKNOWN; + return(ret); + } + check_ndpi_flow_func(ndpi_struct, flow, &ndpi_selection_packet); a = flow->packet.detected_protocol_stack[0]; -- cgit v1.2.3 From b12948763679c9288beffdcddb42241809563293 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 25 Sep 2017 14:51:46 +0200 Subject: Custom protocols are not set as application and no longer master protocols --- src/lib/ndpi_main.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 93a1d062b..0551d56f3 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -3616,7 +3616,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct if(flow->guessed_protocol_id >= (NDPI_MAX_SUPPORTED_PROTOCOLS-1)) { /* This is a custom protocol and it has priority over everything else */ - ret.master_protocol = flow->guessed_protocol_id, ret.app_protocol = NDPI_PROTOCOL_UNKNOWN; + ret.master_protocol = NDPI_PROTOCOL_UNKNOWN, ret.app_protocol = flow->guessed_host_protocol_id; return(ret); } @@ -3644,7 +3644,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct if(flow->guessed_host_protocol_id >= (NDPI_MAX_SUPPORTED_PROTOCOLS-1)) { /* This is a custom protocol and it has priority over everything else */ - ret.master_protocol = flow->guessed_host_protocol_id, ret.app_protocol = NDPI_PROTOCOL_UNKNOWN; + ret.master_protocol = NDPI_PROTOCOL_UNKNOWN, ret.app_protocol = flow->guessed_host_protocol_id; return(ret); } -- cgit v1.2.3 From 1dd93590e4afd55388b16ffab95c8d62696ea90f Mon Sep 17 00:00:00 2001 From: Vitaly Lavrov Date: Fri, 29 Sep 2017 10:02:56 +0300 Subject: Fixed a typo in lisp.c --- src/lib/protocols/lisp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/lib/protocols/lisp.c b/src/lib/protocols/lisp.c index 531f7f68f..01e445398 100644 --- a/src/lib/protocols/lisp.c +++ b/src/lib/protocols/lisp.c @@ -35,7 +35,7 @@ static void ndpi_check_lisp(struct ndpi_detection_module_struct *ndpi_struct, st } } - NDPI_LOG(NDPI_PROTOCOL_lisp, ndpi_struct, NDPI_LOG_DEBUG, "exclude lisp.\n"); + NDPI_LOG(NDPI_PROTOCOL_LISP, ndpi_struct, NDPI_LOG_DEBUG, "exclude lisp.\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_LISP); } -- cgit v1.2.3 From f80f0eedc0d17740e95558252be2f46a13ab0461 Mon Sep 17 00:00:00 2001 From: Vitaly Lavrov Date: Sun, 1 Oct 2017 22:43:20 +0300 Subject: Fix error: Use of uninitialized structures in tcp_udp.c Now the test results do not depend on the compiler optimization level and architecture. --- src/lib/protocols/tcp_udp.c | 1 + 1 file changed, 1 insertion(+) (limited to 'src') diff --git a/src/lib/protocols/tcp_udp.c b/src/lib/protocols/tcp_udp.c index 605ba54c3..f7e8c9ac1 100644 --- a/src/lib/protocols/tcp_udp.c +++ b/src/lib/protocols/tcp_udp.c @@ -42,6 +42,7 @@ u_int ndpi_search_tcp_or_udp_raw(struct ndpi_detection_module_struct *ndpi_struc if(flow) return(flow->guessed_host_protocol_id); else { + host.s_addr = htonl(saddr); if((rc = ndpi_network_ptree_match(ndpi_struct, &host)) != NDPI_PROTOCOL_UNKNOWN) return (rc); -- cgit v1.2.3 From 25a4569e672ad47946be1bb8b836576b5ba47693 Mon Sep 17 00:00:00 2001 From: Vitaly Lavrov Date: Tue, 3 Oct 2017 16:43:23 +0300 Subject: Fix undefined behavior (detected by gcc): ndpi_define.h.in:218: Macros NDPI_SET(), NDPI_CLR(), NDPI_ISSET() runtime error: left shift of 1 by 31 places cannot be represented in type 'int' http.c:364: strncpy((char*)flow->protos.http.nat_ip,(char*)packet->forwarded_line.ptr,len); runtime error: null pointer passed as argument 2, which is declared to never be null ndpi_patricia.c:ndpi_comp_with_mask(): int m = ((-1) << (8 - (mask % 8))); runtime error: left shift of negative value -1 Original function ndpi_comp_with_mask() is unreadable and slow. We have only 2 type of address: 32 bit and 128 bit. The optimized version works 6 times faster (IPv4). --- src/include/ndpi_define.h.in | 6 +++--- src/lib/protocols/http.c | 8 +++++--- src/lib/third_party/src/ndpi_patricia.c | 16 ++++++++-------- 3 files changed, 16 insertions(+), 14 deletions(-) (limited to 'src') diff --git a/src/include/ndpi_define.h.in b/src/include/ndpi_define.h.in index 5a8a1527b..33c3c622e 100644 --- a/src/include/ndpi_define.h.in +++ b/src/include/ndpi_define.h.in @@ -215,9 +215,9 @@ #define howmanybits(x, y) (((x)+((y)-1))/(y)) -#define NDPI_SET(p, n) ((p)->fds_bits[(n)/NDPI_BITS] |= (1 << (((u_int32_t)n) % NDPI_BITS))) -#define NDPI_CLR(p, n) ((p)->fds_bits[(n)/NDPI_BITS] &= ~(1 << (((u_int32_t)n) % NDPI_BITS))) -#define NDPI_ISSET(p, n) ((p)->fds_bits[(n)/NDPI_BITS] & (1 << (((u_int32_t)n) % NDPI_BITS))) +#define NDPI_SET(p, n) ((p)->fds_bits[(n)/NDPI_BITS] |= (1ul << (((u_int32_t)n) % NDPI_BITS))) +#define NDPI_CLR(p, n) ((p)->fds_bits[(n)/NDPI_BITS] &= ~(1ul << (((u_int32_t)n) % NDPI_BITS))) +#define NDPI_ISSET(p, n) ((p)->fds_bits[(n)/NDPI_BITS] & (1ul << (((u_int32_t)n) % NDPI_BITS))) #define NDPI_ZERO(p) memset((char *)(p), 0, sizeof(*(p))) #define NDPI_ONE(p) memset((char *)(p), 0xFF, sizeof(*(p))) diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 4ff65096b..6cc1033ba 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -360,9 +360,11 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ strncpy((char*)flow->host_server_name, (char*)packet->host_line.ptr, len); flow->host_server_name[len] = '\0', flow->server_id = flow->dst; - len = ndpi_min(packet->forwarded_line.len, sizeof(flow->protos.http.nat_ip)-1); - strncpy((char*)flow->protos.http.nat_ip, (char*)packet->forwarded_line.ptr, len); - flow->protos.http.nat_ip[len] = '\0'; + if(packet->forwarded_line.ptr) { + len = ndpi_min(packet->forwarded_line.len, sizeof(flow->protos.http.nat_ip)-1); + strncpy((char*)flow->protos.http.nat_ip, (char*)packet->forwarded_line.ptr, len); + flow->protos.http.nat_ip[len] = '\0'; + } if(ndpi_struct->http_dont_dissect_response) parseHttpSubprotocol(ndpi_struct, flow); diff --git a/src/lib/third_party/src/ndpi_patricia.c b/src/lib/third_party/src/ndpi_patricia.c index b37fffa97..fe63b21b1 100644 --- a/src/lib/third_party/src/ndpi_patricia.c +++ b/src/lib/third_party/src/ndpi_patricia.c @@ -74,14 +74,14 @@ ndpi_prefix_tochar (prefix_t * prefix) } int ndpi_comp_with_mask (void *addr, void *dest, u_int mask) { - if( /* mask/8 == 0 || */ memcmp (addr, dest, mask / 8) == 0) { - int n = mask / 8; - int m = ((-1) << (8 - (mask % 8))); - - if(mask % 8 == 0 || (((u_char *)addr)[n] & m) == (((u_char *)dest)[n] & m)) - return (1); - } - return (0); + uint32_t *pa = addr; + uint32_t *pd = dest; + uint32_t m; + for(;mask >= 32; mask -= 32, pa++,pd++) + if(*pa != *pd) return 0; + if(!mask) return 1; + m = htonl((~0u) << (32-mask)); + return (*pa & m) == (*pd &m); } /* this allows incomplete prefix */ -- cgit v1.2.3 From 9b91623d574e199bd157d1db5d5f14ac4ff7e070 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Fri, 6 Oct 2017 15:20:36 +0200 Subject: Added ndpi_is_subprotocol_informative() API call --- libndpi.sym | 1 + src/include/ndpi_api.h | 16 ++++++++++++++-- src/lib/ndpi_main.c | 28 ++++++++++++++++++++++++++++ 3 files changed, 43 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/libndpi.sym b/libndpi.sym index 9ef3c3456..c821189e8 100644 --- a/libndpi.sym +++ b/libndpi.sym @@ -58,3 +58,4 @@ ndpi_netbios_name_interpret ndpi_category_set_name ndpi_category_get_name ndpi_is_custom_category +ndpi_is_subprotocol_informative \ No newline at end of file diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index ce8489829..4193a2c57 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -439,10 +439,22 @@ extern "C" { void ndpi_set_proto_category(struct ndpi_detection_module_struct *ndpi_mod, u_int16_t protoId, ndpi_protocol_category_t protoCategory); + /** + * Check if subprotocols of the specified master protocol are just + * informative (and not real) + * + * @par mod = the detection module + * @par protoId = the (master) protocol identifier to query + * @return 1 = the subprotocol is informative, 0 otherwise. + * + */ + u_int8_t ndpi_is_subprotocol_informative(struct ndpi_detection_module_struct *ndpi_mod, + u_int16_t protoId); + /** * Get protocol category as string * - * @par mod = the detection module + * @par mod = the detection module * @par category = the category associated to the protocol * @return the string name of the category * @@ -453,7 +465,7 @@ extern "C" { /** * Set protocol category string * - * @par mod = the detection module + * @par mod = the detection module * @par category = the category associated to the protocol * @paw name = the string name of the category * diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 0551d56f3..d7583f520 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -452,6 +452,34 @@ void ndpi_set_proto_category(struct ndpi_detection_module_struct *ndpi_mod, /* ********************************************************************************** */ +/* + There are some (master) protocols that are informative, meaning that it shows + what is the subprotocol about, but also that the subprotocol isn't a real protocol. + + Example: + - DNS is informative as if we see a DNS request for www.facebook.com, the + returned protocol is DNS.Facebook, but Facebook isn't a real subprotocol but + rather it indicates a query for Facebook and not Facebook traffic. + - HTTP/SSL are NOT informative as SSL.Facebook (likely) means that this is + SSL (HTTPS) traffic containg Facebook traffic. + */ +u_int8_t ndpi_is_subprotocol_informative(struct ndpi_detection_module_struct *ndpi_mod, + u_int16_t protoId) { + if(protoId >= NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS) + return(0); + + switch(protoId) { + case NDPI_PROTOCOL_DNS: + return(1); + break; + + default: + return(0); + } +} + +/* ********************************************************************************** */ + void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol_breed_t breed, u_int16_t protoId, u_int16_t tcp_master_protoId[2], u_int16_t udp_master_protoId[2], -- cgit v1.2.3 From 8bcafff56991714bad24cb4d788e26888c25df70 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Fri, 6 Oct 2017 19:08:08 +0200 Subject: Fixes for iQIYI and 1kxun protocols --- src/include/ndpi_typedefs.h | 4 ++++ src/lib/protocols/http.c | 27 +++++++++++++++------------ 2 files changed, 19 insertions(+), 12 deletions(-) (limited to 'src') diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index d15114b40..8806219ef 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -1105,6 +1105,10 @@ struct ndpi_flow_struct { u_int32_t csgo_id2; #endif +#if defined(NDPI_PROTOCOL_1KXUN) || defined(NDPI_PROTOCOL_IQIYI) + u_int16_t kxun_counter, iqiyi_counter; +#endif + /* internal structures to save functions calls */ struct ndpi_packet_struct packet; struct ndpi_flow_struct *flow; diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 6cc1033ba..c57c73aac 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -26,8 +26,6 @@ /* global variables used for 1kxun protocol and iqiyi service */ -static u_int16_t kxun_counter; -static u_int16_t iqiyi_counter; static void ndpi_int_http_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, @@ -198,23 +196,23 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ u_int8_t a; -#ifdef NDPI_PROTOCOL_PPSTREAM +#if defined(NDPI_PROTOCOL_1KXUN) || defined(NDPI_PROTOCOL_IQIYI) /* PPStream */ - if(flow->l4.tcp.ppstream_stage > 0 && iqiyi_counter == 0) { + if(flow->l4.tcp.ppstream_stage > 0 && flow->iqiyi_counter == 0) { NDPI_LOG(NDPI_PROTOCOL_PPSTREAM, ndpi_struct, NDPI_LOG_DEBUG, "PPStream found.\n"); /* ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_PPSTREAM); */ ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_HTTP); } - else if(iqiyi_counter > 0) { + else if(flow->iqiyi_counter > 0) { NDPI_LOG(NDPI_PROTOCOL_IQIYI, ndpi_struct, NDPI_LOG_DEBUG, "iQiyi found.\n"); /* ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_IQIYI); */ ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_HTTP); } #endif -#ifdef NDPI_PROTOCOL_1KXUN +#if defined(NDPI_PROTOCOL_1KXUN) || defined(NDPI_PROTOCOL_IQIYI) /* 1KXUN */ - if(kxun_counter > 0) { + if(flow->kxun_counter > 0) { NDPI_LOG(NDPI_PROTOCOL_1KXUN, ndpi_struct, NDPI_LOG_DEBUG, "1kxun found.\n"); /* ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_1KXUN); */ ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_HTTP); @@ -661,17 +659,19 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct x++; } +#if defined(NDPI_PROTOCOL_1KXUN) || defined(NDPI_PROTOCOL_IQIYI) /* check PPStream protocol or iQiyi service (iqiyi is delivered by ppstream) */ // substring in url if(ndpi_strnstr((const char*) &packet->payload[filename_start], "iqiyi.com", (packet->payload_packet_len - filename_start)) != NULL) { - if(kxun_counter == 0) { + if(flow->kxun_counter == 0) { flow->l4.tcp.ppstream_stage++; - iqiyi_counter++; + flow->iqiyi_counter++; check_content_type_and_change_protocol(ndpi_struct, flow); /* ***** CHECK ****** */ return; } } + // additional field in http payload x = 1; while((packet->line[x].len >= 4) && (packet->line[x+1].len >= 5) && (packet->line[x+2].len >= 10)) { @@ -680,25 +680,28 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct && packet->line[x+2].ptr && ((memcmp(packet->line[x+2].ptr, "qyplatform", 10)) == 0) ) { flow->l4.tcp.ppstream_stage++; - iqiyi_counter++; + flow->iqiyi_counter++; check_content_type_and_change_protocol(ndpi_struct, flow); return; } x++; } +#endif +#if defined(NDPI_PROTOCOL_1KXUN) || defined(NDPI_PROTOCOL_IQIYI) /* Check for 1kxun packet */ int a; for (a = 0; a < packet->parsed_lines; a++) { if(packet->line[a].len >= 14 && (memcmp(packet->line[a].ptr, "Client-Source:", 14)) == 0) { if((memcmp(packet->line[a].ptr+15, "1kxun", 5)) == 0) { - kxun_counter++; + flow->kxun_counter++; check_content_type_and_change_protocol(ndpi_struct, flow); return; } } } - +#endif + if((packet->http_url_name.len > 7) && (!strncmp((const char*) packet->http_url_name.ptr, "http://", 7))) { NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP_PROXY Found.\n"); -- cgit v1.2.3 From 2476c3c1b63b87ae85254f717315b9f8a52b4f7e Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sun, 8 Oct 2017 18:55:40 +0200 Subject: Fixed bug in someip dissector (access out of boundary) Fixed memory leak in ndpiReader --- example/ndpiReader.c | 115 ++++++++++++++++++++------------------------- src/lib/protocols/someip.c | 18 +++---- 2 files changed, 61 insertions(+), 72 deletions(-) (limited to 'src') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index fbfc8132d..29f3f71b6 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -878,7 +878,8 @@ static void node_proto_guess_walker(const void *node, ndpi_VISIT which, int dept void updateScanners(struct single_flow_info **scanners, u_int32_t saddr, u_int8_t version, u_int32_t dport) { struct single_flow_info *f; - + struct port_flow_info *p; + HASH_FIND_INT(*scanners, (int *)&saddr, f); if(f == NULL) { @@ -889,16 +890,17 @@ void updateScanners(struct single_flow_info **scanners, u_int32_t saddr, f->tot_flows = 1; f->ports = NULL; - HASH_ADD_INT(*scanners, saddr, f); - - struct port_flow_info *p = (struct port_flow_info*)malloc(sizeof(struct port_flow_info)); - if(!p) return; - p->port = dport; - p->num_flows = 1; + p = (struct port_flow_info*)malloc(sizeof(struct port_flow_info)); + + if(!p) { + free(f); + return; + } else + p->port = dport, p->num_flows = 1; HASH_ADD_INT(f->ports, port, p); - } - else{ + HASH_ADD_INT(*scanners, saddr, f); + } else{ struct port_flow_info *pp; f->tot_flows++; @@ -907,17 +909,14 @@ void updateScanners(struct single_flow_info **scanners, u_int32_t saddr, if(pp == NULL) { pp = (struct port_flow_info*)malloc(sizeof(struct port_flow_info)); if(!pp) return; - pp->port = dport; - pp->num_flows = 1; + pp->port = dport, pp->num_flows = 1; HASH_ADD_INT(f->ports, port, pp); - } - - else pp->num_flows++; + } else + pp->num_flows++; } } - /* *********************************************** */ int updateIpTree(u_int32_t key, u_int8_t version, @@ -1025,13 +1024,12 @@ static void updatePortStats(struct port_stats **stats, u_int32_t port, HASH_FIND_INT(*stats, &port, s); if(s == NULL) { - s = (struct port_stats*)malloc(sizeof(struct port_stats)); + s = (struct port_stats*)calloc(1, sizeof(struct port_stats)); if(!s) return; s->port = port, s->num_pkts = num_pkts, s->num_bytes = num_bytes; s->num_addr = 1, s->cumulative_addr = 1; s->num_flows = 1; - memset(s->top_ip_addrs, 0, MAX_NUM_IP_ADDRESS*sizeof(struct info_pair)); updateTopIpAddress(addr, version, proto, 1, s->top_ip_addrs, MAX_NUM_IP_ADDRESS); s->addr_tree = (addr_node *) malloc(sizeof(addr_node)); @@ -1065,7 +1063,6 @@ static void updatePortStats(struct port_stats **stats, u_int32_t port, /* *********************************************** */ -#ifdef HAVE_JSON_C static void deleteScanners(struct single_flow_info *scanners) { struct single_flow_info *s, *tmp; struct port_flow_info *p, *tmp2; @@ -1079,7 +1076,6 @@ static void deleteScanners(struct single_flow_info *scanners) { free(s); } } -#endif /* *********************************************** */ @@ -1443,7 +1439,7 @@ static int getTopStats(struct port_stats *stats) { u_int64_t total_ip_addrs = 0; HASH_ITER(hh, stats, sp, tmp) { - qsort(&sp->top_ip_addrs[0], MAX_NUM_IP_ADDRESS, sizeof(struct info_pair), info_pair_cmp); + qsort(sp->top_ip_addrs, MAX_NUM_IP_ADDRESS, sizeof(struct info_pair), info_pair_cmp); inf = sp->top_ip_addrs[0]; if(((inf.count * 100.0)/sp->cumulative_addr) > AGGRESSIVE_PERCENT) { @@ -1451,20 +1447,18 @@ static int getTopStats(struct port_stats *stats) { sp->top_host = inf.addr; sp->version = inf.version; strncpy(sp->proto, inf.proto, sizeof(sp->proto)); - } - else + } else sp->hasTopHost = 0; total_ip_addrs += sp->num_addr; } return total_ip_addrs; - } /* *********************************************** */ -static void saveScannerStats(json_object **jObj_group, struct single_flow_info *scanners) { +static void saveScannerStats(json_object **jObj_group, struct single_flow_info **scanners) { struct single_flow_info *s, *tmp; struct port_flow_info *p, *tmp2; char addr_name[48]; @@ -1472,18 +1466,17 @@ static void saveScannerStats(json_object **jObj_group, struct single_flow_info * json_object *jArray_stats = json_object_new_array(); - HASH_SORT(scanners, scanners_sort); + HASH_SORT(*scanners, scanners_sort); // FIX - HASH_ITER(hh, scanners, s, tmp) { + HASH_ITER(hh, *scanners, s, tmp) { json_object *jObj_stat = json_object_new_object(); json_object *jArray_ports = json_object_new_array(); - if(s->version == IPVERSION) { + if(s->version == IPVERSION) inet_ntop(AF_INET, &(s->saddr), addr_name, sizeof(addr_name)); - } else { + else inet_ntop(AF_INET6, &(s->saddr), addr_name, sizeof(addr_name)); - } - + json_object_object_add(jObj_stat,"ip.address",json_object_new_string(addr_name)); json_object_object_add(jObj_stat,"total.flows.number",json_object_new_int(s->tot_flows)); @@ -1511,6 +1504,7 @@ static void saveScannerStats(json_object **jObj_group, struct single_flow_info * json_object_object_add(*jObj_group, "top.scanner.stats", jArray_stats); } + #endif /* *********************************************** */ @@ -1520,12 +1514,10 @@ static void saveScannerStats(json_object **jObj_group, struct single_flow_info * * @brief Save Top Stats in json format */ static void saveTopStats(json_object **jObj_group, - struct port_stats *stats, + struct port_stats **stats, u_int8_t direction, u_int64_t total_flow_count, u_int64_t total_ip_addr) { - - struct port_stats *s, *tmp; char addr_name[48]; int i = 0; @@ -1533,7 +1525,7 @@ static void saveTopStats(json_object **jObj_group, json_object *jArray_stats = json_object_new_array(); - HASH_ITER(hh, stats, s, tmp) { + HASH_ITER(hh, *stats, s, tmp) { if((s->hasTopHost)) { json_object *jObj_stat = json_object_new_object(); @@ -1569,10 +1561,10 @@ static void saveTopStats(json_object **jObj_group, i=0; /*sort top stats by ip addr count*/ - HASH_SORT(stats, top_stats_sort); + HASH_SORT(*stats, top_stats_sort); - HASH_ITER(hh, stats, s, tmp) { + HASH_ITER(hh, *stats, s, tmp) { json_object *jObj_stat = json_object_new_object(); json_object_object_add(jObj_stat,"port",json_object_new_int(s->port)); @@ -1654,11 +1646,6 @@ static void printResults(u_int64_t tot_usec) { if(verbose == 3 || stats_flag) ndpi_twalk(ndpi_thread_info[thread_id].workflow->ndpi_flows_root[i], port_stats_walker, &thread_id); } - if(verbose == 3 || stats_flag) { - HASH_SORT(srcStats, port_stats_sort); - HASH_SORT(dstStats, port_stats_sort); - } - /* Stats aggregation */ cumulative_stats.guessed_flow_protocols += ndpi_thread_info[thread_id].workflow->stats.guessed_flow_protocols; cumulative_stats.raw_packet_count += ndpi_thread_info[thread_id].workflow->stats.raw_packet_count; @@ -1685,8 +1672,9 @@ static void printResults(u_int64_t tot_usec) { cumulative_stats.max_packet_len += ndpi_thread_info[thread_id].workflow->stats.max_packet_len; } - if(cumulative_stats.total_wire_bytes == 0) return; - + if(cumulative_stats.total_wire_bytes == 0) + goto free_stats; + if(!quiet_mode) { printf("\nnDPI Memory statistics:\n"); printf("\tnDPI Memory (once): %-13s\n", formatBytes(sizeof(struct ndpi_detection_module_struct), buf, sizeof(buf))); @@ -1909,6 +1897,9 @@ static void printResults(u_int64_t tot_usec) { } if(verbose == 3) { + HASH_SORT(srcStats, port_stats_sort); + HASH_SORT(dstStats, port_stats_sort); + printf("\n\nSource Ports Stats:\n"); printPortStats(srcStats); @@ -1924,24 +1915,27 @@ static void printResults(u_int64_t tot_usec) { strftime(timestamp, sizeof(timestamp), "%FT%TZ", localtime(&pcap_start.tv_sec)); json_object_object_add(jObj_stats, "time", json_object_new_string(timestamp)); - saveScannerStats(&jObj_stats, scannerHosts); - + saveScannerStats(&jObj_stats, &scannerHosts); + u_int64_t total_src_addr = getTopStats(srcStats); u_int64_t total_dst_addr = getTopStats(dstStats); - - saveTopStats(&jObj_stats, srcStats, DIR_SRC, + + saveTopStats(&jObj_stats, &srcStats, DIR_SRC, cumulative_stats.ndpi_flow_count, total_src_addr); - saveTopStats(&jObj_stats, dstStats, DIR_DST, + saveTopStats(&jObj_stats, &dstStats, DIR_DST, cumulative_stats.ndpi_flow_count, total_dst_addr); - + json_object_array_add(jArray_topStats, jObj_stats); +#endif + } + free_stats: + if(scannerHosts) { deleteScanners(scannerHosts); scannerHosts = NULL; -#endif } - + if(srcStats) { deletePortsStats(srcStats); srcStats = NULL; @@ -2745,8 +2739,11 @@ static void produceBpfFilter(char *filePath) { int typeCheck; int array_len; int i; - - + FILE *fp = NULL; + char *fileName; + char _filterFilePath[1024]; + json_object *jObj_bpfFilter; + if((fsock = open(filePath, O_RDONLY)) == -1) { fprintf(stderr,"error opening file %s\n", filePath); exit(-1); @@ -2791,7 +2788,6 @@ static void produceBpfFilter(char *filePath) { bpf_filter_host_array_init(filterSrcHosts, HOST_ARRAY_SIZE); bpf_filter_host_array_init(filterDstHosts, HOST_ARRAY_SIZE); - for(i=0; ipacket; + + if (packet->payload_packet_len < 16) { + NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, + "Excluding SOME/IP .. mandatory header not found (not enough data for all fields)\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); + return; + } + //####Maybe check carrier protocols?#### NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP search called...\n"); - const struct ndpi_packet_struct *packet = &flow->packet; if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) { return; } - + //we extract the Message ID and Request ID and check for special cases later u_int32_t message_id = ntohl(*((u_int32_t *)&packet->payload[0])); u_int32_t request_id = ntohl(*((u_int32_t *)&packet->payload[8])); NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "====>>>> SOME/IP Message ID: %08x [len: %u]\n", message_id, packet->payload_packet_len); - if (packet->payload_packet_len < 16) { - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. mandatory header not found (not enough data for all fields)\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); - return; - } //####Maximum packet size in SOMEIP depends on the carrier protocol, and I'm not certain how well enforced it is, so let's leave that for round 2#### -- cgit v1.2.3 From 83d5a46ec483e934317671b8fa015ac12add7849 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Fri, 13 Oct 2017 19:41:34 +0200 Subject: Added ndpi_icmphdr datatype --- src/include/ndpi_typedefs.h | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'src') diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 8806219ef..9ac3b72a6 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -285,6 +285,28 @@ typedef union #endif } ndpi_ip_addr_t; + +/* +++++++++++++++++++++++ ICMP header +++++++++++++++++++++++ */ + +PACK_ON +struct ndpi_icmphdr { + u_int8_t type;/* message type */ + u_int8_t code;/* type sub-code */ + u_int16_t checksum; + union { + struct { + u_int16_t id; + u_int16_t sequence; + } echo; /* echo datagram */ + + u_int32_t gateway; /* gateway address */ + struct { + u_int16_t __unused; + u_int16_t mtu; + } frag;/* path mtu discovery */ + } un; +} PACK_OFF; + /* ************************************************************ */ /* ******************* ********************* ****************** */ /* ************************************************************ */ -- cgit v1.2.3 From 36adc23507a7853189c0d3773d5191c8adbb6e3f Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sat, 14 Oct 2017 13:15:35 +0200 Subject: Fixed warning generated by some compilers --- src/include/ndpi_typedefs.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 9ac3b72a6..33043fde5 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -301,7 +301,7 @@ struct ndpi_icmphdr { u_int32_t gateway; /* gateway address */ struct { - u_int16_t __unused; + u_int16_t _unused; u_int16_t mtu; } frag;/* path mtu discovery */ } un; -- cgit v1.2.3 From 2155dd9153457886c4f5dac58dcf269eeb2a8122 Mon Sep 17 00:00:00 2001 From: Hidde van der Heide Date: Thu, 19 Oct 2017 16:10:56 +0200 Subject: Add libcache to installed headers and removed relative import --- example/Makefile.am | 2 +- src/include/ndpi_typedefs.h | 2 +- src/lib/Makefile.am | 3 ++- 3 files changed, 4 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/example/Makefile.am b/example/Makefile.am index 7fc29402a..6cc6a14ce 100644 --- a/example/Makefile.am +++ b/example/Makefile.am @@ -1,6 +1,6 @@ bin_PROGRAMS = ndpiReader -AM_CPPFLAGS = -I$(top_srcdir)/src/include @PCAP_INC@ +AM_CPPFLAGS = -I$(top_srcdir)/src/include -I$(top_srcdir)/src/lib/third_party/include @PCAP_INC@ AM_CFLAGS = @PTHREAD_CFLAGS@ # --coverage LDADD = $(top_builddir)/src/lib/libndpi.la @JSON_C_LIB@ @PTHREAD_LIBS@ @PCAP_LIB@ @DL_LIB@ -lm diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 33043fde5..0587503f9 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -25,7 +25,7 @@ #define __NDPI_TYPEDEFS_H__ #include "ndpi_define.h" -#include "../lib/third_party/include/libcache.h" +#include "libcache.h" #define BT_ANNOUNCE #define SNAP_EXT diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index c2b4e4b13..39823d378 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -12,7 +12,8 @@ libndpi_la_include_HEADERS = ../include/ndpi_api.h \ ../include/ndpi_includes.h \ ../include/ndpi_protocol_ids.h \ ../include/ndpi_protocols.h \ - ../include/ndpi_typedefs.h + ../include/ndpi_typedefs.h \ + third_party/include/libcache.h libndpi_la_SOURCES = ndpi_content_match.c.inc \ ndpi_main.c \ -- cgit v1.2.3 From 4f72b954da705f8d54a9dd61eae46b2b36b24dc0 Mon Sep 17 00:00:00 2001 From: Simone Mainardi Date: Mon, 23 Oct 2017 15:20:13 +0200 Subject: Undoes 2155dd9 that breaks ntopng Travis --- example/Makefile.am | 2 +- src/include/ndpi_typedefs.h | 2 +- src/lib/Makefile.am | 3 +-- 3 files changed, 3 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/example/Makefile.am b/example/Makefile.am index 6cc6a14ce..7fc29402a 100644 --- a/example/Makefile.am +++ b/example/Makefile.am @@ -1,6 +1,6 @@ bin_PROGRAMS = ndpiReader -AM_CPPFLAGS = -I$(top_srcdir)/src/include -I$(top_srcdir)/src/lib/third_party/include @PCAP_INC@ +AM_CPPFLAGS = -I$(top_srcdir)/src/include @PCAP_INC@ AM_CFLAGS = @PTHREAD_CFLAGS@ # --coverage LDADD = $(top_builddir)/src/lib/libndpi.la @JSON_C_LIB@ @PTHREAD_LIBS@ @PCAP_LIB@ @DL_LIB@ -lm diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 0587503f9..33043fde5 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -25,7 +25,7 @@ #define __NDPI_TYPEDEFS_H__ #include "ndpi_define.h" -#include "libcache.h" +#include "../lib/third_party/include/libcache.h" #define BT_ANNOUNCE #define SNAP_EXT diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index 39823d378..c2b4e4b13 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -12,8 +12,7 @@ libndpi_la_include_HEADERS = ../include/ndpi_api.h \ ../include/ndpi_includes.h \ ../include/ndpi_protocol_ids.h \ ../include/ndpi_protocols.h \ - ../include/ndpi_typedefs.h \ - third_party/include/libcache.h + ../include/ndpi_typedefs.h libndpi_la_SOURCES = ndpi_content_match.c.inc \ ndpi_main.c \ -- cgit v1.2.3 From 441e43c167a88021854b56852e38a2317c2ac5bf Mon Sep 17 00:00:00 2001 From: Hidde van der Heide Date: Tue, 24 Oct 2017 17:05:48 +0200 Subject: Revert the revert of 2155dd9 after fixing ntopng Travis This reverts commit 4f72b954da705f8d54a9dd61eae46b2b36b24dc0. --- example/Makefile.am | 2 +- src/include/ndpi_typedefs.h | 2 +- src/lib/Makefile.am | 3 ++- 3 files changed, 4 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/example/Makefile.am b/example/Makefile.am index 7fc29402a..6cc6a14ce 100644 --- a/example/Makefile.am +++ b/example/Makefile.am @@ -1,6 +1,6 @@ bin_PROGRAMS = ndpiReader -AM_CPPFLAGS = -I$(top_srcdir)/src/include @PCAP_INC@ +AM_CPPFLAGS = -I$(top_srcdir)/src/include -I$(top_srcdir)/src/lib/third_party/include @PCAP_INC@ AM_CFLAGS = @PTHREAD_CFLAGS@ # --coverage LDADD = $(top_builddir)/src/lib/libndpi.la @JSON_C_LIB@ @PTHREAD_LIBS@ @PCAP_LIB@ @DL_LIB@ -lm diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 33043fde5..0587503f9 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -25,7 +25,7 @@ #define __NDPI_TYPEDEFS_H__ #include "ndpi_define.h" -#include "../lib/third_party/include/libcache.h" +#include "libcache.h" #define BT_ANNOUNCE #define SNAP_EXT diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index c2b4e4b13..39823d378 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -12,7 +12,8 @@ libndpi_la_include_HEADERS = ../include/ndpi_api.h \ ../include/ndpi_includes.h \ ../include/ndpi_protocol_ids.h \ ../include/ndpi_protocols.h \ - ../include/ndpi_typedefs.h + ../include/ndpi_typedefs.h \ + third_party/include/libcache.h libndpi_la_SOURCES = ndpi_content_match.c.inc \ ndpi_main.c \ -- cgit v1.2.3 From 2787c2390cdd7129c2dcf50b0d4990d3f7d1bccc Mon Sep 17 00:00:00 2001 From: Vitaly Lavrov Date: Sat, 14 Oct 2017 14:38:48 +0300 Subject: Refactoring the debugging output. levels of debug output: 0 - ERROR: Only for errors. 1 - TRACE: Start of each packets and if found protocol. 2 - DEBUG: Start of searching each protocol and excluding protocols. 3 - DEBUG_EXTRA: For all other messages. Added field ndpi_struct->debug_logging for enable debug output of each protocols. Simple macros for debugging output are added: NDPI_LOG_ERR(), NDPI_LOG_INFO(), NDPI_LOG_DBG(), NDPI_LOG_DBG2(), NDPI_EXCLUDE_PROTO() --- example/ndpiReader.c | 37 +++++-- example/ndpi_util.c | 66 ++++++++++++ example/ndpi_util.h | 3 + src/include/ndpi_api.h | 14 +++ src/include/ndpi_define.h.in | 69 ++++++++++--- src/include/ndpi_typedefs.h | 5 +- src/lib/ndpi_main.c | 166 ++++++++++++++++++------------ src/lib/protocols/afp.c | 15 ++- src/lib/protocols/aimini.c | 74 +++++++------- src/lib/protocols/amqp.c | 13 ++- src/lib/protocols/applejuice.c | 15 +-- src/lib/protocols/armagetron.c | 22 ++-- src/lib/protocols/ayiya.c | 14 ++- src/lib/protocols/battlefield.c | 22 ++-- src/lib/protocols/bgp.c | 16 ++- src/lib/protocols/bittorrent.c | 84 +++++++--------- src/lib/protocols/bjnp.c | 12 ++- src/lib/protocols/btlib.c | 2 +- src/lib/protocols/ciscovpn.c | 21 ++-- src/lib/protocols/citrix.c | 21 ++-- src/lib/protocols/coap.c | 20 ++-- src/lib/protocols/collectd.c | 14 ++- src/lib/protocols/corba.c | 15 +-- src/lib/protocols/crossfire.c | 34 +++---- src/lib/protocols/csgo.c | 34 ++++--- src/lib/protocols/dcerpc.c | 15 ++- src/lib/protocols/dhcp.c | 24 ++--- src/lib/protocols/dhcpv6.c | 16 +-- src/lib/protocols/directconnect.c | 131 +++++++++--------------- src/lib/protocols/directdownloadlink.c | 36 ++++--- src/lib/protocols/dns.c | 28 +++--- src/lib/protocols/dofus.c | 100 +++++++++--------- src/lib/protocols/drda.c | 13 ++- src/lib/protocols/dropbox.c | 13 ++- src/lib/protocols/eaq.c | 59 ++++++----- src/lib/protocols/edonkey.c | 22 ++-- src/lib/protocols/fasttrack.c | 22 ++-- src/lib/protocols/fiesta.c | 24 ++--- src/lib/protocols/filetopia.c | 17 ++-- src/lib/protocols/fix.c | 17 +++- src/lib/protocols/florensia.c | 38 ++++--- src/lib/protocols/ftp_control.c | 24 +++-- src/lib/protocols/ftp_data.c | 16 +-- src/lib/protocols/git.c | 15 ++- src/lib/protocols/gnutella.c | 86 +++++++--------- src/lib/protocols/gtp.c | 12 ++- src/lib/protocols/guildwars.c | 20 ++-- src/lib/protocols/h323.c | 27 +++-- src/lib/protocols/halflife2_and_mods.c | 17 ++-- src/lib/protocols/hangout.c | 15 ++- src/lib/protocols/hep.c | 15 ++- src/lib/protocols/http.c | 179 +++++++++++++++++---------------- src/lib/protocols/http_activesync.c | 15 ++- src/lib/protocols/iax.c | 16 +-- src/lib/protocols/icecast.c | 18 ++-- src/lib/protocols/ipp.c | 35 +++---- src/lib/protocols/irc.c | 156 ++++++++++++---------------- src/lib/protocols/jabber.c | 94 ++++++++--------- src/lib/protocols/kakaotalk_voice.c | 13 ++- src/lib/protocols/kerberos.c | 23 ++--- src/lib/protocols/kontiki.c | 18 ++-- src/lib/protocols/ldap.c | 29 +++--- src/lib/protocols/lisp.c | 17 ++-- src/lib/protocols/lotus_notes.c | 51 +++++----- src/lib/protocols/mail_imap.c | 20 ++-- src/lib/protocols/mail_pop.c | 26 +++-- src/lib/protocols/mail_smtp.c | 23 ++--- src/lib/protocols/maplestory.c | 20 ++-- src/lib/protocols/mdns.c | 20 ++-- src/lib/protocols/megaco.c | 13 ++- src/lib/protocols/mgcp.c | 71 +++++++------ src/lib/protocols/mms.c | 19 ++-- src/lib/protocols/mpegts.c | 13 ++- src/lib/protocols/mqtt.c | 89 ++++++++-------- src/lib/protocols/msn.c | 96 +++++++++--------- src/lib/protocols/mssql_tds.c | 17 ++-- src/lib/protocols/mysql.c | 15 ++- src/lib/protocols/netbios.c | 89 +++++++--------- src/lib/protocols/netflow.c | 21 ++-- src/lib/protocols/nfs.c | 24 +++-- src/lib/protocols/nintendo.c | 12 ++- src/lib/protocols/noe.c | 19 ++-- src/lib/protocols/ntp.c | 40 ++++---- src/lib/protocols/openft.c | 15 +-- src/lib/protocols/openvpn.c | 22 ++-- src/lib/protocols/oracle.c | 17 ++-- src/lib/protocols/oscar.c | 75 +++++++------- src/lib/protocols/pando.c | 37 +++---- src/lib/protocols/pcanywhere.c | 16 +-- src/lib/protocols/postgres.c | 27 ++--- src/lib/protocols/pplive.c | 58 +++++------ src/lib/protocols/ppstream.c | 32 ++---- src/lib/protocols/pptp.c | 16 ++- src/lib/protocols/qq.c | 80 +++++++-------- src/lib/protocols/quake.c | 22 ++-- src/lib/protocols/quic.c | 13 ++- src/lib/protocols/radius.c | 13 ++- src/lib/protocols/rdp.c | 14 ++- src/lib/protocols/redis_net.c | 16 +-- src/lib/protocols/rsync.c | 15 +-- src/lib/protocols/rtcp.c | 18 ++-- src/lib/protocols/rtmp.c | 21 ++-- src/lib/protocols/rtp.c | 85 ++++++++-------- src/lib/protocols/rtsp.c | 42 ++++---- src/lib/protocols/rx.c | 32 +++--- src/lib/protocols/sflow.c | 20 ++-- src/lib/protocols/shoutcast.c | 28 +++--- src/lib/protocols/sip.c | 48 ++++----- src/lib/protocols/skinny.c | 16 +-- src/lib/protocols/skype.c | 20 ++-- src/lib/protocols/smb.c | 14 ++- src/lib/protocols/smpp.c | 35 +++---- src/lib/protocols/snmp.c | 37 +++---- src/lib/protocols/socks45.c | 33 +++--- src/lib/protocols/socrates.c | 27 +++-- src/lib/protocols/someip.c | 52 +++++----- src/lib/protocols/sopcast.c | 36 +++---- src/lib/protocols/soulseek.c | 128 ++++++++--------------- src/lib/protocols/spotify.c | 18 ++-- src/lib/protocols/ssdp.c | 18 ++-- src/lib/protocols/ssh.c | 14 +-- src/lib/protocols/ssl.c | 75 +++++++------- src/lib/protocols/starcraft.c | 28 +++--- src/lib/protocols/stealthnet.c | 17 ++-- src/lib/protocols/steam.c | 71 ++++++------- src/lib/protocols/stun.c | 33 +++--- src/lib/protocols/syslog.c | 41 ++++---- src/lib/protocols/teamspeak.c | 40 ++++---- src/lib/protocols/teamviewer.c | 15 ++- src/lib/protocols/telegram.c | 12 ++- src/lib/protocols/telnet.c | 19 ++-- src/lib/protocols/teredo.c | 16 ++- src/lib/protocols/tftp.c | 17 ++-- src/lib/protocols/thunder.c | 45 ++++----- src/lib/protocols/tinc.c | 14 +-- src/lib/protocols/tor.c | 16 +-- src/lib/protocols/tvants.c | 21 ++-- src/lib/protocols/tvuplayer.c | 33 +++--- src/lib/protocols/ubntac2.c | 14 ++- src/lib/protocols/usenet.c | 38 +++---- src/lib/protocols/vhua.c | 12 ++- src/lib/protocols/viber.c | 15 +-- src/lib/protocols/vmware.c | 12 ++- src/lib/protocols/vnc.c | 13 ++- src/lib/protocols/warcraft3.c | 34 +++---- src/lib/protocols/whoisdas.c | 16 ++- src/lib/protocols/world_of_kung_fu.c | 17 ++-- src/lib/protocols/world_of_warcraft.c | 49 ++++----- src/lib/protocols/xbox.c | 18 ++-- src/lib/protocols/xdmcp.c | 19 ++-- src/lib/protocols/yahoo.c | 84 +++++++--------- src/lib/protocols/zattoo.c | 131 ++++++++---------------- src/lib/protocols/zeromq.c | 12 ++- 153 files changed, 2678 insertions(+), 2490 deletions(-) (limited to 'src') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 8d8ee47b0..7a60fddb7 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -77,7 +77,9 @@ static json_object *jArray_topStats; static u_int8_t live_capture = 0; static u_int8_t undetected_flows_deleted = 0; /** User preferences **/ -static u_int8_t enable_protocol_guess = 1, verbose = 0, nDPI_traceLevel = 0, json_flag = 0; +static u_int8_t enable_protocol_guess = 1, verbose = 0, json_flag = 0; +int nDPI_LogLevel = 0; +char *_debug_protocols = NULL; static u_int8_t stats_flag = 0, bpf_filter_flag = 0; #ifdef HAVE_JSON_C static u_int8_t file_first_time = 1; @@ -250,9 +252,12 @@ static void help(u_int long_help) { " | 1 = verbose\n" " | 2 = very verbose\n" " | 3 = port stats\n" - " -b | Specify a file to write port based diagnose statistics\n" - " -x | Produce bpf filters for specified diagnose file. Use\n" - " | this option only for .json files generated with -b flag.\n"); + " -V <1-4> | nDPI logging level\n" + " | 1 - trace, 2 - debug, 3 - full debug\n" + " | >3 - full debug + dbg_proto = all\n" + " -b | Specify a file to write port based diagnose statistics\n" + " -x | Produce bpf filters for specified diagnose file. Use\n" + " | this option only for .json files generated with -b flag.\n"); #ifndef WIN32 @@ -266,6 +271,7 @@ static void help(u_int long_help) { " --extcap-capture-filter\n" " --fifo \n" " --debug\n" + " --dbg-proto proto|num[,...]\n" ); #endif @@ -289,7 +295,8 @@ static struct option longopts[] = { { "capture", no_argument, NULL, '5'}, { "extcap-capture-filter", required_argument, NULL, '6'}, { "fifo", required_argument, NULL, '7'}, - { "debug", optional_argument, NULL, '8'}, + { "debug", no_argument, NULL, '8'}, + { "dbg-proto", required_argument, NULL, 257}, { "ndpi-proto-filter", required_argument, NULL, '9'}, /* ndpiReader options */ @@ -519,8 +526,12 @@ static void parseOptions(int argc, char **argv) { break; case 'V': - printf("%d\n",atoi(optarg) ); - nDPI_traceLevel = atoi(optarg); + nDPI_LogLevel = atoi(optarg); + if(nDPI_LogLevel < 0) nDPI_LogLevel = 0; + if(nDPI_LogLevel > 3) { + nDPI_LogLevel = 3; + _debug_protocols = strdup("all"); + } break; case 'h': @@ -546,6 +557,7 @@ static void parseOptions(int argc, char **argv) { case 'q': quiet_mode = 1; + nDPI_LogLevel = 0; break; /* Extcap */ @@ -574,12 +586,17 @@ static void parseOptions(int argc, char **argv) { break; case '8': - nDPI_traceLevel = 9; + nDPI_LogLevel = NDPI_LOG_DEBUG_EXTRA; + _debug_protocols = strdup("all"); break; case '9': extcap_packet_filter = atoi(optarg); break; + + case 257: + _debug_protocols = strdup(optarg); + break; default: help(0); @@ -985,7 +1002,6 @@ void updateTopIpAddress(u_int32_t addr, u_int8_t version, const char *proto, int min = count; int update = 0; int min_i = 0; - int r; int i; if(count == 0) return; @@ -1117,6 +1133,7 @@ static struct receiver *cutBackTo(struct receiver **receivers, u_int32_t size, u HASH_DEL(*receivers, r); free(r); } + return NULL; } /* *********************************************** */ @@ -1381,7 +1398,7 @@ static void debug_printf(u_int32_t protocol, void *id_struct, struct tm result; #endif - if(log_level <= nDPI_traceLevel) { + if(log_level <= nDPI_LogLevel) { char buf[8192], out_buf[8192]; char theDate[32]; const char *extra_msg = ""; diff --git a/example/ndpi_util.c b/example/ndpi_util.c index d57e9e90e..11f66049c 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -105,6 +105,61 @@ static void free_wrapper(void *freeable) { /* ***************************************************** */ +static uint16_t ndpi_get_proto_id(struct ndpi_detection_module_struct *ndpi_mod, const char *name) { + uint16_t proto_id; + char *e; + unsigned long p = strtol(name,&e,0); + if(e && !*e) { + if(p < NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS && + ndpi_mod->proto_defaults[p].protoName) return (uint16_t)p; + return NDPI_PROTOCOL_UNKNOWN; + } + for(proto_id=NDPI_PROTOCOL_UNKNOWN; proto_id < NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS; proto_id++) { + if(ndpi_mod->proto_defaults[proto_id].protoName && + !strcasecmp(ndpi_mod->proto_defaults[proto_id].protoName,name)) + return proto_id; + } + return NDPI_PROTOCOL_UNKNOWN; +} +static NDPI_PROTOCOL_BITMASK debug_bitmask; +static char _proto_delim[] = " \t,:;"; +static int parse_debug_proto(struct ndpi_detection_module_struct *ndpi_mod, char *str) { +char *n; +uint16_t proto; +char op=1; +for(n = strtok(str,_proto_delim); n && *n; n = strtok(NULL,_proto_delim)) { + if(*n == '-') { + op = 0; + n++; + } else if(*n == '+') { + op = 1; + n++; + } + if(!strcmp(n,"all")) { + if(op) + NDPI_BITMASK_SET_ALL(debug_bitmask); + else + NDPI_BITMASK_RESET(debug_bitmask); + continue; + } + proto = ndpi_get_proto_id(ndpi_mod, n); + if(proto == NDPI_PROTOCOL_UNKNOWN && strcmp(n,"unknown") && strcmp(n,"0")) { + fprintf(stderr,"Invalid protocol %s\n",n); + return 1; + } + if(op) + NDPI_BITMASK_ADD(debug_bitmask,proto); + else + NDPI_BITMASK_DEL(debug_bitmask,proto); +} +return 0; +} + +/* ***************************************************** */ + +extern char *_debug_protocols; +static int _debug_protocols_ok = 0; + struct ndpi_workflow * ndpi_workflow_init(const struct ndpi_workflow_prefs * prefs, pcap_t * pcap_handle) { set_ndpi_malloc(malloc_wrapper), set_ndpi_free(free_wrapper); set_ndpi_flow_malloc(NULL), set_ndpi_flow_free(NULL); @@ -121,7 +176,18 @@ struct ndpi_workflow * ndpi_workflow_init(const struct ndpi_workflow_prefs * pre NDPI_LOG(0, NULL, NDPI_LOG_ERROR, "global structure initialization failed\n"); exit(-1); } + module->ndpi_log_level = nDPI_LogLevel; + if(_debug_protocols != NULL && ! _debug_protocols_ok) { + if(parse_debug_proto(module,_debug_protocols)) + exit(-1); + _debug_protocols_ok = 1; + } +#ifdef NDPI_ENABLE_DEBUG_MESSAGES + NDPI_BITMASK_RESET(module->debug_bitmask); + if(_debug_protocols_ok) + module->debug_bitmask = debug_bitmask; +#endif workflow->ndpi_flows_root = ndpi_calloc(workflow->prefs.num_roots, sizeof(void *)); return workflow; } diff --git a/example/ndpi_util.h b/example/ndpi_util.h index 51bc09ddb..7abebe4f5 100644 --- a/example/ndpi_util.h +++ b/example/ndpi_util.h @@ -179,4 +179,7 @@ int ndpi_workflow_node_cmp(const void *a, const void *b); void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_flow_info *flow); u_int32_t ethernet_crc32(const void* data, size_t n_bytes); void ndpi_flow_info_freer(void *node); + +extern int nDPI_LogLevel; + #endif diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 4193a2c57..2062974ad 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -383,6 +383,20 @@ extern "C" { u_int16_t master_protocol_id); + /** + * Exclude protocol from search + * + * @par ndpi_struct = the detection module + * @par flow = the flow where match the host + * @par master_protocol_id = value of the ID associated to the master protocol detected + * + */ + void ndpi_exclude_protocol(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, + u_int16_t master_protocol_id, + const char *_file, const char *_func,int _line); + + /** * Check if the string -bigram_to_match- match with a bigram of -automa- * diff --git a/src/include/ndpi_define.h.in b/src/include/ndpi_define.h.in index 33c3c622e..c6c1f4481 100644 --- a/src/include/ndpi_define.h.in +++ b/src/include/ndpi_define.h.in @@ -180,24 +180,67 @@ #define NDPI_SOULSEEK_CONNECTION_IP_TICK_TIMEOUT 600 #ifdef NDPI_ENABLE_DEBUG_MESSAGES -#define NDPI_LOG(proto, m, log_level, args...) \ + #define NDPI_LOG(proto, m, log_level, args...) \ { \ struct ndpi_detection_module_struct *mod = (struct ndpi_detection_module_struct*) m; \ - if(mod != NULL) { \ - mod->ndpi_debug_print_file=__FILE__; \ - mod->ndpi_debug_print_function=__FUNCTION__; \ - mod->ndpi_debug_print_line=__LINE__; \ - (*(mod->ndpi_debug_printf))(proto, mod, log_level, args); \ - } \ + if(mod != NULL && mod->ndpi_debug_printf != NULL) \ + (*(mod->ndpi_debug_printf))(proto, mod, log_level, __FILE__, __FUNCTION__, __LINE__, args); \ } -#else /* NDPI_ENABLE_DEBUG_MESSAGES */ -#ifdef WIN32 -#define NDPI_LOG(...) {} -#else -#define NDPI_LOG(proto, mod, log_level, args...) {} -#endif + + /* We must define NDPI_CURRENT_PROTO before include ndpi_main.h !!! + * + * #include "ndpi_protocol_ids.h" + * #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_XXXX + * #include "ndpi_api.h" + * + */ + + #ifndef NDPI_CURRENT_PROTO + #define NDPI_CURRENT_PROTO NDPI_PROTO_UNKNOWN + #endif + + #define NDPI_LOG_ERR(mod, args...) \ + if(mod && mod->ndpi_log_level >= NDPI_LOG_ERROR) { \ + if(mod != NULL && mod->ndpi_debug_printf != NULL) \ + (*(mod->ndpi_debug_printf))(NDPI_CURRENT_PROTO, mod, NDPI_LOG_ERROR , __FILE__, __FUNCTION__, __LINE__, args); \ + } + + #define NDPI_LOG_INFO(mod, args...) \ + if(mod && mod->ndpi_log_level >= NDPI_LOG_TRACE) { \ + if(mod != NULL && mod->ndpi_debug_printf != NULL) \ + (*(mod->ndpi_debug_printf))(NDPI_CURRENT_PROTO, mod, NDPI_LOG_TRACE , __FILE__, __FUNCTION__, __LINE__, args); \ + } + + #define NDPI_LOG_DBG(mod, args...) \ + if(mod && mod->ndpi_log_level >= NDPI_LOG_DEBUG) { \ + if(mod != NULL && mod->ndpi_debug_printf != NULL) \ + (*(mod->ndpi_debug_printf))(NDPI_CURRENT_PROTO, mod, NDPI_LOG_DEBUG , __FILE__, __FUNCTION__, __LINE__, args); \ + } + + #define NDPI_LOG_DBG2(mod, args...) \ + if(mod && mod->ndpi_log_level >= NDPI_LOG_DEBUG_EXTRA) { \ + if(mod != NULL && mod->ndpi_debug_printf != NULL) \ + (*(mod->ndpi_debug_printf))(NDPI_CURRENT_PROTO, mod, NDPI_LOG_DEBUG_EXTRA , __FILE__, __FUNCTION__, __LINE__, args); \ + } + +#else /* not defined NDPI_ENABLE_DEBUG_MESSAGES */ +# ifdef WIN32 +# define NDPI_LOG(...) {} +# define NDPI_LOG_ERR(...) {} +# define NDPI_LOG_INFO(...) {} +# define NDPI_LOG_DBG(...) {} +# define NDPI_LOG_DBG2(...) {} +# else +# define NDPI_LOG(proto, mod, log_level, args...) {} +# define NDPI_LOG_ERR(mod, args...) {} +# define NDPI_LOG_INFO(mod, args...) {} +# define NDPI_LOG_DBG(mod, args...) {} +# define NDPI_LOG_DBG2(mod, args...) {} +# endif #endif /* NDPI_ENABLE_DEBUG_MESSAGES */ +#define NDPI_EXCLUDE_PROTO(mod,flow) ndpi_exclude_protocol(mod, flow, NDPI_CURRENT_PROTO, __FILE__, __FUNCTION__, __LINE__) + /** * macro for getting the string len of a static string * diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 33043fde5..92b6a1a7a 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -36,7 +36,8 @@ typedef enum { NDPI_LOG_ERROR, NDPI_LOG_TRACE, - NDPI_LOG_DEBUG + NDPI_LOG_DEBUG, + NDPI_LOG_DEBUG_EXTRA } ndpi_log_level_t; /* NDPI_VISIT */ @@ -859,12 +860,14 @@ struct ndpi_detection_module_struct { ndpi_default_ports_tree_node_t *tcpRoot, *udpRoot; + ndpi_log_level_t ndpi_log_level; /* default error */ #ifdef NDPI_ENABLE_DEBUG_MESSAGES /* debug callback, only set when debug is used */ ndpi_debug_function_ptr ndpi_debug_printf; const char *ndpi_debug_print_file; const char *ndpi_debug_print_function; u_int32_t ndpi_debug_print_line; + NDPI_PROTOCOL_BITMASK debug_bitmask; #endif /* misc parameters */ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index d7583f520..1e01489e7 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -24,6 +24,9 @@ #include #include #include "ahocorasick.h" + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_UNKNOWN + #include "ndpi_api.h" #include "../../config.h" @@ -36,6 +39,7 @@ #include "third_party/include/ndpi_patricia.h" #include "third_party/src/ndpi_patricia.c" +static int _ndpi_debug_callbacks = 0; /* implementation of the punycode check function */ int check_punycode_string(char * buffer , int len) @@ -301,10 +305,12 @@ int strncasecmp(s1, s2, n) /* ****************************************** */ /* Forward */ -static void addDefaultPort(ndpi_port_range *range, +static void addDefaultPort(struct ndpi_detection_module_struct *ndpi_mod, + ndpi_port_range *range, ndpi_proto_defaults_t *def, u_int8_t customUserProto, - ndpi_default_ports_tree_node_t **root); + ndpi_default_ports_tree_node_t **root, + const char *_func, int _line); static int removeDefaultPort(ndpi_port_range *range, ndpi_proto_defaults_t *def, @@ -477,6 +483,27 @@ u_int8_t ndpi_is_subprotocol_informative(struct ndpi_detection_module_struct *nd return(0); } } +/* ********************************************************************************** */ + +void ndpi_exclude_protocol(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, + u_int16_t protocol_id, + const char *_file, const char *_func,int _line) { + + if(protocol_id < NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS) { +#ifdef NDPI_ENABLE_DEBUG_MESSAGES + if ( ndpi_struct && + ndpi_struct->ndpi_log_level >= NDPI_LOG_DEBUG && + ndpi_struct->ndpi_debug_printf != NULL) { + + (*(ndpi_struct->ndpi_debug_printf))(protocol_id, ndpi_struct, NDPI_LOG_DEBUG, + _file, _func, _line, "exclude %s\n",ndpi_get_proto_name(ndpi_struct, protocol_id)); + + } +#endif + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, protocol_id); + } +} /* ********************************************************************************** */ @@ -490,14 +517,14 @@ void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod, if(protoId >= NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS) { #ifdef DEBUG - printf("[NDPI] %s(%s/protoId=%d): INTERNAL ERROR\n", __FUNCTION__, protoName, protoId); + NDPI_LOG_ERR(ndpi_mod, "[NDPI] %s/protoId=%d: INTERNAL ERROR\n", protoName, protoId); #endif return; } if(ndpi_mod->proto_defaults[protoId].protoName != NULL) { #ifdef DEBUG - printf("[NDPI] %s(%s/protoId=%d): already initialized. Ignoring it\n", __FUNCTION__, protoName, protoId); + NDPI_LOG_ERR(ndpi_mod, "[NDPI] %s/protoId=%d: already initialized. Ignoring it\n", protoName, protoId); #endif return; } @@ -513,8 +540,8 @@ void ndpi_set_proto_defaults(struct ndpi_detection_module_struct *ndpi_mod, memcpy(&ndpi_mod->proto_defaults[protoId].master_udp_protoId, udp_master_protoId, 2*sizeof(u_int16_t)); for(j=0; jproto_defaults[protoId], 0, &ndpi_mod->udpRoot); - if(tcpDefPorts[j].port_low != 0) addDefaultPort(&tcpDefPorts[j], &ndpi_mod->proto_defaults[protoId], 0, &ndpi_mod->tcpRoot); + if(udpDefPorts[j].port_low != 0) addDefaultPort(ndpi_mod, &udpDefPorts[j], &ndpi_mod->proto_defaults[protoId], 0, &ndpi_mod->udpRoot, __FUNCTION__,__LINE__); + if(tcpDefPorts[j].port_low != 0) addDefaultPort(ndpi_mod, &tcpDefPorts[j], &ndpi_mod->proto_defaults[protoId], 0, &ndpi_mod->tcpRoot, __FUNCTION__,__LINE__); } } @@ -536,7 +563,6 @@ void ndpi_default_ports_tree_node_t_walker(const void *node, const ndpi_VISIT wh { ndpi_default_ports_tree_node_t *f = *(ndpi_default_ports_tree_node_t **)node; - printf("<%d>Walk on node %s (%u)\n", depth, which == ndpi_preorder?"ndpi_preorder": @@ -548,10 +574,12 @@ void ndpi_default_ports_tree_node_t_walker(const void *node, const ndpi_VISIT wh /* ******************************************************************** */ -static void addDefaultPort(ndpi_port_range *range, +static void addDefaultPort(struct ndpi_detection_module_struct *ndpi_mod, + ndpi_port_range *range, ndpi_proto_defaults_t *def, u_int8_t customUserProto, - ndpi_default_ports_tree_node_t **root) + ndpi_default_ports_tree_node_t **root, + const char *_func, int _line) { ndpi_default_ports_tree_node_t *ret; u_int16_t port; @@ -560,7 +588,7 @@ static void addDefaultPort(ndpi_port_range *range, ndpi_default_ports_tree_node_t *node = (ndpi_default_ports_tree_node_t*)ndpi_malloc(sizeof(ndpi_default_ports_tree_node_t)); if(!node) { - printf("[NDPI] %s(): not enough memory\n", __FUNCTION__); + NDPI_LOG_ERR(ndpi_mod, "%s:%d not enough memory\n", _func, _line); break; } @@ -568,7 +596,8 @@ static void addDefaultPort(ndpi_port_range *range, ret = *(ndpi_default_ports_tree_node_t**)ndpi_tsearch(node, (void*)root, ndpi_default_ports_tree_node_t_cmp); /* Add it to the tree */ if(ret != node) { - /* printf("[NDPI] %s(): found duplicate for port %u: overwriting it with new value\n", __FUNCTION__, port); */ + NDPI_LOG_DBG(ndpi_mod, "[NDPI] %s:%d found duplicate for port %u: overwriting it with new value\n", + _func, _line, port); ret->proto = def; ndpi_free(node); @@ -616,7 +645,7 @@ static int ndpi_string_to_automa(struct ndpi_detection_module_struct *ndpi_struc AC_PATTERN_t ac_pattern; if(protocol_id >= (NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS)) { - printf("[NDPI] %s(protoId=%d): INTERNAL ERROR\n", __FUNCTION__, protocol_id); + NDPI_LOG_ERR(ndpi_struct, "[NDPI] protoId=%d: INTERNAL ERROR\n", protocol_id); return(-1); } @@ -640,7 +669,7 @@ static int ndpi_add_host_url_subprotocol(struct ndpi_detection_module_struct *nd ndpi_protocol_breed_t breed) { #ifdef DEBUG - printf("[NDPI] Adding [%s][%d]\n", value, protocol_id); + NDPI_LOG_DEBUG2(ndpi_struct, "[NDPI] Adding [%s][%d]\n", value, protocol_id); #endif return(ndpi_string_to_automa(ndpi_struct, &ndpi_struct->host_automa, @@ -668,7 +697,7 @@ int ndpi_add_content_subprotocol(struct ndpi_detection_module_struct *ndpi_struc static int ndpi_remove_host_url_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, char *value, int protocol_id) { - printf("[NDPI] Missing implementation of %s()\n", __FUNCTION__); + NDPI_LOG_ERR(ndpi_struct, "[NDPI] Missing implementation for proto %s/%d\n",value,protocol_id); return(-1); } @@ -1686,9 +1715,8 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp if((ndpi_mod->proto_defaults[i].protoName == NULL) || ((i != NDPI_PROTOCOL_UNKNOWN) && (ndpi_mod->proto_defaults[i].protoCategory == NDPI_PROTOCOL_CATEGORY_UNSPECIFIED))) { - printf("[NDPI] %s(missing protoId=%d/%s) INTERNAL ERROR: not all protocols have been initialized\n", - __FUNCTION__, i, - ndpi_mod->proto_defaults[i].protoName ? ndpi_mod->proto_defaults[i].protoName : "???"); + NDPI_LOG_ERR(ndpi_mod, "[NDPI] missing protoId=%d/%s: INTERNAL ERROR: not all protocols have been initialized\n", + i, ndpi_mod->proto_defaults[i].protoName ? ndpi_mod->proto_defaults[i].protoName : "???"); } } } @@ -1837,22 +1865,26 @@ void set_ndpi_flow_malloc(void* (*__ndpi_flow_malloc)(size_t size)) { _ndpi_flow void set_ndpi_free(void (*__ndpi_free)(void *ptr)) { _ndpi_free = __ndpi_free; } void set_ndpi_flow_free(void (*__ndpi_flow_free)(void *ptr)) { _ndpi_flow_free = __ndpi_flow_free; } -void ndpi_debug_printf(unsigned int proto, struct ndpi_detection_module_struct *ndpi_str, ndpi_log_level_t log_level, const char * format, ...) +void ndpi_debug_printf(unsigned int proto, struct ndpi_detection_module_struct *ndpi_str, + ndpi_log_level_t log_level, const char *file_name, const char *func_name, int line_number, + const char * format, ...) { #ifdef NDPI_ENABLE_DEBUG_MESSAGES va_list args; #define MAX_STR_LEN 120 char str[MAX_STR_LEN]; + if(ndpi_str != NULL && log_level > NDPI_LOG_ERROR && + proto > 0 && proto < NDPI_MAX_SUPPORTED_PROTOCOLS && + !NDPI_ISSET(&ndpi_str->debug_bitmask,proto)) return; va_start(args, format); vsprintf(str, format, args); va_end(args); if (ndpi_str != NULL) { - char proto_name[64]; - snprintf(proto_name, sizeof(proto_name), "%s", ndpi_get_proto_name(ndpi_str, proto)); - printf("%s:%s:%u - Proto: %s, %s\n", ndpi_str->ndpi_debug_print_file, ndpi_str->ndpi_debug_print_function, ndpi_str->ndpi_debug_print_line, proto_name, str); + printf("%s:%s:%-3u - [%s]: %s", + file_name, func_name, line_number, ndpi_get_proto_name(ndpi_str, proto), str); } else { - printf("Proto: %u, %s\n", proto, str); + printf("Proto: %u, %s", proto, str); } #endif } @@ -1871,7 +1903,7 @@ struct ndpi_detection_module_struct *ndpi_init_detection_module(void) { if(ndpi_str == NULL) { #ifdef NDPI_ENABLE_DEBUG_MESSAGES - NDPI_LOG(0, ndpi_str, NDPI_LOG_DEBUG, "ndpi_init_detection_module initial malloc failed for ndpi_str\n"); + NDPI_LOG_ERR(ndpi_str, "ndpi_init_detection_module initial malloc failed for ndpi_str\n"); #endif /* NDPI_ENABLE_DEBUG_MESSAGES */ return NULL; } @@ -2166,7 +2198,7 @@ int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_mod, char* rule, at = strrchr(rule, '@'); if(at == NULL) { - printf("Invalid rule '%s'\n", rule); + NDPI_LOG_ERR(ndpi_mod, "Invalid rule '%s'\n", rule); return(-1); } else at[0] = 0, proto = &at[1]; @@ -2197,14 +2229,14 @@ int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_mod, char* rule, if(def == NULL) { if(!do_add) { /* We need to remove a rule */ - printf("Unable to find protocol '%s': skipping rule '%s'\n", proto, rule); + NDPI_LOG_ERR(ndpi_mod, "Unable to find protocol '%s': skipping rule '%s'\n", proto, rule); return(-3); } else { ndpi_port_range ports_a[MAX_DEFAULT_PORTS], ports_b[MAX_DEFAULT_PORTS]; u_int16_t no_master[2] = { NDPI_PROTOCOL_NO_MASTER_PROTO, NDPI_PROTOCOL_NO_MASTER_PROTO }; if(ndpi_mod->ndpi_num_custom_protocols >= (NDPI_MAX_NUM_CUSTOM_PROTOCOLS-1)) { - printf("Too many protocols defined (%u): skipping protocol %s\n", + NDPI_LOG_ERR(ndpi_mod, "Too many protocols defined (%u): skipping protocol %s\n", ndpi_mod->ndpi_num_custom_protocols, proto); return(-2); } @@ -2245,7 +2277,7 @@ int ndpi_handle_rule(struct ndpi_detection_module_struct *ndpi_mod, char* rule, if(sscanf(value, "%u-%u", (u_int32_t *)&range.port_low, (u_int32_t *)&range.port_high) != 2) range.port_low = range.port_high = atoi(&elem[4]); if(do_add) - addDefaultPort(&range, def, 1 /* Custom user proto */, is_tcp ? &ndpi_mod->tcpRoot : &ndpi_mod->udpRoot); + addDefaultPort(ndpi_mod, &range, def, 1 /* Custom user proto */, is_tcp ? &ndpi_mod->tcpRoot : &ndpi_mod->udpRoot, __FUNCTION__,__LINE__); else removeDefaultPort(&range, def, is_tcp ? &ndpi_mod->tcpRoot : &ndpi_mod->udpRoot); } else if(is_ip) { @@ -2280,7 +2312,7 @@ int ndpi_load_protocols_file(struct ndpi_detection_module_struct *ndpi_mod, char int i; if(fd == NULL) { - printf("Unable to open file %s [%s]", path, strerror(errno)); + NDPI_LOG_ERR(ndpi_mod, "Unable to open file %s [%s]", path, strerror(errno)); return(-1); } @@ -2320,14 +2352,18 @@ void ndpi_set_bitmask_protocol_detection(char * label, */ if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(*detection_bitmask, ndpi_protocol_id) != 0) { #ifdef DEBUG - NDPI_LOG(0, ndpi_struct, NDPI_LOG_DEBUG,"[NDPI] ndpi_set_bitmask_protocol_detection: %s : [callback_buffer] idx= %u, [proto_defaults] protocol_id=%u\n", label, idx, ndpi_protocol_id); + NDPI_LOG_DBG2(ndpi_struct + "[NDPI] ndpi_set_bitmask_protocol_detection: %s : [callback_buffer] idx= %u, [proto_defaults] protocol_id=%u\n", + label, idx, ndpi_protocol_id); #endif - if(ndpi_struct->proto_defaults[ndpi_protocol_id].protoIdx != 0) - printf("[NDPI] Internal error: protocol %s/%u has been already registered\n", label, ndpi_protocol_id); - else { + if(ndpi_struct->proto_defaults[ndpi_protocol_id].protoIdx != 0) { + NDPI_LOG_DBG2(ndpi_struct, + "[NDPI] Internal error: protocol %s/%u has been already registered\n", label, ndpi_protocol_id); #ifdef DEBUG - printf("[NDPI] Adding %s with protocol id %d\n", label, ndpi_protocol_id); + } else { + NDPI_LOG_DBG2(ndpi_struct, + "[NDPI] Adding %s with protocol id %d\n", label, ndpi_protocol_id); #endif } @@ -2810,7 +2846,7 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n ndpi_struct->callback_buffer_size = a; - NDPI_LOG(NDPI_PROTOCOL_UNKNOWN, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "callback_buffer_size is %u\n", ndpi_struct->callback_buffer_size); /* now build the specific buffer for tcp, udp and non_tcp_udp */ @@ -2821,7 +2857,7 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n & (NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP | NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_COMPLETE_TRAFFIC)) != 0) { - NDPI_LOG(NDPI_PROTOCOL_UNKNOWN, ndpi_struct, NDPI_LOG_DEBUG, + if(_ndpi_debug_callbacks) NDPI_LOG_DBG2(ndpi_struct, "callback_buffer_tcp_payload, adding buffer %u as entry %u\n", a, ndpi_struct->callback_buffer_size_tcp_payload); @@ -2831,7 +2867,7 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n if((ndpi_struct-> callback_buffer[a].ndpi_selection_bitmask & NDPI_SELECTION_BITMASK_PROTOCOL_HAS_PAYLOAD) == 0) { - NDPI_LOG(NDPI_PROTOCOL_UNKNOWN, ndpi_struct, NDPI_LOG_DEBUG, + if(_ndpi_debug_callbacks) NDPI_LOG_DBG2(ndpi_struct, "\tcallback_buffer_tcp_no_payload, additional adding buffer %u to no_payload process\n", a); memcpy(&ndpi_struct->callback_buffer_tcp_no_payload @@ -2848,7 +2884,7 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n NDPI_SELECTION_BITMASK_PROTOCOL_INT_TCP_OR_UDP | NDPI_SELECTION_BITMASK_PROTOCOL_COMPLETE_TRAFFIC)) != 0) { - NDPI_LOG(NDPI_PROTOCOL_UNKNOWN, ndpi_struct, NDPI_LOG_DEBUG, + if(_ndpi_debug_callbacks) NDPI_LOG_DBG2(ndpi_struct, "callback_buffer_size_udp: adding buffer : %u as entry %u\n", a, ndpi_struct->callback_buffer_size_udp); memcpy(&ndpi_struct->callback_buffer_udp[ndpi_struct->callback_buffer_size_udp], @@ -2865,7 +2901,7 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n == 0 || (ndpi_struct-> callback_buffer[a].ndpi_selection_bitmask & NDPI_SELECTION_BITMASK_PROTOCOL_COMPLETE_TRAFFIC) != 0) { - NDPI_LOG(NDPI_PROTOCOL_UNKNOWN, ndpi_struct, NDPI_LOG_DEBUG, + if(_ndpi_debug_callbacks) NDPI_LOG_DBG2(ndpi_struct, "callback_buffer_non_tcp_udp: adding buffer : %u as entry %u\n", a, ndpi_struct->callback_buffer_size_non_tcp_udp); memcpy(&ndpi_struct->callback_buffer_non_tcp_udp[ndpi_struct->callback_buffer_size_non_tcp_udp], @@ -2955,11 +2991,11 @@ static u_int8_t ndpi_detection_get_l4_internal(struct ndpi_detection_module_stru iph = (const struct ndpi_iphdr *) l3; if(iph->version == IPVERSION && iph->ihl >= 5) { - NDPI_LOG(NDPI_PROTOCOL_UNKNOWN, ndpi_struct, NDPI_LOG_DEBUG, "ipv4 header\n"); + NDPI_LOG_DBG2(ndpi_struct, "ipv4 header\n"); } #ifdef NDPI_DETECTION_SUPPORT_IPV6 else if(iph->version == 6 && l3_len >= sizeof(struct ndpi_ipv6hdr)) { - NDPI_LOG(NDPI_PROTOCOL_UNKNOWN, ndpi_struct, NDPI_LOG_DEBUG, "ipv6 header\n"); + NDPI_LOG_DBG2(ndpi_struct, "ipv6 header\n"); iph_v6 = (const struct ndpi_ipv6hdr *) iph; iph = NULL; } @@ -2969,12 +3005,12 @@ static u_int8_t ndpi_detection_get_l4_internal(struct ndpi_detection_module_stru } if((flags & NDPI_DETECTION_ONLY_IPV6) && iph != NULL) { - NDPI_LOG(NDPI_PROTOCOL_UNKNOWN, ndpi_struct, NDPI_LOG_DEBUG, "ipv4 header found but excluded by flag\n"); + NDPI_LOG_DBG2(ndpi_struct, "ipv4 header found but excluded by flag\n"); return 1; } #ifdef NDPI_DETECTION_SUPPORT_IPV6 else if((flags & NDPI_DETECTION_ONLY_IPV4) && iph_v6 != NULL) { - NDPI_LOG(NDPI_PROTOCOL_UNKNOWN, ndpi_struct, NDPI_LOG_DEBUG, "ipv6 header found but excluded by flag\n"); + NDPI_LOG_DBG2(ndpi_struct, "ipv6 header found but excluded by flag\n"); return 1; } #endif @@ -3073,12 +3109,12 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str #endif /* NDPI_DETECTION_SUPPORT_IPV6 */ if(decaps_iph && decaps_iph->version == IPVERSION && decaps_iph->ihl >= 5) { - NDPI_LOG(NDPI_PROTOCOL_UNKNOWN, ndpi_struct, NDPI_LOG_DEBUG, "ipv4 header\n"); + NDPI_LOG_DBG2(ndpi_struct, "ipv4 header\n"); } #ifdef NDPI_DETECTION_SUPPORT_IPV6 else if(decaps_iph && decaps_iph->version == 6 && l3len >= sizeof(struct ndpi_ipv6hdr) && (ndpi_struct->ip_version_limit & NDPI_DETECTION_ONLY_IPV4) == 0) { - NDPI_LOG(NDPI_PROTOCOL_UNKNOWN, ndpi_struct, NDPI_LOG_DEBUG, "ipv6 header\n"); + NDPI_LOG_DBG2(ndpi_struct, "ipv6 header\n"); flow->packet.iphv6 = (struct ndpi_ipv6hdr *)flow->packet.iph; flow->packet.iph = NULL; } @@ -3130,9 +3166,8 @@ static int ndpi_init_packet_header(struct ndpi_detection_module_struct *ndpi_str && flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) { memset(flow, 0, sizeof(*(flow))); - NDPI_LOG(NDPI_PROTOCOL_UNKNOWN, ndpi_struct, - NDPI_LOG_DEBUG, - "%s:%u: tcp syn packet for unknown protocol, reset detection state\n", __FUNCTION__, __LINE__); + NDPI_LOG_DBG(ndpi_struct, + "tcp syn packet for unknown protocol, reset detection state\n"); } } else { @@ -3351,11 +3386,11 @@ void check_ndpi_udp_flow_func(struct ndpi_detection_module_struct *ndpi_struct, && NDPI_BITMASK_COMPARE(ndpi_struct->callback_buffer_udp[a].detection_bitmask, detection_bitmask) != 0) { ndpi_struct->callback_buffer_udp[a].func(ndpi_struct, flow); - // NDPI_LOG(NDPI_PROTOCOL_UNKNOWN, ndpi_struct, NDPI_LOG_DEBUG, "[UDP,CALL] dissector of protocol as callback_buffer idx = %d\n",a); + // NDPI_LOG_DBG(ndpi_struct, "[UDP,CALL] dissector of protocol as callback_buffer idx = %d\n",a); if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) break; /* Stop after detecting the first protocol */ } else - NDPI_LOG(NDPI_PROTOCOL_UNKNOWN, ndpi_struct, NDPI_LOG_DEBUG, + if(_ndpi_debug_callbacks) NDPI_LOG_DBG2(ndpi_struct, "[UDP,SKIP] dissector of protocol as callback_buffer idx = %d\n",a); } } @@ -3560,6 +3595,9 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct u_int32_t a; ndpi_protocol ret = { NDPI_PROTOCOL_UNKNOWN, NDPI_PROTOCOL_UNKNOWN }; + if(ndpi_struct->ndpi_log_level >= NDPI_LOG_TRACE) + NDPI_LOG(flow ? flow->detected_protocol_stack[0]:NDPI_PROTOCOL_UNKNOWN, + ndpi_struct, NDPI_LOG_TRACE, "START packet processing\n"); if(flow == NULL) return(ret); @@ -3911,7 +3949,7 @@ void ndpi_parse_packet_line_info(struct ndpi_detection_module_struct *ndpi_struc flow->http.response_status_code[4]='\0'; - NDPI_LOG(NDPI_PROTOCOL_UNKNOWN, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "ndpi_parse_packet_line_info: HTTP response parsed: \"%.*s\"\n", packet->http_response.len, packet->http_response.ptr); } @@ -4138,13 +4176,13 @@ u_int16_t ndpi_check_for_email_address(struct ndpi_detection_module_struct *ndpi struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_DEBUG, "called ndpi_check_for_email_address\n"); + NDPI_LOG_DBG2(ndpi_struct, "called ndpi_check_for_email_address\n"); if(packet->payload_packet_len > counter && ((packet->payload[counter] >= 'a' && packet->payload[counter] <= 'z') || (packet->payload[counter] >= 'A' && packet->payload[counter] <= 'Z') || (packet->payload[counter] >= '0' && packet->payload[counter] <= '9') || packet->payload[counter] == '-' || packet->payload[counter] == '_')) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_DEBUG, "first letter\n"); + NDPI_LOG_DBG2(ndpi_struct, "first letter\n"); counter++; while (packet->payload_packet_len > counter && ((packet->payload[counter] >= 'a' && packet->payload[counter] <= 'z') @@ -4152,44 +4190,44 @@ u_int16_t ndpi_check_for_email_address(struct ndpi_detection_module_struct *ndpi || (packet->payload[counter] >= '0' && packet->payload[counter] <= '9') || packet->payload[counter] == '-' || packet->payload[counter] == '_' || packet->payload[counter] == '.')) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_DEBUG, "further letter\n"); + NDPI_LOG_DBG2(ndpi_struct, "further letter\n"); counter++; if(packet->payload_packet_len > counter && packet->payload[counter] == '@') { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_DEBUG, "@\n"); + NDPI_LOG_DBG2(ndpi_struct, "@\n"); counter++; while (packet->payload_packet_len > counter && ((packet->payload[counter] >= 'a' && packet->payload[counter] <= 'z') || (packet->payload[counter] >= 'A' && packet->payload[counter] <= 'Z') || (packet->payload[counter] >= '0' && packet->payload[counter] <= '9') || packet->payload[counter] == '-' || packet->payload[counter] == '_')) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_DEBUG, "letter\n"); + NDPI_LOG_DBG2(ndpi_struct, "letter\n"); counter++; if(packet->payload_packet_len > counter && packet->payload[counter] == '.') { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_DEBUG, ".\n"); + NDPI_LOG_DBG2(ndpi_struct, ".\n"); counter++; if(packet->payload_packet_len > counter + 1 && ((packet->payload[counter] >= 'a' && packet->payload[counter] <= 'z') && (packet->payload[counter + 1] >= 'a' && packet->payload[counter + 1] <= 'z'))) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_DEBUG, "two letters\n"); + NDPI_LOG_DBG2(ndpi_struct, "two letters\n"); counter += 2; if(packet->payload_packet_len > counter && (packet->payload[counter] == ' ' || packet->payload[counter] == ';')) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_DEBUG, "whitespace1\n"); + NDPI_LOG_DBG2(ndpi_struct, "whitespace1\n"); return counter; } else if(packet->payload_packet_len > counter && packet->payload[counter] >= 'a' && packet->payload[counter] <= 'z') { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_DEBUG, "one letter\n"); + NDPI_LOG_DBG2(ndpi_struct, "one letter\n"); counter++; if(packet->payload_packet_len > counter && (packet->payload[counter] == ' ' || packet->payload[counter] == ';')) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_DEBUG, "whitespace2\n"); + NDPI_LOG_DBG2(ndpi_struct, "whitespace2\n"); return counter; } else if(packet->payload_packet_len > counter && packet->payload[counter] >= 'a' && packet->payload[counter] <= 'z') { counter++; if(packet->payload_packet_len > counter && (packet->payload[counter] == ' ' || packet->payload[counter] == ';')) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_DEBUG, "whitespace3\n"); + NDPI_LOG_DBG2(ndpi_struct, "whitespace3\n"); return counter; } else { return 0; @@ -4835,7 +4873,6 @@ int ndpi_get_protocol_id(struct ndpi_detection_module_struct *ndpi_mod, char *pr void ndpi_dump_protocols(struct ndpi_detection_module_struct *ndpi_mod) { int i; - for(i=0; i<(int)ndpi_mod->ndpi_num_supported_protocols; i++) printf("[%3d] %s\n", i, ndpi_mod->proto_defaults[i].protoName); } @@ -4941,7 +4978,7 @@ static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_str strncpy(m, string_to_match, len); m[len] = '\0'; - printf("[NDPI] ndpi_match_host_subprotocol(%s): %s\n", + NDPI_LOG_DBG2(ndpi_struct, "[NDPI] ndpi_match_host_subprotocol(%s): %s\n", m, ndpi_struct->proto_defaults[matching_protocol_id].protoName); } #endif @@ -4959,7 +4996,7 @@ static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_str #ifdef DEBUG string_to_match[string_to_match_len] = '\0'; - printf("[NTOP] Unable to find a match for '%s'\n", string_to_match); + NDPI_LOG_DBG2(ndpi_struct, "[NTOP] Unable to find a match for '%s'\n", string_to_match); #endif return(NDPI_PROTOCOL_UNKNOWN); @@ -5073,7 +5110,6 @@ int NDPI_BITMASK_IS_EMPTY(NDPI_PROTOCOL_BITMASK a) { void NDPI_DUMP_BITMASK(NDPI_PROTOCOL_BITMASK a) { int i; - for(i=0; ipacket; + NDPI_LOG_DBG(ndpi_struct, "search AFP\n"); + if (packet->payload_packet_len >= sizeof(struct afpHeader)) { struct afpHeader *h = (struct afpHeader*)packet->payload; @@ -64,7 +70,7 @@ void ndpi_search_afp(struct ndpi_detection_module_struct *ndpi_struct, struct nd get_u_int32_t(packet->payload, 8) == htonl(packet->payload_packet_len - 16) && get_u_int32_t(packet->payload, 12) == 0 && get_u_int16_t(packet->payload, 16) == htons(0x0104)) { - NDPI_LOG(NDPI_PROTOCOL_AFP, ndpi_struct, NDPI_LOG_DEBUG, "AFP: DSI OpenSession detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found AFP: DSI OpenSession\n"); ndpi_int_afp_add_connection(ndpi_struct, flow); return; } @@ -73,14 +79,13 @@ void ndpi_search_afp(struct ndpi_detection_module_struct *ndpi_struct, struct nd && ((h->command >= 1) && (h->command <= 8)) && (h->reserved == 0) && (packet->payload_packet_len >= (sizeof(struct afpHeader)+ntohl(h->length)))) { - NDPI_LOG(NDPI_PROTOCOL_AFP, ndpi_struct, NDPI_LOG_DEBUG, "AFP: DSI detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found AFP: DSI\n"); ndpi_int_afp_add_connection(ndpi_struct, flow); return; } } - NDPI_LOG(NDPI_PROTOCOL_AFP, ndpi_struct, NDPI_LOG_DEBUG, "AFP excluded.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_AFP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/aimini.c b/src/lib/protocols/aimini.c index 147762815..fb439f817 100644 --- a/src/lib/protocols/aimini.c +++ b/src/lib/protocols/aimini.c @@ -23,10 +23,14 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_AIMINI +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_AIMINI + +#include "ndpi_api.h" + static void ndpi_int_aimini_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow/* , */ /* ndpi_protocol_type_t protocol_type */) @@ -50,43 +54,40 @@ static u_int8_t is_special_aimini_host(struct ndpi_int_one_line_struct host_line void ndpi_search_aimini(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; - - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, "search aimini.\n"); + NDPI_LOG_DBG(ndpi_struct, "search aimini\n"); if (packet->udp != NULL) { if (flow->l4.udp.aimini_stage == 0) { if (packet->payload_packet_len == 64 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x010b) { flow->l4.udp.aimini_stage = 1; - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, "stage = 1.\n"); + NDPI_LOG_DBG2(ndpi_struct, "stage = 1\n"); return; } if (packet->payload_packet_len == 136 && (ntohs(get_u_int16_t(packet->payload, 0)) == 0x01c9 || ntohs(get_u_int16_t(packet->payload, 0)) == 0x0165)) { flow->l4.udp.aimini_stage = 4; - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, "stage = 4.\n"); + NDPI_LOG_DBG2(ndpi_struct, "stage = 4\n"); return; } if (packet->payload_packet_len == 88 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0101) { flow->l4.udp.aimini_stage = 7; - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, "stage = 7.\n"); + NDPI_LOG_DBG2(ndpi_struct, "stage = 7\n"); return; } if (packet->payload_packet_len == 104 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0102) { flow->l4.udp.aimini_stage = 10; - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, "stage = 10.\n"); + NDPI_LOG_DBG2(ndpi_struct, "stage = 10\n"); return; } if (packet->payload_packet_len == 32 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x01ca) { flow->l4.udp.aimini_stage = 13; - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, "stage = 13.\n"); + NDPI_LOG_DBG2(ndpi_struct, "stage = 13\n"); return; } if (packet->payload_packet_len == 16 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x010c) { flow->l4.udp.aimini_stage = 16; - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, "stage = 16.\n"); + NDPI_LOG_DBG2(ndpi_struct, "stage = 16\n"); return; } } @@ -96,7 +97,7 @@ void ndpi_search_aimini(struct ndpi_detection_module_struct *ndpi_struct, struct if (flow->l4.udp.aimini_stage == 1 && packet->payload_packet_len > 100 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0115) { flow->l4.udp.aimini_stage = 2; - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, "stage = 2.\n"); + NDPI_LOG_DBG2(ndpi_struct, "stage = 2\n"); return; } if (flow->l4.udp.aimini_stage == 2 && @@ -104,14 +105,14 @@ void ndpi_search_aimini(struct ndpi_detection_module_struct *ndpi_struct, struct (packet->payload_packet_len == 64 && get_u_int16_t(packet->payload, 0) == htons(0x010b)) || (packet->payload_packet_len == 88 && get_u_int16_t(packet->payload, 0) == ntohs(0x0115)))) { flow->l4.udp.aimini_stage = 3; - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, "stage = 3.\n"); + NDPI_LOG_DBG2(ndpi_struct, "stage = 3\n"); return; } if (flow->l4.udp.aimini_stage == 3 && ((packet->payload_packet_len == 16 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x010c) || (packet->payload_packet_len == 64 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x010b) || (packet->payload_packet_len > 100 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0115))) { - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, "found aimini (64, 0x010b), (>300, 0x0115), " + NDPI_LOG_INFO(ndpi_struct, "found aimini (64, 0x010b), (>300, 0x0115), " "(16, 0x010c || 64, 0x010b), (16, 0x010c || 64, 0x010b || >100, 0x0115).\n"); ndpi_int_aimini_add_connection(ndpi_struct, flow); return; @@ -122,14 +123,14 @@ void ndpi_search_aimini(struct ndpi_detection_module_struct *ndpi_struct, struct if (flow->l4.udp.aimini_stage == 4 && packet->payload_packet_len == 136 && (ntohs(get_u_int16_t(packet->payload, 0)) == 0x01c9 || ntohs(get_u_int16_t(packet->payload, 0)) == 0x0165)) { flow->l4.udp.aimini_stage = 5; - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, "stage = 5.\n"); + NDPI_LOG_DBG2(ndpi_struct, "stage = 5\n"); return; } if (flow->l4.udp.aimini_stage == 5 && (packet->payload_packet_len == 136 && (ntohs(get_u_int16_t(packet->payload, 0)) == 0x01c9 || ntohs(get_u_int16_t(packet->payload, 0)) == 0x0165))) { flow->l4.udp.aimini_stage = 6; - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, "stage = 6.\n"); + NDPI_LOG_DBG2(ndpi_struct, "stage = 6\n"); return; } if (flow->l4.udp.aimini_stage == 6 && ((packet->payload_packet_len == 136 @@ -137,7 +138,7 @@ void ndpi_search_aimini(struct ndpi_detection_module_struct *ndpi_struct, struct || ntohs(get_u_int16_t(packet->payload, 0)) == 0x01c9)) || (packet->payload_packet_len == 32 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x01ca))) { - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_INFO(ndpi_struct, "found aimini (136, 0x01c9), (136, 0x01c9)," "(136, 0x01c9),(136, 0x01c9 || 32, 0x01ca).\n"); ndpi_int_aimini_add_connection(ndpi_struct, flow); return; @@ -148,18 +149,18 @@ void ndpi_search_aimini(struct ndpi_detection_module_struct *ndpi_struct, struct if (flow->l4.udp.aimini_stage == 7 && packet->payload_packet_len == 88 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0101) { flow->l4.udp.aimini_stage = 8; - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, "stage = 8.\n"); + NDPI_LOG_DBG2(ndpi_struct, "stage = 8\n"); return; } if (flow->l4.udp.aimini_stage == 8 && (packet->payload_packet_len == 88 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0101)) { flow->l4.udp.aimini_stage = 9; - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, "stage = 9.\n"); + NDPI_LOG_DBG2(ndpi_struct, "stage = 9\n"); return; } if (flow->l4.udp.aimini_stage == 9 && (packet->payload_packet_len == 88 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0101)) { - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_INFO(ndpi_struct, "found aimini (88, 0x0101), (88, 0x0101)," "(88, 0x0101),(88, 0x0101).\n"); ndpi_int_aimini_add_connection(ndpi_struct, flow); return; @@ -170,19 +171,19 @@ void ndpi_search_aimini(struct ndpi_detection_module_struct *ndpi_struct, struct if (flow->l4.udp.aimini_stage == 10 && packet->payload_packet_len == 104 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0102) { flow->l4.udp.aimini_stage = 11; - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, "stage = 11.\n"); + NDPI_LOG_DBG2(ndpi_struct, "stage = 11\n"); return; } if (flow->l4.udp.aimini_stage == 11 && (packet->payload_packet_len == 104 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0102)) { flow->l4.udp.aimini_stage = 12; - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, "stage = 12.\n"); + NDPI_LOG_DBG2(ndpi_struct, "stage = 12\n"); return; } if (flow->l4.udp.aimini_stage == 12 && ((packet->payload_packet_len == 104 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0102) || (packet->payload_packet_len == 32 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x01ca))) { - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_INFO(ndpi_struct, "found aimini (104, 0x0102), (104, 0x0102), " "(104, 0x0102), (104, 0x0102).\n"); ndpi_int_aimini_add_connection(ndpi_struct, flow); return; @@ -193,20 +194,20 @@ void ndpi_search_aimini(struct ndpi_detection_module_struct *ndpi_struct, struct if (flow->l4.udp.aimini_stage == 13 && packet->payload_packet_len == 32 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x01ca) { flow->l4.udp.aimini_stage = 14; - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, "stage = 14.\n"); + NDPI_LOG_DBG2(ndpi_struct, "stage = 14\n"); return; } if (flow->l4.udp.aimini_stage == 14 && ((packet->payload_packet_len == 32 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x01ca) || (packet->payload_packet_len == 136 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0166))) { flow->l4.udp.aimini_stage = 15; - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, "stage = 15.\n"); + NDPI_LOG_DBG2(ndpi_struct, "stage = 15\n"); return; } if (flow->l4.udp.aimini_stage == 15 && ((packet->payload_packet_len == 136 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0166) || (packet->payload_packet_len == 32 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x01ca))) { - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_INFO(ndpi_struct, "found aimini (32,0x01ca), (32,0x01ca), (32,0x01ca), ((136, 0x0166)||(32,0x01ca)).\n"); ndpi_int_aimini_add_connection(ndpi_struct, flow); return; @@ -217,18 +218,18 @@ void ndpi_search_aimini(struct ndpi_detection_module_struct *ndpi_struct, struct if (flow->l4.udp.aimini_stage == 16 && packet->payload_packet_len == 16 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x010c) { flow->l4.udp.aimini_stage = 17; - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, "stage = 17.\n"); + NDPI_LOG_DBG2(ndpi_struct, "stage = 17\n"); return; } if (flow->l4.udp.aimini_stage == 17 && (packet->payload_packet_len == 16 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x010c)) { flow->l4.udp.aimini_stage = 18; - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, "stage = 18.\n"); + NDPI_LOG_DBG2(ndpi_struct, "stage = 18\n"); return; } if (flow->l4.udp.aimini_stage == 18 && (packet->payload_packet_len == 16 && ntohs(get_u_int16_t(packet->payload, 0)) == 0x010c)) { - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_INFO(ndpi_struct, "found aimini (16, 0x010c), (16, 0x010c), (16, 0x010c), (16, 0x010c).\n"); ndpi_int_aimini_add_connection(ndpi_struct, flow); return; @@ -238,11 +239,11 @@ void ndpi_search_aimini(struct ndpi_detection_module_struct *ndpi_struct, struct (memcmp(packet->payload, "GET /player/", NDPI_STATICSTRING_LEN("GET /player/")) == 0)) || (packet->payload_packet_len > NDPI_STATICSTRING_LEN("GET /play/?fid=") && (memcmp(packet->payload, "GET /play/?fid=", NDPI_STATICSTRING_LEN("GET /play/?fid=")) == 0))) { - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, "HTTP packet detected.\n"); + NDPI_LOG_DBG2(ndpi_struct, "HTTP packet detected\n"); ndpi_parse_packet_line_info(ndpi_struct, flow); if (packet->host_line.ptr != NULL && packet->host_line.len > 11 && (memcmp(&packet->host_line.ptr[packet->host_line.len - 11], ".aimini.net", 11) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, "AIMINI HTTP traffic detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found AIMINI HTTP traffic\n"); ndpi_int_aimini_add_connection(ndpi_struct, flow); return; } @@ -255,8 +256,8 @@ void ndpi_search_aimini(struct ndpi_detection_module_struct *ndpi_struct, struct NDPI_STATICSTRING_LEN("download/")) == 0) { ndpi_parse_packet_line_info(ndpi_struct, flow); if (is_special_aimini_host(packet->host_line) == 1) { - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, - "AIMINI HTTP traffic detected.\n"); + NDPI_LOG_INFO(ndpi_struct, + "found AIMINI HTTP traffic\n"); ndpi_int_aimini_add_connection(ndpi_struct, flow); return; } @@ -266,8 +267,8 @@ void ndpi_search_aimini(struct ndpi_detection_module_struct *ndpi_struct, struct NDPI_STATICSTRING_LEN("upload/")) == 0) { ndpi_parse_packet_line_info(ndpi_struct, flow); if (is_special_aimini_host(packet->host_line) == 1) { - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, - "AIMINI HTTP traffic detected.\n"); + NDPI_LOG_INFO(ndpi_struct, + "found AIMINI HTTP traffic detected.\n"); ndpi_int_aimini_add_connection(ndpi_struct, flow); return; } @@ -276,8 +277,7 @@ void ndpi_search_aimini(struct ndpi_detection_module_struct *ndpi_struct, struct } } - NDPI_LOG(NDPI_PROTOCOL_AIMINI, ndpi_struct, NDPI_LOG_DEBUG, "exclude aimini.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_AIMINI); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/amqp.c b/src/lib/protocols/amqp.c index 72bbc0a38..6b530c16d 100644 --- a/src/lib/protocols/amqp.c +++ b/src/lib/protocols/amqp.c @@ -18,10 +18,15 @@ * */ +#include "ndpi_protocol_ids.h" -#include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_AMQP +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_AMQP + +#include "ndpi_api.h" + + PACK_ON struct amqp_header { u_int8_t ptype; @@ -39,7 +44,7 @@ static void ndpi_int_amqp_add_connection(struct ndpi_detection_module_struct *nd void ndpi_search_amqp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_AMQP, ndpi_struct, NDPI_LOG_DEBUG, "search amqp. \n"); + NDPI_LOG_DBG(ndpi_struct, "search amqp\n"); if (packet->tcp != NULL) { if(packet->payload_packet_len > sizeof(struct amqp_header)) { @@ -57,7 +62,7 @@ void ndpi_search_amqp(struct ndpi_detection_module_struct *ndpi_struct, struct n u_int16_t method = htons(h->method); if(method <= 120 /* Method basic NACK */) { - NDPI_LOG(NDPI_PROTOCOL_AMQP, ndpi_struct, NDPI_LOG_DEBUG, "found amqp over tcp. \n"); + NDPI_LOG_INFO(ndpi_struct, "found amqp over tcp\n"); ndpi_int_amqp_add_connection(ndpi_struct, flow); return; } @@ -65,6 +70,8 @@ void ndpi_search_amqp(struct ndpi_detection_module_struct *ndpi_struct, struct n } } } + } else { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } diff --git a/src/lib/protocols/applejuice.c b/src/lib/protocols/applejuice.c index a7ef0ce65..a80c39d7f 100644 --- a/src/lib/protocols/applejuice.c +++ b/src/lib/protocols/applejuice.c @@ -22,10 +22,14 @@ * */ +#include "ndpi_protocol_ids.h" -#include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_APPLEJUICE +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_APPLEJUICE + +#include "ndpi_api.h" + static void ndpi_int_applejuice_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -37,21 +41,18 @@ void ndpi_search_applejuice_tcp(struct ndpi_detection_module_struct *ndpi_struct struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; -// struct ndpi_id_struct *src=ndpi_struct->src; -// struct ndpi_id_struct *dst=ndpi_struct->dst; - NDPI_LOG(NDPI_PROTOCOL_APPLEJUICE, ndpi_struct, NDPI_LOG_DEBUG, "search applejuice.\n"); + NDPI_LOG_DBG(ndpi_struct, "search applejuice\n"); if ((packet->payload_packet_len > 7) && (packet->payload[6] == 0x0d) && (packet->payload[7] == 0x0a) && (memcmp(packet->payload, "ajprot", 6) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_APPLEJUICE, ndpi_struct, NDPI_LOG_DEBUG, "detected applejuice.\n"); + NDPI_LOG_INFO(ndpi_struct, "found applejuice\n"); ndpi_int_applejuice_add_connection(ndpi_struct, flow); return; } - NDPI_LOG(NDPI_PROTOCOL_APPLEJUICE, ndpi_struct, NDPI_LOG_DEBUG, "exclude applejuice.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_APPLEJUICE); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/armagetron.c b/src/lib/protocols/armagetron.c index 61a32326e..7f4fb9ec0 100644 --- a/src/lib/protocols/armagetron.c +++ b/src/lib/protocols/armagetron.c @@ -22,27 +22,26 @@ * */ - -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_ARMAGETRON +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_ARMAGETRON + +#include "ndpi_api.h" + static void ndpi_int_armagetron_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ARMAGETRON, NDPI_PROTOCOL_UNKNOWN); } void ndpi_search_armagetron_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; - - NDPI_LOG(NDPI_PROTOCOL_ARMAGETRON, ndpi_struct, NDPI_LOG_DEBUG, "search armagetron.\n"); + NDPI_LOG_DBG(ndpi_struct, "search armagetron\n"); if (packet->payload_packet_len > 10) { /* login request */ @@ -52,7 +51,7 @@ void ndpi_search_armagetron_udp(struct ndpi_detection_module_struct *ndpi_struct goto exclude; if (get_u_int16_t(packet->payload, 6) == htons(0x0008) && get_u_int16_t(packet->payload, packet->payload_packet_len - 2) == 0) { - NDPI_LOG(NDPI_PROTOCOL_ARMAGETRON, ndpi_struct, NDPI_LOG_DEBUG, "detected armagetron.\n"); + NDPI_LOG_INFO(ndpi_struct, "found armagetron\n"); ndpi_int_armagetron_add_connection(ndpi_struct, flow); return; } @@ -65,7 +64,7 @@ void ndpi_search_armagetron_udp(struct ndpi_detection_module_struct *ndpi_struct goto exclude; if (get_u_int32_t(packet->payload, 6) == htonl(0x00000500) && get_u_int32_t(packet->payload, 6 + 4) == htonl(0x00010000) && get_u_int16_t(packet->payload, packet->payload_packet_len - 2) == 0) { - NDPI_LOG(NDPI_PROTOCOL_ARMAGETRON, ndpi_struct, NDPI_LOG_DEBUG, "detected armagetron.\n"); + NDPI_LOG_INFO(ndpi_struct, "found armagetron\n"); ndpi_int_armagetron_add_connection(ndpi_struct, flow); return; } @@ -85,7 +84,7 @@ void ndpi_search_armagetron_udp(struct ndpi_detection_module_struct *ndpi_struct && (get_u_int32_t(packet->payload, 6 + 10 + val) == htonl(0x00010000) || get_u_int32_t(packet->payload, 6 + 10 + val) == htonl(0x00000001)) && get_u_int16_t(packet->payload, packet->payload_packet_len - 2) == 0) { - NDPI_LOG(NDPI_PROTOCOL_ARMAGETRON, ndpi_struct, NDPI_LOG_DEBUG, "detected armagetron.\n"); + NDPI_LOG_INFO(ndpi_struct, "found armagetron\n"); ndpi_int_armagetron_add_connection(ndpi_struct, flow); return; } @@ -94,8 +93,7 @@ void ndpi_search_armagetron_udp(struct ndpi_detection_module_struct *ndpi_struct } exclude: - NDPI_LOG(NDPI_PROTOCOL_ARMAGETRON, ndpi_struct, NDPI_LOG_DEBUG, "exclude armagetron.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_ARMAGETRON); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/ayiya.c b/src/lib/protocols/ayiya.c index 6e5401093..bc993cfe3 100644 --- a/src/lib/protocols/ayiya.c +++ b/src/lib/protocols/ayiya.c @@ -26,10 +26,14 @@ http://tools.ietf.org/html/rfc4891 */ +#include "ndpi_protocol_ids.h" -#include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_AYIYA +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_AYIYA + +#include "ndpi_api.h" + struct ayiya { u_int8_t flags[3]; u_int8_t next_header; @@ -42,6 +46,8 @@ void ndpi_search_ayiya(struct ndpi_detection_module_struct *ndpi_struct, struct { struct ndpi_packet_struct *packet = &flow->packet; + NDPI_LOG_DBG(ndpi_struct, "search AYIYA\n"); + if(packet->udp && (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN)) { /* Ayiya is udp based, port 5072 */ if ((packet->udp->source == htons(5072) || packet->udp->dest == htons(5072)) @@ -55,13 +61,15 @@ void ndpi_search_ayiya(struct ndpi_detection_module_struct *ndpi_struct, struct now = flow->packet.tick_timestamp; - if((epoch >= (now - fiveyears)) && (epoch <= (now+86400 /* 1 day */))) + if((epoch >= (now - fiveyears)) && (epoch <= (now+86400 /* 1 day */))) { + NDPI_LOG_INFO(ndpi_struct, "found AYIYA\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_AYIYA, NDPI_PROTOCOL_UNKNOWN); + } return; } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_AYIYA); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } diff --git a/src/lib/protocols/battlefield.c b/src/lib/protocols/battlefield.c index 6087e67a4..23a3749b2 100644 --- a/src/lib/protocols/battlefield.c +++ b/src/lib/protocols/battlefield.c @@ -22,10 +22,13 @@ * */ +#include "ndpi_protocol_ids.h" -#include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_BATTLEFIELD +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_BATTLEFIELD + +#include "ndpi_api.h" static void ndpi_int_battlefield_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -53,12 +56,12 @@ void ndpi_search_battlefield(struct ndpi_detection_module_struct *ndpi_struct, s if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_BATTLEFIELD) { if (src != NULL && ((u_int32_t) (packet->tick_timestamp - src->battlefield_ts) < ndpi_struct->battlefield_timeout)) { - NDPI_LOG(NDPI_PROTOCOL_BATTLEFIELD, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "battlefield : save src connection packet detected\n"); src->battlefield_ts = packet->tick_timestamp; } else if (dst != NULL && ((u_int32_t) (packet->tick_timestamp - dst->battlefield_ts) < ndpi_struct->battlefield_timeout)) { - NDPI_LOG(NDPI_PROTOCOL_BATTLEFIELD, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "battlefield : save dst connection packet detected\n"); dst->battlefield_ts = packet->tick_timestamp; } @@ -74,8 +77,7 @@ void ndpi_search_battlefield(struct ndpi_detection_module_struct *ndpi_struct, s } } else if (flow->l4.udp.battlefield_stage == 2 - packet->packet_direction) { if (packet->payload_packet_len > 8 && get_u_int32_t(packet->payload, 0) == flow->l4.udp.battlefield_msg_id) { - NDPI_LOG(NDPI_PROTOCOL_BATTLEFIELD, ndpi_struct, - NDPI_LOG_DEBUG, "Battlefield message and reply detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found Battlefield message and reply detected\n"); ndpi_int_battlefield_add_connection(ndpi_struct, flow); return; } @@ -91,28 +93,26 @@ void ndpi_search_battlefield(struct ndpi_detection_module_struct *ndpi_struct, s } else if (flow->l4.udp.battlefield_stage == 4 - packet->packet_direction) { if (packet->payload_packet_len == 7 && (packet->payload[0] == 0x02 || packet->payload[packet->payload_packet_len - 1] == 0xe0)) { - NDPI_LOG(NDPI_PROTOCOL_BATTLEFIELD, ndpi_struct, NDPI_LOG_DEBUG, - "Battlefield message and reply detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found Battlefield message and reply detected\n"); ndpi_int_battlefield_add_connection(ndpi_struct, flow); return; } } if (packet->payload_packet_len == 18 && memcmp(&packet->payload[5], "battlefield2\x00", 13) == 0) { - NDPI_LOG(NDPI_PROTOCOL_BATTLEFIELD, ndpi_struct, NDPI_LOG_DEBUG, "Battlefield 2 hello packet detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found Battlefield 2 hello packet detected\n"); ndpi_int_battlefield_add_connection(ndpi_struct, flow); return; } else if (packet->payload_packet_len > 10 && (memcmp(packet->payload, "\x11\x20\x00\x01\x00\x00\x50\xb9\x10\x11", 10) == 0 || memcmp(packet->payload, "\x11\x20\x00\x01\x00\x00\x30\xb9\x10\x11", 10) == 0 || memcmp(packet->payload, "\x11\x20\x00\x01\x00\x00\xa0\x98\x00\x11", 10) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_BATTLEFIELD, ndpi_struct, NDPI_LOG_DEBUG, "Battlefield safe pattern detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found Battlefield safe pattern detected\n"); ndpi_int_battlefield_add_connection(ndpi_struct, flow); return; } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_BATTLEFIELD); - return; + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/bgp.c b/src/lib/protocols/bgp.c index a45514b7d..f7896968b 100644 --- a/src/lib/protocols/bgp.c +++ b/src/lib/protocols/bgp.c @@ -20,16 +20,24 @@ * along with nDPI. If not, see . * */ -#include "ndpi_protocols.h" + +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_BGP +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_BGP + +#include "ndpi_api.h" + + /* this detection also works asymmetrically */ void ndpi_search_bgp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; u_int16_t bgp_port = htons(179); + NDPI_LOG_DBG(ndpi_struct, "search BGP\n"); + if(packet->tcp) { if(packet->payload_packet_len > 18 && packet->payload[18] < 5 @@ -38,13 +46,13 @@ void ndpi_search_bgp(struct ndpi_detection_module_struct *ndpi_struct, struct nd && (get_u_int64_t(packet->payload, 8) == 0xffffffffffffffffULL) && (ntohs(get_u_int16_t(packet->payload, 16)) <= packet->payload_packet_len)) { - NDPI_LOG(NDPI_PROTOCOL_BGP, ndpi_struct, NDPI_LOG_DEBUG, "BGP detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found BGP\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_BGP, NDPI_PROTOCOL_UNKNOWN); return; } } - /* exclude BGP */ - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_BGP); + + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/bittorrent.c b/src/lib/protocols/bittorrent.c index a3eef585c..727992702 100644 --- a/src/lib/protocols/bittorrent.c +++ b/src/lib/protocols/bittorrent.c @@ -23,8 +23,14 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" + #ifdef NDPI_PROTOCOL_BITTORRENT + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_BITTORRENT + +#include "ndpi_api.h" + #define NDPI_PROTOCOL_UNSAFE_DETECTION 0 #define NDPI_PROTOCOL_SAFE_DETECTION 1 @@ -87,10 +93,9 @@ static u_int8_t ndpi_int_search_bittorrent_tcp_zero(struct ndpi_detection_module if(flow->packet_counter == 2 && packet->payload_packet_len > 20) { if(memcmp(&packet->payload[0], "BitTorrent protocol", 19) == 0) { - NDPI_LOG(NDPI_PROTOCOL_BITTORRENT, - ndpi_struct, NDPI_LOG_TRACE, "BT: plain BitTorrent protocol detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found BT: plain\n"); ndpi_add_connection_as_bittorrent(ndpi_struct, flow, 19, 1, - NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION); + NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION); return 1; } } @@ -99,19 +104,18 @@ static u_int8_t ndpi_int_search_bittorrent_tcp_zero(struct ndpi_detection_module /* test for match 0x13+"BitTorrent protocol" */ if(packet->payload[0] == 0x13) { if(memcmp(&packet->payload[1], "BitTorrent protocol", 19) == 0) { - NDPI_LOG(NDPI_PROTOCOL_BITTORRENT, ndpi_struct, NDPI_LOG_TRACE, "BT: plain BitTorrent protocol detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found BT: plain\n"); ndpi_add_connection_as_bittorrent(ndpi_struct, flow, 20, 1, - NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION); + NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION); return 1; } } } if(packet->payload_packet_len > 23 && memcmp(packet->payload, "GET /webseed?info_hash=", 23) == 0) { - NDPI_LOG(NDPI_PROTOCOL_BITTORRENT, ndpi_struct, - NDPI_LOG_TRACE, "BT: plain webseed BitTorrent protocol detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found BT: plain webseed\n"); ndpi_add_connection_as_bittorrent(ndpi_struct, flow, -1, 1, - NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_WEBSEED_DETECTION); + NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_WEBSEED_DETECTION); return 1; } /* seen Azureus as server for webseed, possibly other servers existing, to implement */ @@ -119,10 +123,9 @@ static u_int8_t ndpi_int_search_bittorrent_tcp_zero(struct ndpi_detection_module /* no asymmetric detection possible for answer of pattern "GET /data?fid=". */ if(packet->payload_packet_len > 60 && memcmp(packet->payload, "GET /data?fid=", 14) == 0 && memcmp(&packet->payload[54], "&size=", 6) == 0) { - NDPI_LOG(NDPI_PROTOCOL_BITTORRENT, ndpi_struct, - NDPI_LOG_TRACE, "BT: plain Bitcomet persistent seed protocol detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found BT: plain Bitcomet persistent seed\n"); ndpi_add_connection_as_bittorrent(ndpi_struct, flow, -1, 1, - NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_WEBSEED_DETECTION); + NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_WEBSEED_DETECTION); return 1; } @@ -140,10 +143,9 @@ static u_int8_t ndpi_int_search_bittorrent_tcp_zero(struct ndpi_detection_module && ((packet->user_agent_line.len > 8 && memcmp(packet->user_agent_line.ptr, "Azureus ", 8) == 0) || (packet->user_agent_line.len >= 10 && memcmp(packet->user_agent_line.ptr, "BitTorrent", 10) == 0) || (packet->user_agent_line.len >= 11 && memcmp(packet->user_agent_line.ptr, "BTWebClient", 11) == 0))) { - NDPI_LOG(NDPI_PROTOCOL_BITTORRENT, ndpi_struct, - NDPI_LOG_TRACE, "Azureus /Bittorrent user agent line detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found BT: Azureus /Bittorrent user agent\n"); ndpi_add_connection_as_bittorrent(ndpi_struct, flow, -1, 1, - NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_WEBSEED_DETECTION); + NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_WEBSEED_DETECTION); return 1; } @@ -151,10 +153,9 @@ static u_int8_t ndpi_int_search_bittorrent_tcp_zero(struct ndpi_detection_module && (packet->user_agent_line.len >= 9 && memcmp(packet->user_agent_line.ptr, "Shareaza ", 9) == 0) && (packet->parsed_lines > 8 && packet->line[8].ptr != 0 && packet->line[8].len >= 9 && memcmp(packet->line[8].ptr, "X-Queue: ", 9) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_BITTORRENT, ndpi_struct, - NDPI_LOG_TRACE, "Bittorrent Shareaza detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found BT: Shareaza detected\n"); ndpi_add_connection_as_bittorrent(ndpi_struct, flow, -1, 1, - NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_WEBSEED_DETECTION); + NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_WEBSEED_DETECTION); return 1; } @@ -186,9 +187,9 @@ static u_int8_t ndpi_int_search_bittorrent_tcp_zero(struct ndpi_detection_module && packet->line[8].ptr != NULL && packet->line[8].len > 22 && memcmp(packet->line[8].ptr, "Cache-Control: no-cache", 23) == 0) { - NDPI_LOG(NDPI_PROTOCOL_BITTORRENT, ndpi_struct, NDPI_LOG_TRACE, "Bitcomet LTS detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found BT: Bitcomet LTS\n"); ndpi_add_connection_as_bittorrent(ndpi_struct, flow, -1, 1, - NDPI_PROTOCOL_UNSAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION); + NDPI_PROTOCOL_UNSAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION); return 1; } @@ -211,9 +212,9 @@ static u_int8_t ndpi_int_search_bittorrent_tcp_zero(struct ndpi_detection_module && packet->line[6].ptr != NULL && packet->line[6].len > 21 && memcmp(packet->line[6].ptr, "Connection: Keep-Alive", 22) == 0) { - NDPI_LOG(NDPI_PROTOCOL_BITTORRENT, ndpi_struct, NDPI_LOG_TRACE, "FlashGet detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found BT: FlashGet\n"); ndpi_add_connection_as_bittorrent(ndpi_struct, flow, -1, 1, - NDPI_PROTOCOL_UNSAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION); + NDPI_PROTOCOL_UNSAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION); return 1; } @@ -232,9 +233,9 @@ static u_int8_t ndpi_int_search_bittorrent_tcp_zero(struct ndpi_detection_module && packet->line[5].ptr != NULL && packet->line[5].len > 21 && memcmp(packet->line[5].ptr, "Connection: Keep-Alive", 22) == 0) { - NDPI_LOG(NDPI_PROTOCOL_BITTORRENT, ndpi_struct, NDPI_LOG_TRACE, "FlashGet detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found BT: FlashGet\n"); ndpi_add_connection_as_bittorrent(ndpi_struct, flow, -1, 1, - NDPI_PROTOCOL_UNSAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION); + NDPI_PROTOCOL_UNSAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION); return 1; } @@ -250,8 +251,7 @@ static u_int8_t ndpi_int_search_bittorrent_tcp_zero(struct ndpi_detection_module ptr++; } - NDPI_LOG(NDPI_PROTOCOL_BITTORRENT, ndpi_struct, - NDPI_LOG_TRACE, " BT stat: tracker info hash found\n"); + NDPI_LOG_DBG2(ndpi_struct, " BT stat: tracker info hash found\n"); /* len is > 50, so save operation here */ len -= 10; @@ -300,10 +300,9 @@ static u_int8_t ndpi_int_search_bittorrent_tcp_zero(struct ndpi_detection_module } } - NDPI_LOG(NDPI_PROTOCOL_BITTORRENT, ndpi_struct, - NDPI_LOG_TRACE, " BT stat: tracker info hash parsed\n"); + NDPI_LOG_INFO(ndpi_struct, "found BT: tracker info hash parsed\n"); ndpi_add_connection_as_bittorrent(ndpi_struct, flow, -1, 1, - NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION); + NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION); return 1; } @@ -329,10 +328,9 @@ static u_int8_t ndpi_int_search_bittorrent_tcp_zero(struct ndpi_detection_module /* did not see this pattern anywhere */ if((memcmp(&packet->payload[0], pattern_20_bytes, 20) == 0) && (memcmp(&packet->payload[52], pattern_12_bytes, 12) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_BITTORRENT, ndpi_struct, - NDPI_LOG_TRACE, "BT: Warez - Plain BitTorrent protocol detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found BT: Warez - Plain\n"); ndpi_add_connection_as_bittorrent(ndpi_struct, flow, -1, 1, - NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION); + NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION); return 1; } } @@ -344,11 +342,9 @@ static u_int8_t ndpi_int_search_bittorrent_tcp_zero(struct ndpi_detection_module /* haven't fount this pattern anywhere */ if(packet->host_line.ptr != NULL && packet->host_line.len >= 9 && memcmp(packet->host_line.ptr, "ip2p.com:", 9) == 0) { - NDPI_LOG(NDPI_PROTOCOL_BITTORRENT, - ndpi_struct, NDPI_LOG_TRACE, - "BT: Warez - Plain BitTorrent protocol detected due to Host: ip2p.com: pattern\n"); + NDPI_LOG_INFO(ndpi_struct, "found BT: Warez - Plain Host: ip2p.com: pattern\n"); ndpi_add_connection_as_bittorrent(ndpi_struct, flow, -1, 1, - NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_WEBSEED_DETECTION); + NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_WEBSEED_DETECTION); return 1; } } @@ -370,13 +366,11 @@ static void ndpi_int_search_bittorrent_tcp(struct ndpi_detection_module_struct * /* exclude stage 0 detection from next run */ flow->bittorrent_stage = 1; if(ndpi_int_search_bittorrent_tcp_zero(ndpi_struct, flow) != 0) { - NDPI_LOG(NDPI_PROTOCOL_BITTORRENT, ndpi_struct, NDPI_LOG_DEBUG, - "stage 0 has detected something, returning\n"); + NDPI_LOG_DBG2(ndpi_struct, "stage 0 has detected something, returning\n"); return; } - NDPI_LOG(NDPI_PROTOCOL_BITTORRENT, ndpi_struct, NDPI_LOG_DEBUG, - "stage 0 has no direct detection, fall through\n"); + NDPI_LOG_DBG2(ndpi_struct, "stage 0 has no direct detection, fall through\n"); } return; } @@ -392,7 +386,7 @@ void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, st || (packet->udp && ((ntohs(packet->udp->source) == 3544) /* teredo.c */ || (ntohs(packet->udp->dest) == 3544))))) { - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_BITTORRENT); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } @@ -481,18 +475,16 @@ void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, st if(bt_proto && (packet->payload_packet_len > 47)) memcpy(flow->protos.bittorrent.hash, &bt_proto[27], 20); - NDPI_LOG(NDPI_PROTOCOL_BITTORRENT, - ndpi_struct, NDPI_LOG_TRACE, "BT: plain BitTorrent protocol detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found BT: plain\n"); ndpi_add_connection_as_bittorrent(ndpi_struct, flow, -1, 0, - NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION); + NDPI_PROTOCOL_SAFE_DETECTION, NDPI_PROTOCOL_PLAIN_DETECTION); return; } } return; } - - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_BITTORRENT); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } } diff --git a/src/lib/protocols/bjnp.c b/src/lib/protocols/bjnp.c index 28ddede05..f9f690308 100644 --- a/src/lib/protocols/bjnp.c +++ b/src/lib/protocols/bjnp.c @@ -1,7 +1,10 @@ -#include "ndpi_api.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_BJNP +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_BJNP + +#include "ndpi_api.h" static void ndpi_int_bjnp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, @@ -23,22 +26,21 @@ static void ndpi_check_bjnp(struct ndpi_detection_module_struct *ndpi_struct, st || (memcmp((const char *)packet->payload, "BJNB", 4) == 0) || (memcmp((const char *)packet->payload, "MFNP", 4) == 0) ) { - NDPI_LOG(NDPI_PROTOCOL_BJNP, ndpi_struct, NDPI_LOG_DEBUG, "Found bjnp.\n"); + NDPI_LOG_INFO(ndpi_struct, "found bjnp\n"); ndpi_int_bjnp_add_connection(ndpi_struct, flow, 0); return; } } } - NDPI_LOG(NDPI_PROTOCOL_BJNP, ndpi_struct, NDPI_LOG_DEBUG, "exclude bjnp.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_BJNP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } void ndpi_search_bjnp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_BJNP, ndpi_struct, NDPI_LOG_DEBUG, "bjnp detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search bjnp\n"); /* skip marked packets */ if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_BJNP) { diff --git a/src/lib/protocols/btlib.c b/src/lib/protocols/btlib.c index 4d44198d1..66d9654bc 100644 --- a/src/lib/protocols/btlib.c +++ b/src/lib/protocols/btlib.c @@ -181,8 +181,8 @@ static void _print_safe_str(char *msg,char *k,const u_int8_t *s,size_t l) { static void print_safe_str(char *msg,bt_parse_data_cb_t *cbd) { _print_safe_str(msg,cbd->buf,cbd->v.s.s,cbd->v.s.l); } - #define DEBUG_TRACE(cmd) { if(bt_parse_debug) cmd; } + #define STREQ(a,b) !strcmp(a,b) diff --git a/src/lib/protocols/ciscovpn.c b/src/lib/protocols/ciscovpn.c index 6c2fc1829..e04fba936 100644 --- a/src/lib/protocols/ciscovpn.c +++ b/src/lib/protocols/ciscovpn.c @@ -4,10 +4,15 @@ * */ +#include "ndpi_protocol_ids.h" -#include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_CISCOVPN +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_CISCOVPN + +#include "ndpi_api.h" + + static void ndpi_int_ciscovpn_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CISCOVPN, NDPI_PROTOCOL_UNKNOWN); @@ -20,15 +25,15 @@ void ndpi_search_ciscovpn(struct ndpi_detection_module_struct *ndpi_struct, stru u_int16_t tdport = 0, tsport = 0; - NDPI_LOG(NDPI_PROTOCOL_CISCOVPN, ndpi_struct, NDPI_LOG_DEBUG, "search CISCOVPN.\n"); + NDPI_LOG_DBG(ndpi_struct, "search CISCOVPN\n"); if(packet->tcp != NULL) { tsport = ntohs(packet->tcp->source), tdport = ntohs(packet->tcp->dest); - NDPI_LOG(NDPI_PROTOCOL_CISCOVPN, ndpi_struct, NDPI_LOG_DEBUG, "calculated CISCOVPN over tcp ports.\n"); + NDPI_LOG_DBG2(ndpi_struct, "calculated CISCOVPN over tcp ports\n"); } if(packet->udp != NULL) { usport = ntohs(packet->udp->source), udport = ntohs(packet->udp->dest); - NDPI_LOG(NDPI_PROTOCOL_CISCOVPN, ndpi_struct, NDPI_LOG_DEBUG, "calculated CISCOVPN over udp ports.\n"); + NDPI_LOG_DBG2(ndpi_struct, "calculated CISCOVPN over udp ports\n"); } if((tdport == 10000 && tsport == 10000) || @@ -42,8 +47,9 @@ void ndpi_search_ciscovpn(struct ndpi_detection_module_struct *ndpi_struct, stru { /* This is a good query 17010000*/ - NDPI_LOG(NDPI_PROTOCOL_CISCOVPN, ndpi_struct, NDPI_LOG_DEBUG, "found CISCOVPN.\n"); + NDPI_LOG_INFO(ndpi_struct, "found CISCOVPN\n"); ndpi_int_ciscovpn_add_connection(ndpi_struct, flow); + return; } else if( ( @@ -59,11 +65,10 @@ void ndpi_search_ciscovpn(struct ndpi_detection_module_struct *ndpi_struct, stru /* This is a good query fe577e2b */ - NDPI_LOG(NDPI_PROTOCOL_CISCOVPN, ndpi_struct, NDPI_LOG_DEBUG, "found CISCOVPN.\n"); + NDPI_LOG_INFO(ndpi_struct, "found CISCOVPN\n"); ndpi_int_ciscovpn_add_connection(ndpi_struct, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_CISCOVPN, ndpi_struct, NDPI_LOG_DEBUG, "exclude CISCOVPN.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_CISCOVPN); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } diff --git a/src/lib/protocols/citrix.c b/src/lib/protocols/citrix.c index 92607579c..7d6406bff 100644 --- a/src/lib/protocols/citrix.c +++ b/src/lib/protocols/citrix.c @@ -21,10 +21,14 @@ * */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_CITRIX + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_CITRIX #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_CITRIX /* ************************************ */ @@ -45,26 +49,25 @@ static void ndpi_check_citrix(struct ndpi_detection_module_struct *ndpi_struct, char citrix_header[] = { 0x07, 0x07, 0x49, 0x43, 0x41, 0x00 }; if(memcmp(packet->payload, citrix_header, sizeof(citrix_header)) == 0) { - NDPI_LOG(NDPI_PROTOCOL_CITRIX, ndpi_struct, NDPI_LOG_DEBUG, "Found citrix.\n"); + NDPI_LOG_INFO(ndpi_struct, "found citrix\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CITRIX, NDPI_PROTOCOL_UNKNOWN); } - return; } else if(payload_len > 4) { char citrix_header[] = { 0x1a, 0x43, 0x47, 0x50, 0x2f, 0x30, 0x31 }; if((memcmp(packet->payload, citrix_header, sizeof(citrix_header)) == 0) || (ndpi_strnstr((const char *)packet->payload, "Citrix.TcpProxyService", payload_len) != NULL)) { - NDPI_LOG(NDPI_PROTOCOL_CITRIX, ndpi_struct, NDPI_LOG_DEBUG, "Found citrix.\n"); + NDPI_LOG_INFO(ndpi_struct, "found citrix\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CITRIX, NDPI_PROTOCOL_UNKNOWN); } - return; } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_CITRIX); - } else if(flow->l4.tcp.citrix_packet_id > 3) - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_CITRIX); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + } else if(flow->l4.tcp.citrix_packet_id > 3) { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + } return; } @@ -74,7 +77,7 @@ void ndpi_search_citrix(struct ndpi_detection_module_struct *ndpi_struct, struct { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_CITRIX, ndpi_struct, NDPI_LOG_DEBUG, "citrix detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search citrix\n"); /* skip marked packets */ if(packet->detected_protocol_stack[0] != NDPI_PROTOCOL_CITRIX) diff --git a/src/lib/protocols/coap.c b/src/lib/protocols/coap.c index 252ffc9c4..288d15f23 100644 --- a/src/lib/protocols/coap.c +++ b/src/lib/protocols/coap.c @@ -21,10 +21,15 @@ * */ +#include "ndpi_protocol_ids.h" -#include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_COAP +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_COAP + +#include "ndpi_api.h" + + #define CON 0 #define NO_CON 1 #define ACK 2 @@ -116,14 +121,12 @@ void ndpi_search_coap (struct ndpi_detection_module_struct *ndpi_struct, u_int16_t d_port = ntohs(flow->packet.udp->dest); if((!isCoAPport(s_port) && !isCoAPport(d_port)) - || (packet->payload_packet_len < 4) // header too short - ) { - NDPI_LOG(NDPI_PROTOCOL_COAP, ndpi_struct, NDPI_LOG_DEBUG, "excluding Coap\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_COAP); + || (packet->payload_packet_len < 4) ) { // header too short + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } - NDPI_LOG(NDPI_PROTOCOL_COAP, ndpi_struct, NDPI_LOG_DEBUG, "calculating coap over udp.\n"); + NDPI_LOG_DBG2(ndpi_struct, "calculating coap over udp\n"); // check values in header if(h->version == 1) { @@ -133,7 +136,7 @@ void ndpi_search_coap (struct ndpi_detection_module_struct *ndpi_struct, (h->code >= 128 && h->code <= 134) || (h->code >= 140 && h->code <= 143) || (h->code >= 160 && h->code <= 165)) { - NDPI_LOG(NDPI_PROTOCOL_COAP, ndpi_struct, NDPI_LOG_DEBUG, "Coap found...\n"); + NDPI_LOG_INFO(ndpi_struct, "found Coap\n"); ndpi_int_coap_add_connection(ndpi_struct,flow); return; } @@ -142,8 +145,7 @@ void ndpi_search_coap (struct ndpi_detection_module_struct *ndpi_struct, } } - NDPI_LOG(NDPI_PROTOCOL_COAP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Coap ...\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_COAP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } diff --git a/src/lib/protocols/collectd.c b/src/lib/protocols/collectd.c index 7e6227980..2d4a06bb3 100644 --- a/src/lib/protocols/collectd.c +++ b/src/lib/protocols/collectd.c @@ -19,16 +19,21 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_COLLECTD +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_COLLECTD + +#include "ndpi_api.h" + + void ndpi_search_collectd(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; u_int len = 0; - NDPI_LOG(NDPI_PROTOCOL_COLLECTD, ndpi_struct, NDPI_LOG_DEBUG, "search collectd.\n"); + NDPI_LOG_DBG(ndpi_struct, "search collectd\n"); if (packet->udp == NULL) return; @@ -43,11 +48,10 @@ void ndpi_search_collectd(struct ndpi_detection_module_struct *ndpi_struct, stru } if(len == packet->payload_packet_len) { - NDPI_LOG(NDPI_PROTOCOL_COLLECTD, ndpi_struct, NDPI_LOG_DEBUG, "found COLLECTD.\n"); + NDPI_LOG_INFO(ndpi_struct, "found COLLECTD\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_COLLECTD, NDPI_PROTOCOL_UNKNOWN); } else { - NDPI_LOG(NDPI_PROTOCOL_COLLECTD, ndpi_struct, NDPI_LOG_DEBUG, "exclude COLLECTD.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_COLLECTD); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } diff --git a/src/lib/protocols/corba.c b/src/lib/protocols/corba.c index c16accc59..94e9f324a 100644 --- a/src/lib/protocols/corba.c +++ b/src/lib/protocols/corba.c @@ -18,10 +18,14 @@ * */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_CORBA + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_CORBA #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_CORBA static void ndpi_int_corba_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -31,18 +35,17 @@ void ndpi_search_corba(struct ndpi_detection_module_struct *ndpi_struct, struct { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_CORBA, ndpi_struct, NDPI_LOG_DEBUG, "search for CORBA.\n"); + NDPI_LOG_DBG(ndpi_struct, "search for CORBA\n"); if(packet->tcp != NULL) { - NDPI_LOG(NDPI_PROTOCOL_CORBA, ndpi_struct, NDPI_LOG_DEBUG, "calculating CORBA over tcp.\n"); + NDPI_LOG_DBG2(ndpi_struct, "calculating CORBA over tcp\n"); /* Corba General Inter-ORB Protocol -> GIOP */ if ((packet->payload_packet_len >= 24 && packet->payload_packet_len <= 144) && memcmp(packet->payload, "GIOP", 4) == 0) { - NDPI_LOG(NDPI_PROTOCOL_CORBA, ndpi_struct, NDPI_LOG_DEBUG, "found corba.\n"); + NDPI_LOG_INFO(ndpi_struct, "found corba\n"); ndpi_int_corba_add_connection(ndpi_struct, flow); } } else { - NDPI_LOG(NDPI_PROTOCOL_CORBA, ndpi_struct, NDPI_LOG_DEBUG, "exclude CORBA.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_CORBA); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } diff --git a/src/lib/protocols/crossfire.c b/src/lib/protocols/crossfire.c index 5dfddf5c3..ea1dce66a 100644 --- a/src/lib/protocols/crossfire.c +++ b/src/lib/protocols/crossfire.c @@ -21,11 +21,14 @@ * */ +#include "ndpi_protocol_ids.h" -/* include files */ -#include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_CROSSFIRE +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_CROSSFIRE + +#include "ndpi_api.h" + static void ndpi_int_crossfire_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow/* , ndpi_protocol_type_t protocol_type */) @@ -37,21 +40,17 @@ static void ndpi_int_crossfire_add_connection(struct ndpi_detection_module_struc void ndpi_search_crossfire_tcp_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - -// struct ndpi_id_struct *src=ndpi_struct->src; -// struct ndpi_id_struct *dst=ndpi_struct->dst; - - NDPI_LOG(NDPI_PROTOCOL_CROSSFIRE, ndpi_struct, NDPI_LOG_DEBUG, "search crossfire.\n"); + NDPI_LOG_DBG(ndpi_struct, "search crossfire\n"); if (packet->udp != 0) { - if (packet->payload_packet_len == 25 && get_u_int32_t(packet->payload, 0) == ntohl(0xc7d91999) + if (packet->payload_packet_len == 25 + && get_u_int32_t(packet->payload, 0) == ntohl(0xc7d91999) && get_u_int16_t(packet->payload, 4) == ntohs(0x0200) - && get_u_int16_t(packet->payload, 22) == ntohs(0x7d00) - ) { - NDPI_LOG(NDPI_PROTOCOL_CROSSFIRE, ndpi_struct, NDPI_LOG_DEBUG, "Crossfire: found udp packet.\n"); - ndpi_int_crossfire_add_connection(ndpi_struct, flow); - return; + && get_u_int16_t(packet->payload, 22) == ntohs(0x7d00)) { + NDPI_LOG_INFO(ndpi_struct, "found Crossfire: udp packet\n"); + ndpi_int_crossfire_add_connection(ndpi_struct, flow); + return; } } else if (packet->tcp != 0) { @@ -67,16 +66,15 @@ void ndpi_search_crossfire_tcp_udp(struct ndpi_detection_module_struct *ndpi_str && (memcmp(packet->host_line.ptr, "crossfire", 9) == 0 || memcmp(packet->host_line.ptr, "www.crossfire", 13) == 0)) ) { - NDPI_LOG(NDPI_PROTOCOL_CROSSFIRE, ndpi_struct, NDPI_LOG_DEBUG, "Crossfire: found HTTP request.\n"); - ndpi_int_crossfire_add_connection(ndpi_struct, flow); - return; + NDPI_LOG_DBG(ndpi_struct, "found Crossfire: HTTP request\n"); + ndpi_int_crossfire_add_connection(ndpi_struct, flow); + return; } } } - NDPI_LOG(NDPI_PROTOCOL_CROSSFIRE, ndpi_struct, NDPI_LOG_DEBUG, "exclude crossfire.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_CROSSFIRE); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/csgo.c b/src/lib/protocols/csgo.c index 14073aef7..3bf0b4fe9 100644 --- a/src/lib/protocols/csgo.c +++ b/src/lib/protocols/csgo.c @@ -20,49 +20,51 @@ * along with nDPI. If not, see . * */ +#include "ndpi_protocol_ids.h" +#ifdef NDPI_PROTOCOL_CSGO -#include "ndpi_api.h" +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_CSGO -#ifdef NDPI_PROTOCOL_CSGO +#include "ndpi_api.h" void ndpi_search_csgo(struct ndpi_detection_module_struct* ndpi_struct, struct ndpi_flow_struct* flow) { struct ndpi_packet_struct* packet = &flow->packet; if (packet->udp != NULL) { uint32_t w = htonl(get_u_int32_t(packet->payload, 0)); - NDPI_LOG(NDPI_PROTOCOL_CSGO, ndpi_struct, NDPI_LOG_DEBUG, "CSGO: word %08x\n", w); + NDPI_LOG_DBG2(ndpi_struct, "CSGO: word %08x\n", w); if (!flow->csgo_state && packet->payload_packet_len == 23 && w == 0xfffffffful) { if (!memcmp(packet->payload + 5, "connect0x", 9)) { - NDPI_LOG(NDPI_PROTOCOL_CSGO, ndpi_struct, NDPI_LOG_DEBUG, "Found csgo connect0x.\n"); flow->csgo_state++; memcpy(flow->csgo_strid, packet->payload + 5, 18); + NDPI_LOG_DBG2(ndpi_struct, "Found csgo connect0x\n"); return; } } if (flow->csgo_state == 1 && packet->payload_packet_len >= 42 && w == 0xfffffffful) { if (!memcmp(packet->payload + 24, flow->csgo_strid, 18)) { - NDPI_LOG(NDPI_PROTOCOL_CSGO, ndpi_struct, NDPI_LOG_DEBUG, "Found csgo connect0x reply.\n"); flow->csgo_state++; ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO( ndpi_struct, "found csgo connect0x reply\n"); return; } } if (packet->payload_packet_len == 8 && ( w == 0x3a180000 || w == 0x39180000) ) { - NDPI_LOG(NDPI_PROTOCOL_CSGO, ndpi_struct, NDPI_LOG_DEBUG, "Found csgo udp 8b.\n"); + NDPI_LOG_INFO( ndpi_struct, "found csgo udp 8b\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN); return; } if (packet->payload_packet_len >= 36 && w == 0x56533031ul) { - NDPI_LOG(NDPI_PROTOCOL_CSGO, ndpi_struct, NDPI_LOG_DEBUG, "Found csgo udp.\n"); + NDPI_LOG_INFO( ndpi_struct, "found csgo udp\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN); return; } if (packet->payload_packet_len >= 36 && w == 0x01007364) { uint32_t w2 = htonl(get_u_int32_t(packet->payload, 4)); if (w2 == 0x70696e67) { - NDPI_LOG(NDPI_PROTOCOL_CSGO, ndpi_struct, NDPI_LOG_DEBUG, "Found csgo udp ping.\n"); + NDPI_LOG_INFO( ndpi_struct, "found csgo udp ping\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN); return; } @@ -73,11 +75,11 @@ void ndpi_search_csgo(struct ndpi_detection_module_struct* ndpi_struct, struct n if (!flow->csgo_s2) { flow->csgo_id2 = w2; flow->csgo_s2 = 1; - NDPI_LOG(NDPI_PROTOCOL_CSGO, ndpi_struct, NDPI_LOG_DEBUG, "Found csgo udp 0d1d step1.\n"); + NDPI_LOG_DBG2( ndpi_struct, "Found csgo udp 0d1d step1\n"); return; } if (flow->csgo_s2 == 1 && flow->csgo_id2 == w2) { - NDPI_LOG(NDPI_PROTOCOL_CSGO, ndpi_struct, NDPI_LOG_DEBUG, "Found csgo udp 0d1d step1 DUP.\n"); + NDPI_LOG_DBG2( ndpi_struct, "Found csgo udp 0d1d step1 DUP\n"); return; } flow->csgo_s2 = 3; @@ -85,7 +87,7 @@ void ndpi_search_csgo(struct ndpi_detection_module_struct* ndpi_struct, struct n } if (packet->payload_packet_len == 15) { if (flow->csgo_s2 == 1 && flow->csgo_id2 == w2) { - NDPI_LOG(NDPI_PROTOCOL_CSGO, ndpi_struct, NDPI_LOG_DEBUG, "Found csgo udp 0d1d.\n"); + NDPI_LOG_INFO( ndpi_struct, "found csgo udp 0d1d\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN); return; } @@ -94,23 +96,23 @@ void ndpi_search_csgo(struct ndpi_detection_module_struct* ndpi_struct, struct n } if (packet->payload_packet_len >= 140 && (w == 0x02124c6c || w == 0x02125c6c) && !memcmp(&packet->payload[3], "lta\000mob\000tpc\000bhj\000bxd\000tae\000urg\000gkh\000", 32)) { - NDPI_LOG(NDPI_PROTOCOL_CSGO, ndpi_struct, NDPI_LOG_DEBUG, "Found csgo dictionary udp.\n"); + NDPI_LOG_INFO( ndpi_struct, "found csgo dictionary udp\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN); return; } if (packet->payload_packet_len >= 33 && packet->iph && packet->iph->daddr == 0xffffffff && !memcmp(&packet->payload[17], "LanSearch", 9)) { - NDPI_LOG(NDPI_PROTOCOL_CSGO, ndpi_struct, NDPI_LOG_DEBUG, "Found csgo LanSearch udp.\n"); + NDPI_LOG_INFO( ndpi_struct, "found csgo LanSearch udp\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CSGO, NDPI_PROTOCOL_UNKNOWN); return; } } if (flow->packet_counter > 20) - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_CSGO); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } -void init_csgo_dissector(struct ndpi_detection_module_struct *ndpi_struct, - u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { +void init_csgo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +{ ndpi_set_bitmask_protocol_detection("CSGO", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_CSGO, ndpi_search_csgo, diff --git a/src/lib/protocols/dcerpc.c b/src/lib/protocols/dcerpc.c index 7be8ac027..3aef077cd 100644 --- a/src/lib/protocols/dcerpc.c +++ b/src/lib/protocols/dcerpc.c @@ -21,10 +21,14 @@ * */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_DCERPC + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DCERPC #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_DCERPC static void ndpi_int_dcerpc_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -36,20 +40,21 @@ void ndpi_search_dcerpc(struct ndpi_detection_module_struct *ndpi_struct, struct { struct ndpi_packet_struct *packet = &flow->packet; + NDPI_LOG_DBG(ndpi_struct, "search DCERPC\n"); + if((packet->tcp != NULL) && (packet->payload_packet_len >= 64) && (packet->payload[0] == 0x05) /* version 5 */ && (packet->payload[2] < 16) /* Packet type */ && (((packet->payload[9]<<8) | packet->payload[8]) == packet->payload_packet_len) /* Packet Length */ ) { - NDPI_LOG(NDPI_PROTOCOL_DCERPC, ndpi_struct, NDPI_LOG_DEBUG, "DCERPC match\n"); + NDPI_LOG_INFO(ndpi_struct, "found DCERPC\n"); ndpi_int_dcerpc_add_connection(ndpi_struct, flow); return; } - if(packet->payload_packet_len>1){ - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_DCERPC); - } + if(packet->payload_packet_len>1) + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/dhcp.c b/src/lib/protocols/dhcp.c index cdf33947e..004d42379 100644 --- a/src/lib/protocols/dhcp.c +++ b/src/lib/protocols/dhcp.c @@ -18,11 +18,14 @@ * */ - -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_DHCP +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DHCP + +#include "ndpi_api.h" + /* freeradius/src/lib/dhcp.c */ #define DHCP_CHADDR_LEN 16 #define DHCP_SNAME_LEN 64 @@ -61,8 +64,7 @@ void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct, stru { struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; + NDPI_LOG_DBG(ndpi_struct, "search DHCP\n"); /* this detection also works for asymmetric dhcp traffic */ @@ -87,7 +89,7 @@ void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct, stru if(len == 0) break; #ifdef DHCP_DEBUG - printf("[DHCP] Id=%d [len=%d]\n", id, len); + NDPI_LOG_DBG2(ndpi_struct, "[DHCP] Id=%d [len=%d]\n", id, len); #endif if(id == 53 /* DHCP Message Type */) { @@ -95,8 +97,7 @@ void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct, stru if(msg_type <= 8) foundValidMsgType = 1; } else if(id == 55 /* Parameter Request List / Fingerprint */) { - u_int idx, offset = 0, - hex_len = ndpi_min(len * 2, sizeof(flow->protos.dhcp.fingerprint)); + u_int idx, offset = 0; for(idx=0; idxprotos.dhcp.fingerprint[offset], @@ -109,9 +110,8 @@ void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct, stru int j = 0; #ifdef DHCP_DEBUG - printf("[DHCP] "); - while(j < len) { printf("%c", name[j]); j++; } - printf("\n"); + NDPI_LOG_DBG2(ndpi_struct, "[DHCP] '%.*s'\n",name,len); +// while(j < len) { printf( "%c", name[j]); j++; }; printf("\n"); #endif j = ndpi_min(len, sizeof(flow->host_server_name)-1); strncpy((char*)flow->host_server_name, name, j); @@ -125,14 +125,14 @@ void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct, stru //get_u_int16_t(packet->payload, 240) == htons(0x3501)) { if(foundValidMsgType) { - NDPI_LOG(NDPI_PROTOCOL_DHCP, ndpi_struct, NDPI_LOG_DEBUG, "DHCP found\n"); + NDPI_LOG_INFO(ndpi_struct, "found DHCP\n"); ndpi_int_dhcp_add_connection(ndpi_struct, flow); } return; } } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_DHCP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/dhcpv6.c b/src/lib/protocols/dhcpv6.c index 31d912b39..98ed08cda 100644 --- a/src/lib/protocols/dhcpv6.c +++ b/src/lib/protocols/dhcpv6.c @@ -22,12 +22,14 @@ * */ +#include "ndpi_protocol_ids.h" +#ifdef NDPI_PROTOCOL_DHCPV6 -/* include files */ +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DHCPV6 + +#include "ndpi_api.h" -#include "ndpi_protocols.h" -#ifdef NDPI_PROTOCOL_DHCPV6 static void ndpi_int_dhcpv6_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -40,21 +42,19 @@ void ndpi_search_dhcpv6_udp(struct ndpi_detection_module_struct *ndpi_struct, st { struct ndpi_packet_struct *packet = &flow->packet; -// struct ndpi_id_struct *src=ndpi_struct->src; -// struct ndpi_id_struct *dst=ndpi_struct->dst; + NDPI_LOG_DBG(ndpi_struct, "search DHCPv6\n"); if (packet->payload_packet_len >= 4 && (packet->udp->source == htons(546) || packet->udp->source == htons(547)) && (packet->udp->dest == htons(546) || packet->udp->dest == htons(547)) && packet->payload[0] >= 1 && packet->payload[0] <= 13) { - NDPI_LOG(NDPI_PROTOCOL_DHCPV6, ndpi_struct, NDPI_LOG_DEBUG, "DHCPv6 detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found DHCPv6\n"); ndpi_int_dhcpv6_add_connection(ndpi_struct, flow); return; } - NDPI_LOG(NDPI_PROTOCOL_DHCPV6, ndpi_struct, NDPI_LOG_DEBUG, "DHCPv6 excluded.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_DHCPV6); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/directconnect.c b/src/lib/protocols/directconnect.c index e712df626..725e53348 100644 --- a/src/lib/protocols/directconnect.c +++ b/src/lib/protocols/directconnect.c @@ -23,9 +23,15 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" + #ifdef NDPI_PROTOCOL_DIRECTCONNECT +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DIRECTCONNECT + +#include "ndpi_api.h" + + //#define NDPI_DEBUG_DIRECTCONNECT //#define NDPI_DIRECTCONNECT_PORT_DEBUG //#define NDPI_DEBUG_DIRECTCONNECT_CONN @@ -58,9 +64,7 @@ static u_int16_t parse_binf_message(struct ndpi_detection_module_struct if (memcmp(&payload[i], "DCTM", 4) == 0) { if (memcmp(&payload[i + 15], "ADCS", 4) == 0) { ssl_port = ntohs_ndpi_bytestream_to_number(&payload[i + 25], 5, &bytes_read); - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "directconnect ssl port parsed %d", ssl_port); - + NDPI_LOG_DBG2(ndpi_struct, "DC ssl port parsed %d\n", ssl_port); } } } else { @@ -89,13 +93,11 @@ static void ndpi_int_directconnect_add_connection(struct ndpi_detection_module_s if (packet->tcp != NULL && flow->setup_packet_direction != packet->packet_direction && src->detected_directconnect_port == 0) { src->detected_directconnect_port = packet->tcp->source; - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "directconnect tcp PORT %u for src\n", ntohs(src->detected_directconnect_port)); + NDPI_LOG_DBG2(ndpi_struct, "DC tcp PORT %u for src\n", ntohs(src->detected_directconnect_port)); } if (packet->udp != NULL && src->detected_directconnect_udp_port == 0) { src->detected_directconnect_udp_port = packet->udp->source; - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "directconnect udp PORT %u for src\n", ntohs(src->detected_directconnect_port)); + NDPI_LOG_DBG2(ndpi_struct, "DC udp PORT %u for src\n", ntohs(src->detected_directconnect_port)); } } @@ -113,9 +115,9 @@ static void ndpi_int_directconnect_add_connection(struct ndpi_detection_module_s /* dst->detected_directconnect_port = packet->tcp->dest; - NDPI_LOG (NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "directconnect tcp PORT %u for dst\n", - ntohs (dst->detected_directconnect_port)); + NDPI_LOG_DBG2(ndpi_struct, + "DC tcp PORT %u for dst\n", + ntohs (dst->detected_directconnect_port)); */ } } @@ -148,14 +150,12 @@ static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *n if (dst != NULL) { dst->detected_directconnect_ssl_port = ntohs_ndpi_bytestream_to_number(&packet->payload[25], 5, &bytes_read); - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "directconnect ssl port parsed %d", ntohs(dst->detected_directconnect_ssl_port)); + NDPI_LOG_DBG2(ndpi_struct, "DC ssl port parsed %d\n", ntohs(dst->detected_directconnect_ssl_port)); } if (src != NULL) { src->detected_directconnect_ssl_port = ntohs_ndpi_bytestream_to_number(&packet->payload[25], 5, &bytes_read); - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "directconnect ssl port parsed %d", ntohs(src->detected_directconnect_ssl_port)); + NDPI_LOG_DBG2(ndpi_struct, "DC ssl port parsed %d\n", ntohs(src->detected_directconnect_ssl_port)); } @@ -168,15 +168,13 @@ static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *n if ((u_int32_t) (packet->tick_timestamp - src->directconnect_last_safe_access_time) < ndpi_struct->directconnect_connection_ip_tick_timeout) { - ndpi_int_change_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN); src->directconnect_last_safe_access_time = packet->tick_timestamp; - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "marking using dc port\n %d", ntohs(src->detected_directconnect_port)); + NDPI_LOG_INFO(ndpi_struct, "found DC using port %d\n", ntohs(src->detected_directconnect_port)); + ndpi_int_change_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN); return; } else { src->detected_directconnect_port = 0; - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "resetting src port due to timeout"); + NDPI_LOG_DBG2(ndpi_struct, "resetting src port due to timeout\n"); return; } } @@ -184,15 +182,13 @@ static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *n if ((u_int32_t) (packet->tick_timestamp - src->directconnect_last_safe_access_time) < ndpi_struct->directconnect_connection_ip_tick_timeout) { - ndpi_int_change_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN); src->directconnect_last_safe_access_time = packet->tick_timestamp; - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "marking using dc port\n %d", ntohs(src->detected_directconnect_ssl_port)); + NDPI_LOG_INFO(ndpi_struct, "found DC using port %d\n", ntohs(src->detected_directconnect_ssl_port)); + ndpi_int_change_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN); return; } else { src->detected_directconnect_ssl_port = 0; - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "resetting src port due to timeout"); + NDPI_LOG_DBG2(ndpi_struct, "resetting src port due to timeout\n"); return; } } @@ -204,15 +200,13 @@ static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *n if ((u_int32_t) (packet->tick_timestamp - dst->directconnect_last_safe_access_time) < ndpi_struct->directconnect_connection_ip_tick_timeout) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN); dst->directconnect_last_safe_access_time = packet->tick_timestamp; - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "marking using dc port\n %d", ntohs(dst->detected_directconnect_port)); + NDPI_LOG_INFO(ndpi_struct, "found DC using port %d\n", ntohs(dst->detected_directconnect_port)); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN); return; } else { dst->detected_directconnect_port = 0; - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "resetting dst port due to timeout"); + NDPI_LOG_DBG(ndpi_struct, "resetting dst port due to timeout\n"); return; } } @@ -220,16 +214,13 @@ static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *n if ((u_int32_t) (packet->tick_timestamp - dst->directconnect_last_safe_access_time) < ndpi_struct->directconnect_connection_ip_tick_timeout) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN); dst->directconnect_last_safe_access_time = packet->tick_timestamp; - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "marking using dc port\n %d", ntohs(dst->detected_directconnect_ssl_port)); - + NDPI_LOG_DBG(ndpi_struct, "found DC using port %d\n", ntohs(dst->detected_directconnect_ssl_port)); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN); return; } else { dst->detected_directconnect_ssl_port = 0; - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "resetting dst port due to timeout"); + NDPI_LOG_DBG2(ndpi_struct, "resetting dst port due to timeout\n"); return; } } @@ -242,8 +233,7 @@ static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *n if (packet->payload[0] == '$' && packet->payload[packet->payload_packet_len - 1] == '|' && (memcmp(&packet->payload[1], "Lock ", 5) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "maybe first dc connect to hub detected\n"); + NDPI_LOG_DBG2(ndpi_struct, "maybe first dc connect to hub detected\n"); flow->directconnect_stage = 1; return; } @@ -251,8 +241,7 @@ static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *n && packet->payload[0] == '$' && packet->payload[packet->payload_packet_len - 1] == '|' && (memcmp(&packet->payload[1], "MyNick ", 7) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "maybe first dc connect between peers detected\n"); + NDPI_LOG_DBG2(ndpi_struct, "maybe first dc connect between peers detected\n"); flow->directconnect_stage = 2; return; } @@ -262,15 +251,13 @@ static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *n /* did not see this pattern in any trace */ if (memcmp(&packet->payload[0], "HSUP ADBAS0", 11) == 0 || memcmp(&packet->payload[0], "HSUP ADBASE", 11) == 0) { - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "found directconnect HSUP ADBAS0 E\n"); + NDPI_LOG_INFO(ndpi_struct, "found DC HSUP ADBAS0 E\n"); ndpi_int_directconnect_add_connection(ndpi_struct, flow, DIRECT_CONNECT_TYPE_HUB); return; /* did not see this pattern in any trace */ } else if (memcmp(&packet->payload[0], "CSUP ADBAS0", 11) == 0 || memcmp(&packet->payload[0], "CSUP ADBASE", 11) == 0) { - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "found directconnect CSUP ADBAS0 E\n"); + NDPI_LOG_INFO(ndpi_struct, "found DC CSUP ADBAS0 E\n"); ndpi_int_directconnect_add_connection(ndpi_struct, flow, DIRECT_CONNECT_ADC_PEER); return; @@ -283,19 +270,14 @@ static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *n /* did not see this pattern in any trace */ if (memcmp(&packet->payload[0], "HSUP ADBAS0", 11) == 0 || memcmp(&packet->payload[0], "HSUP ADBASE", 11) == 0) { - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "found directconnect HSUP ADBAS E in second packet\n"); + NDPI_LOG_INFO(ndpi_struct, "found DC HSUP ADBAS E in second packet\n"); ndpi_int_directconnect_add_connection(ndpi_struct, flow, DIRECT_CONNECT_TYPE_HUB); - return; /* did not see this pattern in any trace */ } else if (memcmp(&packet->payload[0], "CSUP ADBAS0", 11) == 0 || memcmp(&packet->payload[0], "CSUP ADBASE", 11) == 0) { - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "found directconnect HSUP ADBAS0 E in second packet\n"); + NDPI_LOG_INFO(ndpi_struct, "found DC HSUP ADBAS0 E in second packet\n"); ndpi_int_directconnect_add_connection(ndpi_struct, flow, DIRECT_CONNECT_ADC_PEER); - - return; } @@ -304,12 +286,11 @@ static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *n if (packet->payload_packet_len > 6) { if ((packet->payload[0] == '$' || packet->payload[0] == '<') && packet->payload[packet->payload_packet_len - 1] == '|') { - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, NDPI_LOG_DEBUG, "second dc detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found DC second\n"); ndpi_int_directconnect_add_connection(ndpi_struct, flow, DIRECT_CONNECT_TYPE_HUB); - return; } else { - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, NDPI_LOG_DEBUG, "second dc not detected\n"); + NDPI_LOG_DBG2(ndpi_struct, "second dc not detected\n"); } } @@ -317,23 +298,17 @@ static void ndpi_search_directconnect_tcp(struct ndpi_detection_module_struct *n /* get client hello answer or server message */ if (packet->payload_packet_len > 6) { if (packet->payload[0] == '$' && packet->payload[packet->payload_packet_len - 1] == '|') { - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "second dc between peers detected\n"); - - + NDPI_LOG_INFO(ndpi_struct, "found DC between peers\n"); ndpi_int_directconnect_add_connection(ndpi_struct, flow, DIRECT_CONNECT_TYPE_PEER); - return; } else { - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "second dc between peers not detected\n"); + NDPI_LOG_DBG2(ndpi_struct, "second dc between peers not detected\n"); } } } - - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_DIRECTCONNECT); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } @@ -352,15 +327,13 @@ static void ndpi_search_directconnect_udp(struct ndpi_detection_module_struct (packet->tick_timestamp - dst->directconnect_last_safe_access_time) < ndpi_struct->directconnect_connection_ip_tick_timeout) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN); dst->directconnect_last_safe_access_time = packet->tick_timestamp; - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "marking using dc udp port\n %d", ntohs(dst->detected_directconnect_udp_port)); + NDPI_LOG_INFO(ndpi_struct, "found DC using udp port %d\n", ntohs(dst->detected_directconnect_udp_port)); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIRECTCONNECT, NDPI_PROTOCOL_UNKNOWN); return; } else { dst->detected_directconnect_udp_port = 0; - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "resetting dst udp port due to timeout"); + NDPI_LOG_DBG2(ndpi_struct, "resetting dst udp port due to timeout\n"); return; } } @@ -380,20 +353,15 @@ static void ndpi_search_directconnect_udp(struct ndpi_detection_module_struct if (packet->payload[pos] == '(') { pos = pos - 44; if (pos > 2 && memcmp(&packet->payload[pos], "TTH:", 4) == 0) { - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, NDPI_LOG_DEBUG, "dc udp detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found DC udp\n"); ndpi_int_directconnect_add_connection(ndpi_struct, flow, DIRECT_CONNECT_TYPE_PEER); return; } } } flow->directconnect_stage++; - - if (flow->directconnect_stage < 3) { - - + if (flow->directconnect_stage < 3) return; - } - } } @@ -411,7 +379,7 @@ static void ndpi_search_directconnect_udp(struct ndpi_detection_module_struct if (packet->payload[pos] == '(') { pos = pos - 44; if (pos > 2 && memcmp(&packet->payload[pos], "TTH:", 4) == 0) { - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, NDPI_LOG_DEBUG, "dc udp detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found DC udp\n"); ndpi_int_directconnect_add_connection(ndpi_struct, flow, DIRECT_CONNECT_TYPE_PEER); return; } @@ -420,15 +388,11 @@ static void ndpi_search_directconnect_udp(struct ndpi_detection_module_struct flow->directconnect_stage++; if (flow->directconnect_stage < 3) return; - } } } - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, NDPI_LOG_DEBUG, - "excluded at stage %d \n", flow->directconnect_stage); - - + NDPI_LOG_DBG(ndpi_struct, "excluded DC at stage %d \n", flow->directconnect_stage); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_DIRECTCONNECT); @@ -442,7 +406,7 @@ void ndpi_search_directconnect(struct ndpi_detection_module_struct struct ndpi_id_struct *src = flow->src; struct ndpi_id_struct *dst = flow->dst; - + NDPI_LOG_DBG(ndpi_struct, "search DC\n"); if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_DIRECTCONNECT) { if (src != NULL && ((u_int32_t) @@ -458,8 +422,7 @@ void ndpi_search_directconnect(struct ndpi_detection_module_struct dst->directconnect_last_safe_access_time = packet->tick_timestamp; } else { packet->detected_protocol_stack[0] = NDPI_PROTOCOL_UNKNOWN; - NDPI_LOG(NDPI_PROTOCOL_DIRECTCONNECT, ndpi_struct, - NDPI_LOG_DEBUG, "directconnect: skipping as unknown due to timeout\n"); + NDPI_LOG_DBG2(ndpi_struct, "skipping as unknown due to timeout\n"); } return; } diff --git a/src/lib/protocols/directdownloadlink.c b/src/lib/protocols/directdownloadlink.c index 24375c90f..0a4d528f2 100644 --- a/src/lib/protocols/directdownloadlink.c +++ b/src/lib/protocols/directdownloadlink.c @@ -23,9 +23,14 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" + #ifdef NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK + +#include "ndpi_api.h" + #ifdef NDPI_DEBUG_DIRECT_DOWNLOAD_LINK //#define NDPI_DEBUG_DIRECT_DOWNLOAD_LINK_NOTHING_FOUND @@ -52,15 +57,12 @@ static void ndpi_int_direct_download_link_add_connection(struct ndpi_detection_m u_int8_t search_ddl_domains(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; - u_int16_t filename_start = 0; u_int8_t i = 1; u_int16_t host_line_len_without_port; if (packet->payload_packet_len < 100) { - NDPI_LOG(NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK, ndpi_struct, NDPI_LOG_DEBUG, "DDL: Packet too small.\n"); + NDPI_LOG_DBG2(ndpi_struct, "DDL: Packet too small\n"); goto end_ddl_nothing_found; } @@ -68,10 +70,10 @@ u_int8_t search_ddl_domains(struct ndpi_detection_module_struct *ndpi_struct, st if (memcmp(packet->payload, "POST ", 5) == 0) { filename_start = 5; // POST - NDPI_LOG(NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK, ndpi_struct, NDPI_LOG_DEBUG, "DDL: POST FOUND\n"); + NDPI_LOG_DBG2(ndpi_struct, "DDL: POST FOUND\n"); } else if (memcmp(packet->payload, "GET ", 4) == 0) { filename_start = 4; // GET - NDPI_LOG(NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK, ndpi_struct, NDPI_LOG_DEBUG, "DDL: GET FOUND\n"); + NDPI_LOG_DBG2(ndpi_struct, "DDL: GET FOUND\n"); } else { goto end_ddl_nothing_found; } @@ -79,16 +81,15 @@ u_int8_t search_ddl_domains(struct ndpi_detection_module_struct *ndpi_struct, st ndpi_parse_packet_line_info(ndpi_struct, flow); if (packet->host_line.ptr == NULL) { - NDPI_LOG(NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK, ndpi_struct, NDPI_LOG_DEBUG, "DDL: NO HOST FOUND\n"); + NDPI_LOG_DBG2(ndpi_struct, "DDL: NO HOST FOUND\n"); goto end_ddl_nothing_found; } - NDPI_LOG(NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK, ndpi_struct, NDPI_LOG_DEBUG, "DDL: Host: found\n"); + NDPI_LOG_DBG2(ndpi_struct, "DDL: Host: found\n"); if (packet->line[0].len < 9 + filename_start || memcmp(&packet->line[0].ptr[packet->line[0].len - 9], " HTTP/1.", 8) != 0) { - NDPI_LOG(NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK, ndpi_struct, - NDPI_LOG_DEBUG, "DDL: PACKET NOT HTTP CONFORM.\nXXX%.*sXXX\n", + NDPI_LOG_DBG2(ndpi_struct, "DDL: PACKET NOT HTTP CONFORM.\nXXX%.*sXXX\n", 8, &packet->line[0].ptr[packet->line[0].len - 9]); goto end_ddl_nothing_found; } @@ -100,11 +101,11 @@ u_int8_t search_ddl_domains(struct ndpi_detection_module_struct *ndpi_struct, st i = 2; while (host_line_len_without_port >= i && packet->host_line.ptr[host_line_len_without_port - i] >= '0' && packet->host_line.ptr[host_line_len_without_port - i] <= '9') { - NDPI_LOG(NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK, ndpi_struct, NDPI_LOG_DEBUG, "DDL: number found\n"); + NDPI_LOG_DBG2(ndpi_struct, "DDL: number found\n"); i++; } if (host_line_len_without_port >= i && packet->host_line.ptr[host_line_len_without_port - i] == ':') { - NDPI_LOG(NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK, ndpi_struct, NDPI_LOG_DEBUG, "DDL: ':' found\n"); + NDPI_LOG_DBG2(ndpi_struct, "DDL: ':' found\n"); host_line_len_without_port = host_line_len_without_port - i; } } @@ -694,12 +695,12 @@ u_int8_t search_ddl_domains(struct ndpi_detection_module_struct *ndpi_struct, st */ end_ddl_nothing_found: - NDPI_LOG(NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "Nothing Found\n"); return 0; end_ddl_found: - NDPI_LOG(NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK, ndpi_struct, NDPI_LOG_DEBUG, "DDL: DIRECT DOWNLOAD LINK FOUND\n"); + NDPI_LOG_INFO(ndpi_struct, "found DIRECT DOWNLOAD LINK\n"); ndpi_int_direct_download_link_add_connection(ndpi_struct, flow); return 1; } @@ -709,15 +710,12 @@ void ndpi_search_direct_download_link_tcp(struct ndpi_detection_module_struct *n { struct ndpi_packet_struct *packet = &flow->packet; - /* struct ndpi_id_struct *src=ndpi_struct->src; */ - /* struct ndpi_id_struct *dst=ndpi_struct->dst; */ - /* do not detect again if it is already ddl */ if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK) { if (search_ddl_domains(ndpi_struct, flow) != 0) { return; } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_DIRECT_DOWNLOAD_LINK); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c index 5358cc8b7..bf4f9d9b6 100644 --- a/src/lib/protocols/dns.c +++ b/src/lib/protocols/dns.c @@ -21,10 +21,15 @@ * */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_DNS +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DNS + +#include "ndpi_api.h" + + #define FLAGS_MASK 0x8000 /* #define DNS_DEBUG 1 */ @@ -64,7 +69,7 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd u_int8_t is_query; u_int16_t s_port = 0, d_port = 0; - NDPI_LOG(NDPI_PROTOCOL_DNS, ndpi_struct, NDPI_LOG_DEBUG, "search DNS.\n"); + NDPI_LOG_DBG(ndpi_struct, "search DNS\n"); if(flow->packet.udp != NULL) { s_port = ntohs(flow->packet.udp->source); @@ -75,8 +80,8 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd d_port = ntohs(flow->packet.tcp->dest); x = 2; } else { - NDPI_LOG(NDPI_PROTOCOL_DNS, ndpi_struct, NDPI_LOG_DEBUG, "exclude DNS.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_DNS); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + return; } if((s_port == 53 || d_port == 53 || d_port == 5355) @@ -116,7 +121,7 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd x++; flow->protos.dns.query_type = get16(&x, flow->packet.payload); #ifdef DNS_DEBUG - printf("[%s:%d] query_type=%2d\n", __FILE__, __LINE__, flow->protos.dns.query_type); + NDPI_LOG_DBG2(ndpi_struct, "query_type=%2d\n", flow->protos.dns.query_type); #endif break; } else @@ -177,8 +182,7 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd } if(invalid) { - NDPI_LOG(NDPI_PROTOCOL_DNS, ndpi_struct, NDPI_LOG_DEBUG, "exclude DNS.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_DNS); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } @@ -208,9 +212,8 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd strlen((const char*)flow->host_server_name), NDPI_PROTOCOL_DNS); -#ifdef DNS_DEBUG - printf("[%s:%d] [num_queries=%d][num_answers=%d][reply_code=%u][rsp_type=%u][host_server_name=%s]\n", - __FILE__, __LINE__, +#ifdef DNS_DEBUG + NDPI_LOG_DBG2(ndpi_struct, "[num_queries=%d][num_answers=%d][reply_code=%u][rsp_type=%u][host_server_name=%s]\n", flow->protos.dns.num_queries, flow->protos.dns.num_answers, flow->protos.dns.reply_code, flow->protos.dns.rsp_type, flow->host_server_name ); @@ -224,11 +227,10 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd Do not set the protocol with DNS if ndpi_match_host_subprotocol() has matched a subprotocol **/ - NDPI_LOG(NDPI_PROTOCOL_DNS, ndpi_struct, NDPI_LOG_DEBUG, "found DNS.\n"); + NDPI_LOG_INFO(ndpi_struct, "found DNS\n"); ndpi_set_detected_protocol(ndpi_struct, flow, (d_port == 5355) ? NDPI_PROTOCOL_LLMNR : NDPI_PROTOCOL_DNS, NDPI_PROTOCOL_UNKNOWN); } else { - NDPI_LOG(NDPI_PROTOCOL_DNS, ndpi_struct, NDPI_LOG_DEBUG, "exclude DNS.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_DNS); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } } diff --git a/src/lib/protocols/dofus.c b/src/lib/protocols/dofus.c index 26ccdb444..baed6c262 100644 --- a/src/lib/protocols/dofus.c +++ b/src/lib/protocols/dofus.c @@ -22,76 +22,68 @@ * */ +#include "ndpi_protocol_ids.h" +#ifdef NDPI_PROTOCOL_DOFUS -#include "ndpi_api.h" +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DOFUS -#ifdef NDPI_PROTOCOL_DOFUS +#include "ndpi_api.h" static void ndpi_dofus_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DOFUS, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found dofus\n"); } void ndpi_search_dofus(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; + struct ndpi_packet_struct *packet = &flow->packet; + NDPI_LOG_DBG(ndpi_struct, "search dofus\n"); /* Dofus v 1.x.x */ if (packet->payload_packet_len == 13 && get_u_int16_t(packet->payload, 1) == ntohs(0x0508) && get_u_int16_t(packet->payload, 5) == ntohs(0x04a0) && get_u_int16_t(packet->payload, packet->payload_packet_len - 2) == ntohs(0x0194)) { - NDPI_LOG(NDPI_PROTOCOL_DOFUS, ndpi_struct, NDPI_LOG_DEBUG, "found dofus.\n"); ndpi_dofus_add_connection(ndpi_struct, flow); return; } - if (flow->l4.tcp.dofus_stage == 0 && packet->payload_packet_len == 3 && memcmp(packet->payload, "HG", 2) == 0 - && packet->payload[packet->payload_packet_len - 1] == 0) { - flow->l4.tcp.dofus_stage = 1; - NDPI_LOG(NDPI_PROTOCOL_DOFUS, ndpi_struct, NDPI_LOG_DEBUG, "maybe dofus.\n"); - return; - } - if (flow->l4.tcp.dofus_stage == 0 && packet->payload_packet_len == 35 && memcmp(packet->payload, "HC", 2) == 0 - && packet->payload[packet->payload_packet_len - 1] == 0) { - flow->l4.tcp.dofus_stage = 1; - NDPI_LOG(NDPI_PROTOCOL_DOFUS, ndpi_struct, NDPI_LOG_DEBUG, "maybe dofus.\n"); - return; - } - if (flow->l4.tcp.dofus_stage == 0 && packet->payload_packet_len > 2 && packet->payload[0] == 'A' - && (packet->payload[1] == 'x' || packet->payload[1] == 'X') - && packet->payload[packet->payload_packet_len - 1] == 0) { - flow->l4.tcp.dofus_stage = 1; - NDPI_LOG(NDPI_PROTOCOL_DOFUS, ndpi_struct, NDPI_LOG_DEBUG, "maybe dofus.\n"); - return; - } - if (flow->l4.tcp.dofus_stage == 0 && packet->payload_packet_len == 12 && memcmp(packet->payload, "Af", 2) == 0 - && packet->payload[packet->payload_packet_len - 1] == 0) { - flow->l4.tcp.dofus_stage = 1; - NDPI_LOG(NDPI_PROTOCOL_DOFUS, ndpi_struct, NDPI_LOG_DEBUG, "maybe dofus.\n"); - return; - } - if (flow->l4.tcp.dofus_stage == 0 && packet->payload_packet_len > 2 && memcmp(packet->payload, "Ad", 2) - && packet->payload[packet->payload_packet_len - 1] == 0) { - flow->l4.tcp.dofus_stage = 1; - NDPI_LOG(NDPI_PROTOCOL_DOFUS, ndpi_struct, NDPI_LOG_DEBUG, "maybe dofus.\n"); - return; + if (flow->l4.tcp.dofus_stage == 0) { + if (packet->payload_packet_len == 3 && memcmp(packet->payload, "HG", 2) == 0 + && packet->payload[packet->payload_packet_len - 1] == 0) + goto maybe_dofus; + + if (packet->payload_packet_len == 12 && memcmp(packet->payload, "Af", 2) == 0 + && packet->payload[packet->payload_packet_len - 1] == 0) + goto maybe_dofus; + + if (packet->payload_packet_len == 35 && memcmp(packet->payload, "HC", 2) == 0 + && packet->payload[packet->payload_packet_len - 1] == 0) + goto maybe_dofus; + + if (packet->payload_packet_len > 2 && packet->payload[0] == 'A' + && (packet->payload[1] == 'x' || packet->payload[1] == 'X') + && packet->payload[packet->payload_packet_len - 1] == 0) + goto maybe_dofus; + + if (packet->payload_packet_len > 2 && memcmp(packet->payload, "Ad", 2) + && packet->payload[packet->payload_packet_len - 1] == 0) + goto maybe_dofus; + } - if (packet->payload_packet_len == 11 && memcmp(packet->payload, "AT", 2) == 0 && packet->payload[10] == 0x00) { - if (flow->l4.tcp.dofus_stage == 1) { - NDPI_LOG(NDPI_PROTOCOL_DOFUS, ndpi_struct, NDPI_LOG_DEBUG, "found dofus.\n"); + if (flow->l4.tcp.dofus_stage == 1) { + if (packet->payload_packet_len == 11 && memcmp(packet->payload, "AT", 2) == 0 + && packet->payload[10] == 0x00) { + ndpi_dofus_add_connection(ndpi_struct, flow); + return; + } + if (packet->payload_packet_len == 5 + && packet->payload[0] == 'A' && packet->payload[4] == 0x00 + && (packet->payload[1] == 'T' || packet->payload[1] == 'k')) { ndpi_dofus_add_connection(ndpi_struct, flow); return; } - } - if (flow->l4.tcp.dofus_stage == 1 && packet->payload_packet_len == 5 - && packet->payload[0] == 'A' && packet->payload[4] == 0x00 && (packet->payload[1] == 'T' - || packet->payload[1] == 'k')) { - NDPI_LOG(NDPI_PROTOCOL_DOFUS, ndpi_struct, NDPI_LOG_DEBUG, "found dofus asym.\n"); - ndpi_dofus_add_connection(ndpi_struct, flow); - return; } /* end Dofus 1.x.x */ @@ -109,7 +101,6 @@ void ndpi_search_dofus(struct ndpi_detection_module_struct *ndpi_struct, struct if (packet->payload_packet_len == 49 && ntohs(get_u_int16_t(packet->payload, 15)) + 17 != packet->payload_packet_len) { goto exclude; } - NDPI_LOG(NDPI_PROTOCOL_DOFUS, ndpi_struct, NDPI_LOG_DEBUG, "found dofus.\n"); ndpi_dofus_add_connection(ndpi_struct, flow); return; } @@ -120,7 +111,6 @@ void ndpi_search_dofus(struct ndpi_detection_module_struct *ndpi_struct, struct goto exclude; len2 = ntohs(get_u_int16_t(packet->payload, 5 + len)); if (5 + len + 2 + len2 == packet->payload_packet_len) { - NDPI_LOG(NDPI_PROTOCOL_DOFUS, ndpi_struct, NDPI_LOG_DEBUG, "found dofus.\n"); ndpi_dofus_add_connection(ndpi_struct, flow); return; } @@ -135,16 +125,20 @@ void ndpi_search_dofus(struct ndpi_detection_module_struct *ndpi_struct, struct if ((12 + len + 2 + len2 + 1) > packet->payload_packet_len) goto exclude; if (12 + len + 2 + len2 + 1 == packet->payload_packet_len && packet->payload[12 + len + 2 + len2] == 0x01) { - NDPI_LOG(NDPI_PROTOCOL_DOFUS, ndpi_struct, NDPI_LOG_DEBUG, "found dofus.\n"); ndpi_dofus_add_connection(ndpi_struct, flow); return; } } - exclude: - NDPI_LOG(NDPI_PROTOCOL_DOFUS, ndpi_struct, NDPI_LOG_DEBUG, "exclude dofus.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_DOFUS); -} +exclude: + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + return; + +maybe_dofus: + flow->l4.tcp.dofus_stage = 1; + NDPI_LOG_DBG2(ndpi_struct, "maybe dofus\n"); + return; +} void init_dofus_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { diff --git a/src/lib/protocols/drda.c b/src/lib/protocols/drda.c index 83a79ea82..72d708d13 100644 --- a/src/lib/protocols/drda.c +++ b/src/lib/protocols/drda.c @@ -17,10 +17,14 @@ * If not, see . * */ -#include "ndpi_api.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_DRDA +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DRDA + +#include "ndpi_api.h" + struct ndpi_drda_hdr { u_int16_t length; u_int8_t magic; @@ -37,6 +41,8 @@ void ndpi_search_drda(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_packet_struct * packet = &flow->packet; u_int16_t payload_len = packet->payload_packet_len; u_int count = 0; // prevent integer overflow + + NDPI_LOG_DBG(ndpi_struct, "search DRDA\n"); if(packet->tcp != NULL) { @@ -71,15 +77,14 @@ void ndpi_search_drda(struct ndpi_detection_module_struct *ndpi_struct, } if(count != payload_len) goto no_drda; } - NDPI_LOG(NDPI_PROTOCOL_DRDA, ndpi_struct, NDPI_LOG_DEBUG, "found DRDA.\n"); + NDPI_LOG_INFO(ndpi_struct, "found DRDA\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DRDA, NDPI_PROTOCOL_UNKNOWN); return; } } no_drda: - NDPI_LOG(NDPI_PROTOCOL_DRDA, ndpi_struct, NDPI_LOG_DEBUG, "exclude DRDA.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_DRDA); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/dropbox.c b/src/lib/protocols/dropbox.c index d8babfb1b..6e8a2dcb0 100644 --- a/src/lib/protocols/dropbox.c +++ b/src/lib/protocols/dropbox.c @@ -21,10 +21,14 @@ * */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_DROPBOX + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DROPBOX #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_DROPBOX #define DB_LSP_PORT 17500 @@ -51,7 +55,7 @@ static void ndpi_check_dropbox(struct ndpi_detection_module_struct *ndpi_struct, if(payload_len > 2) { if(strncmp((const char *)packet->payload, "{\"host_int\"", 11) == 0) { - NDPI_LOG(NDPI_PROTOCOL_DROPBOX, ndpi_struct, NDPI_LOG_DEBUG, "Found dropbox.\n"); + NDPI_LOG_INFO(ndpi_struct, "found dropbox\n"); ndpi_int_dropbox_add_connection(ndpi_struct, flow, 0); return; } @@ -59,15 +63,14 @@ static void ndpi_check_dropbox(struct ndpi_detection_module_struct *ndpi_struct, } } - NDPI_LOG(NDPI_PROTOCOL_DROPBOX, ndpi_struct, NDPI_LOG_DEBUG, "exclude dropbox.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_DROPBOX); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } void ndpi_search_dropbox(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_DROPBOX, ndpi_struct, NDPI_LOG_DEBUG, "dropbox detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search dropbox\n"); /* skip marked packets */ if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_DROPBOX) { diff --git a/src/lib/protocols/eaq.c b/src/lib/protocols/eaq.c index 96ecacdde..3929b4ef6 100644 --- a/src/lib/protocols/eaq.c +++ b/src/lib/protocols/eaq.c @@ -24,12 +24,18 @@ http://www.brasilbandalarga.com.br */ + +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_EAQ + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_EAQ + #include "ndpi_api.h" #define EAQ_DEFAULT_PORT 6000 #define EAQ_DEFAULT_SIZE 16 -#ifdef NDPI_PROTOCOL_EAQ static void ndpi_int_eaq_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_EAQ, NDPI_PROTOCOL_UNKNOWN); @@ -40,33 +46,34 @@ void ndpi_search_eaq(struct ndpi_detection_module_struct *ndpi_struct, struct nd struct ndpi_packet_struct *packet = &flow->packet; u_int16_t sport = ntohs(packet->udp->source), dport = ntohs(packet->udp->dest); - if((packet->payload_packet_len != EAQ_DEFAULT_SIZE) - || ((sport != EAQ_DEFAULT_PORT) && (dport != EAQ_DEFAULT_PORT))) { - exclude_eaq: - NDPI_LOG(NDPI_PROTOCOL_EAQ, ndpi_struct, NDPI_LOG_DEBUG, "Exclude eaq.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_EAQ); - return; - } - - if(packet->udp != NULL) { - u_int32_t seq = (packet->payload[0] * 1000) + (packet->payload[1] * 100) + (packet->payload[2] * 10) + packet->payload[3]; - - if(flow->l4.udp.eaq_pkt_id == 0) - flow->l4.udp.eaq_sequence = seq; - else { - if((flow->l4.udp.eaq_sequence == seq) || ((flow->l4.udp.eaq_sequence+1) == seq)) { - ; /* Looks good */ - } else - goto exclude_eaq; - } + NDPI_LOG_DBG(ndpi_struct, "search eaq\n"); + + do { + if( (packet->payload_packet_len != EAQ_DEFAULT_SIZE) || + ((sport != EAQ_DEFAULT_PORT) && (dport != EAQ_DEFAULT_PORT)) ) + break; + + if(packet->udp != NULL) { + u_int32_t seq = (packet->payload[0] * 1000) + (packet->payload[1] * 100) + (packet->payload[2] * 10) + packet->payload[3]; + + if(flow->l4.udp.eaq_pkt_id == 0) + flow->l4.udp.eaq_sequence = seq; + else { + if( (flow->l4.udp.eaq_sequence != seq) && + ((flow->l4.udp.eaq_sequence+1) != seq)) break; + } - if(++flow->l4.udp.eaq_pkt_id == 4) { - /* We have collected enough packets so we assume it's EAQ */ - NDPI_LOG(NDPI_PROTOCOL_EAQ, ndpi_struct, NDPI_LOG_DEBUG, "found eaq.\n"); - ndpi_int_eaq_add_connection(ndpi_struct, flow); + if(++flow->l4.udp.eaq_pkt_id == 4) { + /* We have collected enough packets so we assume it's EAQ */ + NDPI_LOG_INFO(ndpi_struct, "found eaq\n"); + ndpi_int_eaq_add_connection(ndpi_struct, flow); + return; + } } - } else - goto exclude_eaq; + } while(0); + + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + } diff --git a/src/lib/protocols/edonkey.c b/src/lib/protocols/edonkey.c index 5196cc9e5..34276bbcb 100644 --- a/src/lib/protocols/edonkey.c +++ b/src/lib/protocols/edonkey.c @@ -23,10 +23,15 @@ * */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_EDONKEY + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_EDONKEY #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_EDONKEY + static void ndpi_int_edonkey_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_EDONKEY, NDPI_PROTOCOL_UNKNOWN); } @@ -159,24 +164,23 @@ static void ndpi_check_edonkey(struct ndpi_detection_module_struct *ndpi_struct, /* Break after 20 packets. */ if (flow->packet_counter > 20) { - NDPI_LOG(NDPI_PROTOCOL_EDONKEY, ndpi_struct, NDPI_LOG_DEBUG, "Exclude EDONKEY.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_EDONKEY); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } /* Check if we so far detected the protocol in the request or not. */ if (flow->edonkey_stage == 0) { - NDPI_LOG(NDPI_PROTOCOL_EDONKEY, ndpi_struct, NDPI_LOG_DEBUG, "EDONKEY stage 0: \n"); + NDPI_LOG_DBG2(ndpi_struct, "EDONKEY stage 0: \n"); if (ndpi_edonkey_payload_check(packet->payload, payload_len)) { - NDPI_LOG(NDPI_PROTOCOL_EDONKEY, ndpi_struct, NDPI_LOG_DEBUG, "Possible EDONKEY request detected, we will look further for the response...\n"); + NDPI_LOG_DBG2(ndpi_struct, "Possible EDONKEY request detected, we will look further for the response\n"); /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ flow->edonkey_stage = packet->packet_direction + 1; } } else { - NDPI_LOG(NDPI_PROTOCOL_EDONKEY, ndpi_struct, NDPI_LOG_DEBUG, "EDONKEY stage %u: \n", flow->edonkey_stage); + NDPI_LOG_DBG2(ndpi_struct, "EDONKEY stage %u: \n", flow->edonkey_stage); /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */ if ((flow->edonkey_stage - packet->packet_direction) == 1) { @@ -185,10 +189,10 @@ static void ndpi_check_edonkey(struct ndpi_detection_module_struct *ndpi_struct, /* This is a packet in another direction. Check if we find the proper response. */ if ((payload_len == 0) || (ndpi_edonkey_payload_check(packet->payload, payload_len))) { - NDPI_LOG(NDPI_PROTOCOL_EDONKEY, ndpi_struct, NDPI_LOG_DEBUG, "Found EDONKEY.\n"); + NDPI_LOG_INFO(ndpi_struct, "found EDONKEY\n"); ndpi_int_edonkey_add_connection(ndpi_struct, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_EDONKEY, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to EDONKEY, resetting the stage to 0...\n"); + NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to EDONKEY, resetting the stage to 0\n"); flow->edonkey_stage = 0; } @@ -198,7 +202,7 @@ static void ndpi_check_edonkey(struct ndpi_detection_module_struct *ndpi_struct, void ndpi_search_edonkey(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_EDONKEY, ndpi_struct, NDPI_LOG_DEBUG, "EDONKEY detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search EDONKEY\n"); /* skip marked packets */ if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_EDONKEY) { diff --git a/src/lib/protocols/fasttrack.c b/src/lib/protocols/fasttrack.c index c432f6754..016a15621 100644 --- a/src/lib/protocols/fasttrack.c +++ b/src/lib/protocols/fasttrack.c @@ -22,11 +22,13 @@ * */ - -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_FASTTRACK +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_FASTTRACK + +#include "ndpi_api.h" static void ndpi_int_fasttrack_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -39,13 +41,12 @@ void ndpi_search_fasttrack_tcp(struct ndpi_detection_module_struct *ndpi_struct, { struct ndpi_packet_struct *packet = &flow->packet; -// struct ndpi_id_struct *src=ndpi_struct->src; -// struct ndpi_id_struct *dst=ndpi_struct->dst; + NDPI_LOG_DBG(ndpi_struct, "search FASTTRACK\n"); if ( (packet->payload != NULL) && (packet->payload_packet_len > 6) && (ntohs(get_u_int16_t(packet->payload, packet->payload_packet_len - 2)) == 0x0d0a)) { - NDPI_LOG(NDPI_PROTOCOL_FASTTRACK, ndpi_struct, NDPI_LOG_TRACE, "detected 0d0a at the end of the packet.\n"); + NDPI_LOG_DBG2(ndpi_struct, "detected 0d0a at the end of the packet\n"); if (memcmp(packet->payload, "GIVE ", 5) == 0 && packet->payload_packet_len >= 8) { u_int16_t i; @@ -56,20 +57,20 @@ void ndpi_search_fasttrack_tcp(struct ndpi_detection_module_struct *ndpi_struct, } } - NDPI_LOG(NDPI_PROTOCOL_FASTTRACK, ndpi_struct, NDPI_LOG_TRACE, "FASTTRACK GIVE DETECTED\n"); + NDPI_LOG_INFO(ndpi_struct, "found FASTTRACK\n"); ndpi_int_fasttrack_add_connection(ndpi_struct, flow); return; } if (packet->payload_packet_len > 50 && memcmp(packet->payload, "GET /", 5) == 0) { u_int8_t a = 0; - NDPI_LOG(NDPI_PROTOCOL_FASTTRACK, ndpi_struct, NDPI_LOG_TRACE, "detected GET /. \n"); + NDPI_LOG_DBG2(ndpi_struct, "detected GET /. \n"); ndpi_parse_packet_line_info(ndpi_struct, flow); for (a = 0; a < packet->parsed_lines; a++) { if ((packet->line[a].len > 17 && memcmp(packet->line[a].ptr, "X-Kazaa-Username: ", 18) == 0) || (packet->line[a].len > 23 && memcmp(packet->line[a].ptr, "User-Agent: PeerEnabler/", 24) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_FASTTRACK, ndpi_struct, NDPI_LOG_TRACE, - "detected X-Kazaa-Username: || User-Agent: PeerEnabler/\n"); + NDPI_LOG_INFO(ndpi_struct, + "found FASTTRACK X-Kazaa-Username: || User-Agent: PeerEnabler/\n"); ndpi_int_fasttrack_add_connection(ndpi_struct, flow); return; } @@ -78,8 +79,7 @@ void ndpi_search_fasttrack_tcp(struct ndpi_detection_module_struct *ndpi_struct, } exclude_fasttrack: - NDPI_LOG(NDPI_PROTOCOL_FASTTRACK, ndpi_struct, NDPI_LOG_TRACE, "fasttrack/kazaa excluded.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_FASTTRACK); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/fiesta.c b/src/lib/protocols/fiesta.c index a3e89af8f..9a9c78852 100644 --- a/src/lib/protocols/fiesta.c +++ b/src/lib/protocols/fiesta.c @@ -22,10 +22,14 @@ * */ -/* include files */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" + #ifdef NDPI_PROTOCOL_FIESTA +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_FIESTA + +#include "ndpi_api.h" + static void ndpi_int_fiesta_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -35,18 +39,15 @@ static void ndpi_int_fiesta_add_connection(struct ndpi_detection_module_struct * void ndpi_search_fiesta(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - -// struct ndpi_id_struct *src=ndpi_struct->src; -// struct ndpi_id_struct *dst=ndpi_struct->dst; - NDPI_LOG(NDPI_PROTOCOL_FIESTA, ndpi_struct, NDPI_LOG_DEBUG, "search fiesta.\n"); + NDPI_LOG_DBG(ndpi_struct, "search fiesta\n"); if (flow->l4.tcp.fiesta_stage == 0 && packet->payload_packet_len == 5 && get_u_int16_t(packet->payload, 0) == ntohs(0x0407) && (packet->payload[2] == 0x08) && (packet->payload[4] == 0x00 || packet->payload[4] == 0x01)) { - NDPI_LOG(NDPI_PROTOCOL_FIESTA, ndpi_struct, NDPI_LOG_DEBUG, "maybe fiesta symmetric, first packet.\n"); + NDPI_LOG_DBG2(ndpi_struct, "maybe fiesta symmetric, first packet\n"); flow->l4.tcp.fiesta_stage = 1 + packet->packet_direction; goto maybe_fiesta; } @@ -54,7 +55,7 @@ void ndpi_search_fiesta(struct ndpi_detection_module_struct *ndpi_struct, struct && ((packet->payload_packet_len > 1 && packet->payload_packet_len - 1 == packet->payload[0]) || (packet->payload_packet_len > 3 && packet->payload[0] == 0 && get_l16(packet->payload, 1) == packet->payload_packet_len - 3))) { - NDPI_LOG(NDPI_PROTOCOL_FIESTA, ndpi_struct, NDPI_LOG_DEBUG, "Maybe fiesta.\n"); + NDPI_LOG_DBG2(ndpi_struct, "Maybe fiesta\n"); goto maybe_fiesta; } if (flow->l4.tcp.fiesta_stage == (1 + packet->packet_direction)) { @@ -79,16 +80,15 @@ void ndpi_search_fiesta(struct ndpi_detection_module_struct *ndpi_struct, struct } } - NDPI_LOG(NDPI_PROTOCOL_FIESTA, ndpi_struct, NDPI_LOG_DEBUG, "exclude fiesta.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_FIESTA); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; maybe_fiesta: - NDPI_LOG(NDPI_PROTOCOL_FIESTA, ndpi_struct, NDPI_LOG_DEBUG, "Stage is set to %d.\n", flow->l4.tcp.fiesta_stage); + NDPI_LOG_DBG2(ndpi_struct, "Stage is set to %d\n", flow->l4.tcp.fiesta_stage); return; add_fiesta: - NDPI_LOG(NDPI_PROTOCOL_FIESTA, ndpi_struct, NDPI_LOG_DEBUG, "detected fiesta.\n"); + NDPI_LOG_INFO(ndpi_struct, "found fiesta\n"); ndpi_int_fiesta_add_connection(ndpi_struct, flow); return; } diff --git a/src/lib/protocols/filetopia.c b/src/lib/protocols/filetopia.c index 167b63a8e..eb3215e48 100644 --- a/src/lib/protocols/filetopia.c +++ b/src/lib/protocols/filetopia.c @@ -22,10 +22,14 @@ * */ +#include "ndpi_protocol_ids.h" -#include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_FILETOPIA +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_FILETOPIA + +#include "ndpi_api.h" + static void ndpi_int_filetopia_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -36,14 +40,13 @@ void ndpi_search_filetopia_tcp(struct ndpi_detection_module_struct *ndpi_struct, { struct ndpi_packet_struct *packet = &flow->packet; -// struct ndpi_id_struct *src=ndpi_struct->src; -// struct ndpi_id_struct *dst=ndpi_struct->dst; + NDPI_LOG_DBG(ndpi_struct, "search Filetopia\n"); if (flow->l4.tcp.filetopia_stage == 0) { if (packet->payload_packet_len >= 50 && packet->payload_packet_len <= 70 && packet->payload[0] == 0x03 && packet->payload[1] == 0x9a && packet->payload[3] == 0x22 && packet->payload[packet->payload_packet_len - 1] == 0x2b) { - NDPI_LOG(NDPI_PROTOCOL_FILETOPIA, ndpi_struct, NDPI_LOG_DEBUG, "Filetopia stage 1 detected\n"); + NDPI_LOG_DBG2(ndpi_struct, "Filetopia stage 1 detected\n"); flow->l4.tcp.filetopia_stage = 1; return; } @@ -59,7 +62,7 @@ void ndpi_search_filetopia_tcp(struct ndpi_detection_module_struct *ndpi_struct, } } - NDPI_LOG(NDPI_PROTOCOL_FILETOPIA, ndpi_struct, NDPI_LOG_DEBUG, "Filetopia stage 2 detected\n"); + NDPI_LOG_DBG2(ndpi_struct, "Filetopia stage 2 detected\n"); flow->l4.tcp.filetopia_stage = 2; return; } @@ -69,7 +72,7 @@ void ndpi_search_filetopia_tcp(struct ndpi_detection_module_struct *ndpi_struct, if (packet->payload_packet_len >= 4 && packet->payload_packet_len <= 100 && packet->payload[0] == 0x03 && packet->payload[1] == 0x9a && (packet->payload[3] == 0x22 || packet->payload[3] == 0x23)) { - NDPI_LOG(NDPI_PROTOCOL_FILETOPIA, ndpi_struct, NDPI_LOG_DEBUG, "Filetopia detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found Filetopia\n"); ndpi_int_filetopia_add_connection(ndpi_struct, flow); return; } @@ -77,7 +80,7 @@ void ndpi_search_filetopia_tcp(struct ndpi_detection_module_struct *ndpi_struct, } end_filetopia_nothing_found: - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_FILETOPIA); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/fix.c b/src/lib/protocols/fix.c index b96454c3f..4f3f9849b 100644 --- a/src/lib/protocols/fix.c +++ b/src/lib/protocols/fix.c @@ -20,14 +20,21 @@ * along with nDPI. If not, see . * */ -#include "ndpi_protocols.h" + +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_FIX +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_FIX + +#include "ndpi_api.h" + + void ndpi_search_fix(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; + NDPI_LOG_DBG(ndpi_struct, "search FIX\n"); if(packet->tcp) { // 8= if(packet->payload[0] == 0x38 && packet->payload[1] == 0x3d) { @@ -37,7 +44,7 @@ void ndpi_search_fix(struct ndpi_detection_module_struct *ndpi_struct, struct nd packet->payload[4] == 0x58 && packet->payload[5] == 0x2e) { - NDPI_LOG(NDPI_PROTOCOL_FIX, ndpi_struct, NDPI_LOG_DEBUG, "FIX detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found FIX\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_FIX, NDPI_PROTOCOL_UNKNOWN); return; } @@ -47,14 +54,14 @@ void ndpi_search_fix(struct ndpi_detection_module_struct *ndpi_struct, struct nd packet->payload[4] == 0x39 && packet->payload[5] == 0x3d) { - NDPI_LOG(NDPI_PROTOCOL_FIX, ndpi_struct, NDPI_LOG_DEBUG, "FIX detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found FIX\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_FIX, NDPI_PROTOCOL_UNKNOWN); return; } } } - /* exclude FIX */ - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_FIX); + + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/florensia.c b/src/lib/protocols/florensia.c index c694a2939..217874a6a 100644 --- a/src/lib/protocols/florensia.c +++ b/src/lib/protocols/florensia.c @@ -22,11 +22,14 @@ * */ +#include "ndpi_protocol_ids.h" - -#include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_FLORENSIA +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_FLORENSIA + +#include "ndpi_api.h" + static void ndpi_florensia_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -37,44 +40,40 @@ void ndpi_search_florensia(struct ndpi_detection_module_struct *ndpi_struct, str { struct ndpi_packet_struct *packet = &flow->packet; -// struct ndpi_id_struct *src=ndpi_struct->src; -// struct ndpi_id_struct *dst=ndpi_struct->dst; - - - NDPI_LOG(NDPI_PROTOCOL_FLORENSIA, ndpi_struct, NDPI_LOG_DEBUG, "search florensia.\n"); + NDPI_LOG_DBG(ndpi_struct, "search florensia\n"); if (packet->tcp != NULL) { if (packet->payload_packet_len == 5 && get_l16(packet->payload, 0) == packet->payload_packet_len && packet->payload[2] == 0x65 && packet->payload[4] == 0xff) { if (flow->florensia_stage == 1) { - NDPI_LOG(NDPI_PROTOCOL_FLORENSIA, ndpi_struct, NDPI_LOG_DEBUG, "found florensia.\n"); + NDPI_LOG_INFO(ndpi_struct, "found florensia\n"); ndpi_florensia_add_connection(ndpi_struct, flow); return; } - NDPI_LOG(NDPI_PROTOCOL_FLORENSIA, ndpi_struct, NDPI_LOG_DEBUG, "maybe florensia -> stage is set to 1.\n"); + NDPI_LOG_DBG2(ndpi_struct, "maybe florensia -> stage is set to 1\n"); flow->florensia_stage = 1; return; } if (packet->payload_packet_len > 8 && get_l16(packet->payload, 0) == packet->payload_packet_len && get_u_int16_t(packet->payload, 2) == htons(0x0201) && get_u_int32_t(packet->payload, 4) == htonl(0xFFFFFFFF)) { - NDPI_LOG(NDPI_PROTOCOL_FLORENSIA, ndpi_struct, NDPI_LOG_DEBUG, "maybe florensia -> stage is set to 1.\n"); + NDPI_LOG_DBG2(ndpi_struct, "maybe florensia -> stage is set to 1\n"); flow->florensia_stage = 1; return; } if (packet->payload_packet_len == 406 && get_l16(packet->payload, 0) == packet->payload_packet_len && packet->payload[2] == 0x63) { - NDPI_LOG(NDPI_PROTOCOL_FLORENSIA, ndpi_struct, NDPI_LOG_DEBUG, "maybe florensia -> stage is set to 1.\n"); + NDPI_LOG_DBG2(ndpi_struct, "maybe florensia -> stage is set to 1\n"); flow->florensia_stage = 1; return; } if (packet->payload_packet_len == 12 && get_l16(packet->payload, 0) == packet->payload_packet_len && get_u_int16_t(packet->payload, 2) == htons(0x0301)) { if (flow->florensia_stage == 1) { - NDPI_LOG(NDPI_PROTOCOL_FLORENSIA, ndpi_struct, NDPI_LOG_DEBUG, "found florensia.\n"); + NDPI_LOG_INFO(ndpi_struct, "found florensia\n"); ndpi_florensia_add_connection(ndpi_struct, flow); return; } - NDPI_LOG(NDPI_PROTOCOL_FLORENSIA, ndpi_struct, NDPI_LOG_DEBUG, "maybe florensia -> stage is set to 1.\n"); + NDPI_LOG_DBG2(ndpi_struct, "maybe florensia -> stage is set to 1\n"); flow->florensia_stage = 1; return; } @@ -82,19 +81,19 @@ void ndpi_search_florensia(struct ndpi_detection_module_struct *ndpi_struct, str if (flow->florensia_stage == 1) { if (packet->payload_packet_len == 8 && get_l16(packet->payload, 0) == packet->payload_packet_len && get_u_int16_t(packet->payload, 2) == htons(0x0302) && get_u_int32_t(packet->payload, 4) == htonl(0xFFFFFFFF)) { - NDPI_LOG(NDPI_PROTOCOL_FLORENSIA, ndpi_struct, NDPI_LOG_DEBUG, "found florensia asymmetrically.\n"); + NDPI_LOG_INFO(ndpi_struct, "found florensia asymmetrically\n"); ndpi_florensia_add_connection(ndpi_struct, flow); return; } if (packet->payload_packet_len == 24 && get_l16(packet->payload, 0) == packet->payload_packet_len && get_u_int16_t(packet->payload, 2) == htons(0x0202) && get_u_int32_t(packet->payload, packet->payload_packet_len - 4) == htonl(0xFFFFFFFF)) { - NDPI_LOG(NDPI_PROTOCOL_FLORENSIA, ndpi_struct, NDPI_LOG_DEBUG, "found florensia.\n"); + NDPI_LOG_INFO(ndpi_struct, "found florensia\n"); ndpi_florensia_add_connection(ndpi_struct, flow); return; } if (flow->packet_counter < 10 && get_l16(packet->payload, 0) == packet->payload_packet_len) { - NDPI_LOG(NDPI_PROTOCOL_FLORENSIA, ndpi_struct, NDPI_LOG_DEBUG, "maybe florensia.\n"); + NDPI_LOG_DBG2(ndpi_struct, "maybe florensia\n"); return; } } @@ -103,20 +102,19 @@ void ndpi_search_florensia(struct ndpi_detection_module_struct *ndpi_struct, str if (packet->udp != NULL) { if (flow->florensia_stage == 0 && packet->payload_packet_len == 6 && get_u_int16_t(packet->payload, 0) == ntohs(0x0503) && get_u_int32_t(packet->payload, 2) == htonl(0xFFFF0000)) { - NDPI_LOG(NDPI_PROTOCOL_FLORENSIA, ndpi_struct, NDPI_LOG_DEBUG, "maybe florensia -> stage is set to 1.\n"); + NDPI_LOG_DBG2(ndpi_struct, "maybe florensia -> stage is set to 1\n"); flow->florensia_stage = 1; return; } if (flow->florensia_stage == 1 && packet->payload_packet_len == 8 && get_u_int16_t(packet->payload, 0) == ntohs(0x0500) && get_u_int16_t(packet->payload, 4) == htons(0x4191)) { - NDPI_LOG(NDPI_PROTOCOL_FLORENSIA, ndpi_struct, NDPI_LOG_DEBUG, "found florensia.\n"); + NDPI_LOG_INFO(ndpi_struct, "found florensia\n"); ndpi_florensia_add_connection(ndpi_struct, flow); return; } } - NDPI_LOG(NDPI_PROTOCOL_FLORENSIA, ndpi_struct, NDPI_LOG_DEBUG, "exclude florensia.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_FLORENSIA); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/ftp_control.c b/src/lib/protocols/ftp_control.c index e9ed7ee45..f23476db0 100644 --- a/src/lib/protocols/ftp_control.c +++ b/src/lib/protocols/ftp_control.c @@ -21,10 +21,14 @@ * */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_FTP_CONTROL + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_FTP_CONTROL #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_FTP_CONTROL static void ndpi_int_ftp_control_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_FTP_CONTROL, NDPI_PROTOCOL_UNKNOWN); @@ -944,31 +948,29 @@ static void ndpi_check_ftp_control(struct ndpi_detection_module_struct *ndpi_str /* Exclude SMTP, which uses similar commands. */ if (packet->tcp->dest == htons(25) || packet->tcp->source == htons(25)) { - NDPI_LOG(NDPI_PROTOCOL_FTP_CONTROL, ndpi_struct, NDPI_LOG_DEBUG, "Exclude FTP_CONTROL.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_FTP_CONTROL); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } /* Break after 20 packets. */ if (flow->packet_counter > 20) { - NDPI_LOG(NDPI_PROTOCOL_FTP_CONTROL, ndpi_struct, NDPI_LOG_DEBUG, "Exclude FTP_CONTROL.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_FTP_CONTROL); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } /* Check if we so far detected the protocol in the request or not. */ if (flow->ftp_control_stage == 0) { - NDPI_LOG(NDPI_PROTOCOL_FTP_CONTROL, ndpi_struct, NDPI_LOG_DEBUG, "FTP_CONTROL stage 0: \n"); + NDPI_LOG_DBG2(ndpi_struct, "FTP_CONTROL stage 0: \n"); if ((payload_len > 0) && ndpi_ftp_control_check_request(packet->payload, payload_len)) { - NDPI_LOG(NDPI_PROTOCOL_FTP_CONTROL, ndpi_struct, NDPI_LOG_DEBUG, "Possible FTP_CONTROL request detected, we will look further for the response...\n"); + NDPI_LOG_DBG2(ndpi_struct, "Possible FTP_CONTROL request detected, we will look further for the response..\n"); /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ flow->ftp_control_stage = packet->packet_direction + 1; } } else { - NDPI_LOG(NDPI_PROTOCOL_FTP_CONTROL, ndpi_struct, NDPI_LOG_DEBUG, "FTP_CONTROL stage %u: \n", flow->ftp_control_stage); + NDPI_LOG_DBG2(ndpi_struct, "FTP_CONTROL stage %u: \n", flow->ftp_control_stage); /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */ if ((flow->ftp_control_stage - packet->packet_direction) == 1) { @@ -977,10 +979,10 @@ static void ndpi_check_ftp_control(struct ndpi_detection_module_struct *ndpi_str /* This is a packet in another direction. Check if we find the proper response. */ if ((payload_len > 0) && ndpi_ftp_control_check_response(packet->payload, payload_len)) { - NDPI_LOG(NDPI_PROTOCOL_FTP_CONTROL, ndpi_struct, NDPI_LOG_DEBUG, "Found FTP_CONTROL.\n"); + NDPI_LOG_INFO(ndpi_struct, "found FTP_CONTROL\n"); ndpi_int_ftp_control_add_connection(ndpi_struct, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_FTP_CONTROL, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to FTP_CONTROL, resetting the stage to 0...\n"); + NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to FTP_CONTROL, resetting the stage to 0\n"); flow->ftp_control_stage = 0; } } @@ -990,7 +992,7 @@ static void ndpi_check_ftp_control(struct ndpi_detection_module_struct *ndpi_str void ndpi_search_ftp_control(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_FTP_CONTROL, ndpi_struct, NDPI_LOG_DEBUG, "FTP_CONTROL detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search FTP_CONTROL\n"); /* skip marked packets */ if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_FTP_CONTROL) { diff --git a/src/lib/protocols/ftp_data.c b/src/lib/protocols/ftp_data.c index f5622ffb5..ec1e8d7d8 100644 --- a/src/lib/protocols/ftp_data.c +++ b/src/lib/protocols/ftp_data.c @@ -23,9 +23,14 @@ * */ -#include "ndpi_api.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_FTP_DATA + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_FTP_DATA + +#include "ndpi_api.h" + static void ndpi_int_ftp_data_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_FTP_DATA, NDPI_PROTOCOL_UNKNOWN); } @@ -223,22 +228,21 @@ static void ndpi_check_ftp_data(struct ndpi_detection_module_struct *ndpi_struct || ndpi_match_ftp_data_port(ndpi_struct, flow) ) ) { - NDPI_LOG(NDPI_PROTOCOL_FTP_DATA, ndpi_struct, NDPI_LOG_DEBUG, "Possible FTP_DATA request detected...\n"); + NDPI_LOG_INFO(ndpi_struct, "found FTP_DATA request\n"); ndpi_int_ftp_data_add_connection(ndpi_struct, flow); } else - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_FTP_DATA); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } void ndpi_search_ftp_data(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { /* Break after 20 packets. */ if(flow->packet_counter > 20) { - NDPI_LOG(NDPI_PROTOCOL_FTP_DATA, ndpi_struct, NDPI_LOG_DEBUG, "Exclude FTP_DATA.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_FTP_DATA); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } - NDPI_LOG(NDPI_PROTOCOL_FTP_DATA, ndpi_struct, NDPI_LOG_DEBUG, "FTP_DATA detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search FTP_DATA\n"); ndpi_check_ftp_data(ndpi_struct, flow); } diff --git a/src/lib/protocols/git.c b/src/lib/protocols/git.c index a60a94fe1..0b4192289 100644 --- a/src/lib/protocols/git.c +++ b/src/lib/protocols/git.c @@ -17,10 +17,16 @@ * If not, see . * */ + +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_GIT + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_GIT + #include #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_GIT #define GIT_PORT 9418 @@ -29,6 +35,8 @@ void ndpi_search_git(struct ndpi_detection_module_struct *ndpi_struct, { struct ndpi_packet_struct * packet = &flow->packet; + NDPI_LOG_DBG(ndpi_struct, "search Git\n"); + if((packet->tcp != NULL) && (packet->payload_packet_len > 4)) { if((ntohs(packet->tcp->source) == GIT_PORT) || (ntohs(packet->tcp->dest) == GIT_PORT)) { @@ -52,15 +60,14 @@ void ndpi_search_git(struct ndpi_detection_module_struct *ndpi_struct, } if(found_git) { - NDPI_LOG(NDPI_PROTOCOL_GIT, ndpi_struct, NDPI_LOG_DEBUG, "found Git.\n"); + NDPI_LOG_INFO(ndpi_struct, "found Git\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_GIT, NDPI_PROTOCOL_UNKNOWN); return; } } } - NDPI_LOG(NDPI_PROTOCOL_GIT, ndpi_struct, NDPI_LOG_DEBUG, "exclude Git.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_GIT); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/gnutella.c b/src/lib/protocols/gnutella.c index 1ead0570b..295cfaecd 100644 --- a/src/lib/protocols/gnutella.c +++ b/src/lib/protocols/gnutella.c @@ -22,12 +22,14 @@ * */ +#include "ndpi_protocol_ids.h" -/* include files */ +#ifdef NDPI_PROTOCOL_GNUTELLA -#include "ndpi_protocols.h" +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_GNUTELLA + +#include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_GNUTELLA static void ndpi_int_gnutella_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow/* , */ @@ -38,22 +40,21 @@ static void ndpi_int_gnutella_add_connection(struct ndpi_detection_module_struct struct ndpi_id_struct *dst = flow->dst; ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_GNUTELLA, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found GNUTELLA\n"); if (src != NULL) { src->gnutella_ts = packet->tick_timestamp; if (packet->udp != NULL) { if (!src->detected_gnutella_udp_port1) { src->detected_gnutella_udp_port1 = (packet->udp->source); - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, - NDPI_LOG_DEBUG, "GNUTELLA UDP PORT1 DETECTED as %u\n", - src->detected_gnutella_udp_port1); + NDPI_LOG_DBG2(ndpi_struct, + "GNUTELLA UDP PORT1 DETECTED as %u\n", src->detected_gnutella_udp_port1); } else if ((ntohs(packet->udp->source) != src->detected_gnutella_udp_port1) && !src->detected_gnutella_udp_port2) { src->detected_gnutella_udp_port2 = (packet->udp->source); - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, - NDPI_LOG_DEBUG, "GNUTELLA UDP PORT2 DETECTED as %u\n", - src->detected_gnutella_udp_port2); + NDPI_LOG_DBG2(ndpi_struct, + "GNUTELLA UDP PORT2 DETECTED as %u\n", src->detected_gnutella_udp_port2); } } @@ -71,16 +72,17 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru struct ndpi_id_struct *dst = flow->dst; u_int16_t c; + + NDPI_LOG_DBG(ndpi_struct, "search GNUTELLA\n"); + if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_GNUTELLA) { if (src != NULL && ((u_int32_t) (packet->tick_timestamp - src->gnutella_ts) < ndpi_struct->gnutella_timeout)) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, - NDPI_LOG_DEBUG, "gnutella : save src connection packet detected\n"); + NDPI_LOG_DBG2(ndpi_struct, "save src connection packet detected\n"); src->gnutella_ts = packet->tick_timestamp; } else if (dst != NULL && ((u_int32_t) (packet->tick_timestamp - dst->gnutella_ts) < ndpi_struct->gnutella_timeout)) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, - NDPI_LOG_DEBUG, "gnutella : save dst connection packet detected\n"); + NDPI_LOG_DBG2(ndpi_struct, "save dst connection packet detected\n"); dst->gnutella_ts = packet->tick_timestamp; } if (src != NULL && (packet->tick_timestamp - src->gnutella_ts) > ndpi_struct->gnutella_timeout) { @@ -102,13 +104,11 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru if (packet->tcp != NULL) { /* this case works asymmetrically */ if (packet->payload_packet_len > 10 && memcmp(packet->payload, "GNUTELLA/", 9) == 0) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, NDPI_LOG_TRACE, "GNUTELLA DETECTED\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); return; } /* this case works asymmetrically */ if (packet->payload_packet_len > 17 && memcmp(packet->payload, "GNUTELLA CONNECT/", 17) == 0) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, NDPI_LOG_TRACE, "GNUTELLA DETECTED\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); return; } @@ -123,7 +123,6 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru || (packet->line[c].len > 7 && memcmp(packet->line[c].ptr, "X-Queue:", 8) == 0) || (packet->line[c].len > 36 && memcmp(packet->line[c].ptr, "Content-Type: application/x-gnutella-", 37) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, NDPI_LOG_DEBUG, "DETECTED GNUTELLA GET.\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); return; } @@ -135,7 +134,6 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru && memcmp(packet->user_agent_line.ptr, "BearShare Lite ", 15) == 0) || (packet->accept_line.ptr != NULL && packet->accept_line.len > 24 && memcmp(packet->accept_line.ptr, "application n/x-gnutella", 24) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, NDPI_LOG_DEBUG, "DETECTED GNUTELLA GET.\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); } @@ -151,8 +149,7 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru } if (c < (packet->payload_packet_len - 9) && memcmp(&packet->payload[c], "urn:sha1:", 9) == 0) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, NDPI_LOG_TRACE, - "detected GET /get/ or GET /uri-res/.\n"); + NDPI_LOG_DBG2(ndpi_struct, "detected GET /get/ or GET /uri-res/\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); } @@ -161,14 +158,14 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru /* answer to this packet is HTTP/1.1 ..... Content-Type: application/x-gnutella-packets, * it is searched in the upper paragraph. */ if (packet->payload_packet_len > 30 && memcmp(packet->payload, "HEAD /gnutella/push-proxy?", 26) == 0) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, NDPI_LOG_TRACE, "detected HEAD /gnutella/push-proxy?\n"); + NDPI_LOG_DBG2(ndpi_struct, "detected HEAD /gnutella/push-proxy?\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); return; } /* haven't found any trace with this pattern */ if (packet->payload_packet_len == 46 && memcmp(packet->payload, "\x50\x55\x53\x48\x20\x67\x75\x69\x64\x3a", 10) == 0) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, NDPI_LOG_TRACE, + NDPI_LOG_DBG2(ndpi_struct, "detected \x50\x55\x53\x48\x20\x67\x75\x69\x64\x3a\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); return; @@ -189,8 +186,7 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru 44) == 0) || (end - c > 10 && memcmp(&packet->payload[c], "\r\nX-Queue:", 10) == 0) || (end - c > 13 && memcmp(&packet->payload[c], "\r\nX-Features:", 13) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, - ndpi_struct, NDPI_LOG_TRACE, "FOXY :: GNUTELLA GET 2 DETECTED\n"); + NDPI_LOG_DBG2(ndpi_struct, "FOXY :: GNUTELLA GET 2 DETECTED\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); return; } @@ -202,7 +198,7 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru if (packet->payload_packet_len > 1 && packet->payload[packet->payload_packet_len - 1] == 0x0a && packet->payload[packet->payload_packet_len - 2] == 0x0a) { if (packet->payload_packet_len > 3 && memcmp(packet->payload, "GIV", 3) == 0) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, NDPI_LOG_TRACE, "MORPHEUS GIV DETECTED\n"); + NDPI_LOG_DBG2(ndpi_struct, "MORPHEUS GIV DETECTED\n"); /* Not Excluding the flow now.. We shall Check the next Packet too for Gnutella Patterns */ return; } @@ -211,21 +207,21 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru if (packet->payload_packet_len == 46 && get_u_int32_t(packet->payload, 0) == htonl(0x802c0103) && get_u_int32_t(packet->payload, 4) == htonl(0x01000300) && get_u_int32_t(packet->payload, 8) == htonl(0x00002000) && get_u_int16_t(packet->payload, 12) == htons(0x0034)) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, NDPI_LOG_TRACE, "detected gnutella len == 46.\n"); + NDPI_LOG_DBG2(ndpi_struct, "detected gnutella len == 46\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); return; } if (packet->payload_packet_len == 49 && memcmp(packet->payload, "\x80\x2f\x01\x03\x01\x00\x06\x00\x00\x00\x20\x00\x00\x34\x00\x00\xff\x4d\x6c", 19) == 0) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, NDPI_LOG_TRACE, "detected gnutella len == 49.\n"); + NDPI_LOG_DBG2(ndpi_struct, "detected gnutella len == 49\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); return; } if (packet->payload_packet_len == 89 && memcmp(&packet->payload[43], "\x20\x4d\x6c", 3) == 0 && memcmp(packet->payload, "\x16\x03\x01\x00\x54\x01\x00\x00\x50\x03\x01\x4d\x6c", 13) == 0 && memcmp(&packet->payload[76], "\x00\x02\x00\x34\x01\x00\x00\x05", 8) == 0) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, NDPI_LOG_TRACE, + NDPI_LOG_DBG2(ndpi_struct, "detected gnutella asymmetrically len == 388.\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); return; @@ -235,7 +231,7 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru && get_u_int16_t(packet->payload, 8) == htons(0x4903) && get_u_int16_t(packet->payload, 76) == htons(0x0002) && get_u_int32_t(packet->payload, 78) == htonl(0x00340100)) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, NDPI_LOG_TRACE, "detected len == 82.\n"); + NDPI_LOG_DBG2(ndpi_struct, "detected len == 82\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); return; } @@ -244,7 +240,7 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru if (src != NULL && (packet->udp->source == src->detected_gnutella_udp_port1 || packet->udp->source == src->detected_gnutella_udp_port2) && (packet->tick_timestamp - src->gnutella_ts) < ndpi_struct->gnutella_timeout) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, NDPI_LOG_DEBUG, "port based detection\n\n"); + NDPI_LOG_DBG2(ndpi_struct, "port based detection\n\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); } /* observations: @@ -257,8 +253,7 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru && packet->payload[16] == 0x41 && packet->payload[17] == 0x01 && packet->payload[18] == 0x00 && packet->payload[19] == 0x00 && packet->payload[20] == 0x00 && packet->payload[21] == 0x00 && packet->payload[22] == 0x00) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, NDPI_LOG_DEBUG, - "detected gnutella udp, len = 23.\n"); + NDPI_LOG_DBG2(ndpi_struct, "detected gnutella udp, len = 23\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); return; @@ -267,29 +262,25 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru && packet->payload[26] == 0x50 && packet->payload[27] == 0x40 && packet->payload[28] == 0x83 && packet->payload[29] == 0x53 && packet->payload[30] == 0x43 && packet->payload[31] == 0x50 && packet->payload[32] == 0x41) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, NDPI_LOG_DEBUG, - "detected gnutella udp, len = 35.\n"); + NDPI_LOG_DBG2(ndpi_struct, "detected gnutella udp, len = 35\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); return; } if (packet->payload_packet_len == 32 && (memcmp(&packet->payload[16], "\x31\x01\x00\x09\x00\x00\x00\x4c\x49\x4d\x45", 11) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, NDPI_LOG_DEBUG, - "detected gnutella udp, len = 32.\n"); + NDPI_LOG_DBG2(ndpi_struct, "detected gnutella udp, len = 32\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); return; } if (packet->payload_packet_len == 34 && (memcmp(&packet->payload[25], "SCP@", 4) == 0) && (memcmp(&packet->payload[30], "DNA@", 4) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, NDPI_LOG_DEBUG, - "detected gnutella udp, len = 34.\n"); + NDPI_LOG_DBG2(ndpi_struct, "detected gnutella udp, len = 34\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); return; } if ((packet->payload_packet_len == 73 || packet->payload_packet_len == 96) && memcmp(&packet->payload[32], "urn:sha1:", 9) == 0) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, NDPI_LOG_DEBUG, - "detected gnutella udp, len = 73,96.\n"); + NDPI_LOG_DBG2(ndpi_struct, "detected gnutella udp, len = 73,96\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); return; } @@ -308,8 +299,7 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru && (memcmp(&packet->payload[6], "\x01\x01\x5c\x1b\x50\x55\x53\x48\x48\x10", 10) == 0)) || (packet->payload_packet_len > 200 && packet->payload_packet_len < 300 && packet->payload[3] == 0x03) || (packet->payload_packet_len > 300 && (packet->payload[3] == 0x01 || packet->payload[3] == 0x03))) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, NDPI_LOG_DEBUG, - "detected gnutella udp, GND.\n"); + NDPI_LOG_DBG2(ndpi_struct, "detected gnutella udp, GND\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); return; } @@ -317,15 +307,13 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru if ((packet->payload_packet_len == 32) && memcmp(&packet->payload[16], "\x31\x01\x00\x09\x00\x00\x00", 7) == 0) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, NDPI_LOG_DEBUG, - "detected gnutella udp, len = 32 ii.\n"); + NDPI_LOG_DBG2(ndpi_struct, "detected gnutella udp, len = 32 ii\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); return; } if ((packet->payload_packet_len == 23) && memcmp(&packet->payload[16], "\x00\x01\x00\x00\x00\x00\x00", 7) == 0) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, NDPI_LOG_DEBUG, - "detected gnutella udp, len = 23 ii.\n"); + NDPI_LOG_DBG2(ndpi_struct, "detected gnutella udp, len = 23 ii\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); return; } @@ -350,8 +338,7 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru && flow->l4.tcp.gnutella_msg_id[1] == packet->payload[2] && flow->l4.tcp.gnutella_msg_id[2] == packet->payload[4] && NDPI_SRC_OR_DST_HAS_PROTOCOL(src, dst, NDPI_PROTOCOL_GNUTELLA)) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, - NDPI_LOG_TRACE, "GNUTELLA DETECTED due to message ID match (NEONet protocol)\n"); + NDPI_LOG_DBG2(ndpi_struct, "GNUTELLA DETECTED due to message ID match (NEONet protocol)\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); return; } @@ -361,15 +348,14 @@ void ndpi_search_gnutella(struct ndpi_detection_module_struct *ndpi_struct, stru && flow->l4.tcp.gnutella_msg_id[1] == packet->payload[2] && flow->l4.tcp.gnutella_msg_id[2] == packet->payload[4] && NDPI_SRC_OR_DST_HAS_PROTOCOL(src, dst, NDPI_PROTOCOL_GNUTELLA)) { - NDPI_LOG(NDPI_PROTOCOL_GNUTELLA, ndpi_struct, - NDPI_LOG_TRACE, "GNUTELLA DETECTED due to message ID match (NEONet protocol)\n"); + NDPI_LOG_DBG2(ndpi_struct, "GNUTELLA DETECTED due to message ID match (NEONet protocol)\n"); ndpi_int_gnutella_add_connection(ndpi_struct, flow); return; } } } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_GNUTELLA); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/gtp.c b/src/lib/protocols/gtp.c index 88235f2a8..0bdc4d8ee 100644 --- a/src/lib/protocols/gtp.c +++ b/src/lib/protocols/gtp.c @@ -18,10 +18,14 @@ * */ -#include "ndpi_api.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_GTP +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_GTP + +#include "ndpi_api.h" + struct gtp_header_generic { u_int8_t flags, message_type; u_int16_t message_len; @@ -50,7 +54,7 @@ static void ndpi_check_gtp(struct ndpi_detection_module_struct *ndpi_struct, str u_int16_t message_len = ntohs(gtp->message_len); if(message_len <= (payload_len-sizeof(struct gtp_header_generic))) { - NDPI_LOG(NDPI_PROTOCOL_GTP, ndpi_struct, NDPI_LOG_DEBUG, "Found gtp.\n"); + NDPI_LOG_INFO(ndpi_struct, "found gtp\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_GTP, NDPI_PROTOCOL_UNKNOWN); return; } @@ -58,7 +62,7 @@ static void ndpi_check_gtp(struct ndpi_detection_module_struct *ndpi_struct, str } } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_GTP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } @@ -66,7 +70,7 @@ void ndpi_search_gtp(struct ndpi_detection_module_struct *ndpi_struct, struct nd { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_GTP, ndpi_struct, NDPI_LOG_DEBUG, "gtp detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search gtp\n"); /* skip marked packets */ if(packet->detected_protocol_stack[0] != NDPI_PROTOCOL_GTP) diff --git a/src/lib/protocols/guildwars.c b/src/lib/protocols/guildwars.c index 108e5ee05..7b6581851 100644 --- a/src/lib/protocols/guildwars.c +++ b/src/lib/protocols/guildwars.c @@ -22,10 +22,14 @@ * */ +#include "ndpi_protocol_ids.h" -#include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_GUILDWARS +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_GUILDWARS + +#include "ndpi_api.h" + static void ndpi_int_guildwars_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -35,35 +39,31 @@ static void ndpi_int_guildwars_add_connection(struct ndpi_detection_module_struc void ndpi_search_guildwars_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - -// struct ndpi_id_struct *src=ndpi_struct->src; -// struct ndpi_id_struct *dst=ndpi_struct->dst; - NDPI_LOG(NDPI_PROTOCOL_GUILDWARS, ndpi_struct, NDPI_LOG_DEBUG, "search guildwars.\n"); + NDPI_LOG_DBG(ndpi_struct, "search guildwars\n"); if (packet->payload_packet_len == 64 && get_u_int16_t(packet->payload, 1) == ntohs(0x050c) && memcmp(&packet->payload[50], "@2&P", 4) == 0) { - NDPI_LOG(NDPI_PROTOCOL_GUILDWARS, ndpi_struct, NDPI_LOG_DEBUG, "GuildWars version 29.350: found.\n"); + NDPI_LOG_INFO(ndpi_struct, "found GuildWars version 29.350\n"); ndpi_int_guildwars_add_connection(ndpi_struct, flow); return; } if (packet->payload_packet_len == 16 && get_u_int16_t(packet->payload, 1) == ntohs(0x040c) && get_u_int16_t(packet->payload, 4) == ntohs(0xa672) && packet->payload[8] == 0x01 && packet->payload[12] == 0x04) { - NDPI_LOG(NDPI_PROTOCOL_GUILDWARS, ndpi_struct, NDPI_LOG_DEBUG, "GuildWars version 29.350: found.\n"); + NDPI_LOG_INFO(ndpi_struct, "found GuildWars version 29.350\n"); ndpi_int_guildwars_add_connection(ndpi_struct, flow); return; } if (packet->payload_packet_len == 21 && get_u_int16_t(packet->payload, 0) == ntohs(0x0100) && get_u_int32_t(packet->payload, 5) == ntohl(0xf1001000) && packet->payload[9] == 0x01) { - NDPI_LOG(NDPI_PROTOCOL_GUILDWARS, ndpi_struct, NDPI_LOG_DEBUG, "GuildWars version 216.107.245.50: found.\n"); + NDPI_LOG_INFO(ndpi_struct, "found GuildWars version 216.107.245.50\n"); ndpi_int_guildwars_add_connection(ndpi_struct, flow); return; } - NDPI_LOG(NDPI_PROTOCOL_GUILDWARS, ndpi_struct, NDPI_LOG_DEBUG, "exclude guildwars.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_GUILDWARS); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/h323.c b/src/lib/protocols/h323.c index 31d578455..31c353a27 100644 --- a/src/lib/protocols/h323.c +++ b/src/lib/protocols/h323.c @@ -7,10 +7,15 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_H323 +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_H323 + +#include "ndpi_api.h" + + struct tpkt { u_int8_t version, reserved; u_int16_t len; @@ -21,10 +26,10 @@ void ndpi_search_h323(struct ndpi_detection_module_struct *ndpi_struct, struct n struct ndpi_packet_struct *packet = &flow->packet; u_int16_t dport = 0, sport = 0; - NDPI_LOG(NDPI_PROTOCOL_H323, ndpi_struct, NDPI_LOG_DEBUG, "search H323.\n"); + NDPI_LOG_DBG(ndpi_struct, "search H323\n"); if(packet->tcp != NULL) { - NDPI_LOG(NDPI_PROTOCOL_H323, ndpi_struct, NDPI_LOG_DEBUG, "calculated dport over tcp.\n"); + NDPI_LOG_DBG2(ndpi_struct, "calculated dport over tcp\n"); /* H323 */ if(packet->payload_packet_len >= 3 @@ -44,6 +49,7 @@ void ndpi_search_h323(struct ndpi_detection_module_struct *ndpi_struct, struct n /* ISO 8073/X.224 */ if((packet->payload[5] == 0xE0 /* CC Connect Request */) || (packet->payload[5] == 0xD0 /* CC Connect Confirm */)) { + NDPI_LOG_INFO(ndpi_struct, "found RDP\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RDP, NDPI_PROTOCOL_UNKNOWN); return; } @@ -52,23 +58,24 @@ void ndpi_search_h323(struct ndpi_detection_module_struct *ndpi_struct, struct n flow->l4.tcp.h323_valid_packets++; if(flow->l4.tcp.h323_valid_packets >= 2) { - NDPI_LOG(NDPI_PROTOCOL_H323, ndpi_struct, NDPI_LOG_DEBUG, "found H323 broadcast.\n"); + NDPI_LOG_INFO(ndpi_struct, "found H323 broadcast\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_H323, NDPI_PROTOCOL_UNKNOWN); } } else { /* This is not H.323 */ - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_H323); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + return; } } } else if(packet->udp != NULL) { sport = ntohs(packet->udp->source), dport = ntohs(packet->udp->dest); - NDPI_LOG(NDPI_PROTOCOL_H323, ndpi_struct, NDPI_LOG_DEBUG, "calculated dport over udp.\n"); + NDPI_LOG_DBG2(ndpi_struct, "calculated dport over udp\n"); if(packet->payload_packet_len >= 6 && packet->payload[0] == 0x80 && packet->payload[1] == 0x08 && (packet->payload[2] == 0xe7 || packet->payload[2] == 0x26) && packet->payload[4] == 0x00 && packet->payload[5] == 0x00) { - NDPI_LOG(NDPI_PROTOCOL_H323, ndpi_struct, NDPI_LOG_DEBUG, "found H323 broadcast.\n"); + NDPI_LOG_INFO(ndpi_struct, "found H323 broadcast\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_H323, NDPI_PROTOCOL_UNKNOWN); return; } @@ -77,19 +84,19 @@ void ndpi_search_h323(struct ndpi_detection_module_struct *ndpi_struct, struct n { if(packet->payload[0] == 0x16 && packet->payload[1] == 0x80 && packet->payload[4] == 0x06 && packet->payload[5] == 0x00) { - NDPI_LOG(NDPI_PROTOCOL_H323, ndpi_struct, NDPI_LOG_DEBUG, "found H323 broadcast.\n"); + NDPI_LOG_INFO(ndpi_struct, "found H323 broadcast\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_H323, NDPI_PROTOCOL_UNKNOWN); return; } else if(packet->payload_packet_len >= 20 && packet->payload_packet_len <= 117) { - NDPI_LOG(NDPI_PROTOCOL_H323, ndpi_struct, NDPI_LOG_DEBUG, "found H323 broadcast.\n"); + NDPI_LOG_INFO(ndpi_struct, "found H323 broadcast\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_H323, NDPI_PROTOCOL_UNKNOWN); return; } else { - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_H323); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } } diff --git a/src/lib/protocols/halflife2_and_mods.c b/src/lib/protocols/halflife2_and_mods.c index 365ea21b5..5319424fa 100644 --- a/src/lib/protocols/halflife2_and_mods.c +++ b/src/lib/protocols/halflife2_and_mods.c @@ -23,9 +23,14 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" + #ifdef NDPI_PROTOCOL_HALFLIFE2 +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_HALFLIFE2 + +#include "ndpi_api.h" + static void ndpi_int_halflife2_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -36,15 +41,14 @@ void ndpi_search_halflife2(struct ndpi_detection_module_struct *ndpi_struct, str { struct ndpi_packet_struct *packet = &flow->packet; -// struct ndpi_id_struct *src=ndpi_struct->src; -// struct ndpi_id_struct *dst=ndpi_struct->dst; + NDPI_LOG_DBG(ndpi_struct, "search halflife2\n"); if (flow->l4.udp.halflife2_stage == 0) { if (packet->payload_packet_len >= 20 && get_u_int32_t(packet->payload, 0) == 0xFFFFFFFF && get_u_int32_t(packet->payload, packet->payload_packet_len - 4) == htonl(0x30303000)) { flow->l4.udp.halflife2_stage = 1 + packet->packet_direction; - NDPI_LOG(NDPI_PROTOCOL_HALFLIFE2, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "halflife2 client req detected, waiting for server reply\n"); return; } @@ -53,13 +57,12 @@ void ndpi_search_halflife2(struct ndpi_detection_module_struct *ndpi_struct, str && get_u_int32_t(packet->payload, 0) == 0xFFFFFFFF && get_u_int32_t(packet->payload, packet->payload_packet_len - 4) == htonl(0x30303000)) { ndpi_int_halflife2_add_connection(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_HALFLIFE2, ndpi_struct, NDPI_LOG_DEBUG, "halflife2 server reply detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found halflife2\n"); return; } } - - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_HALFLIFE2); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/hangout.c b/src/lib/protocols/hangout.c index 4555c6c75..de35653ea 100644 --- a/src/lib/protocols/hangout.c +++ b/src/lib/protocols/hangout.c @@ -17,10 +17,16 @@ * If not, see . * */ -#include "ndpi_api.h" + +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_HANGOUT +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_HANGOUT + +#include "ndpi_api.h" + + /* https://support.google.com/a/answer/1279090?hl=en */ #define HANGOUT_UDP_LOW_PORT 19302 #define HANGOUT_UDP_HIGH_PORT 19309 @@ -73,19 +79,20 @@ void ndpi_search_hangout(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct * packet = &flow->packet; + NDPI_LOG_DBG(ndpi_struct, "search Hangout\n"); + if((packet->payload_packet_len > 24) && is_google_flow(ndpi_struct, flow)) { if( ((packet->udp != NULL) && (isHangoutUDPPort(ntohs(packet->udp->source)) || isHangoutUDPPort(ntohs(packet->udp->dest)))) || ((packet->tcp != NULL) && (isHangoutTCPPort(ntohs(packet->tcp->source)) || isHangoutTCPPort(ntohs(packet->tcp->dest))))) { - NDPI_LOG(NDPI_PROTOCOL_HANGOUT, ndpi_struct, NDPI_LOG_DEBUG, "Found Hangout.\n"); + NDPI_LOG_INFO(ndpi_struct, "found Hangout\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_HANGOUT, NDPI_PROTOCOL_UNKNOWN); return; } } - NDPI_LOG(NDPI_PROTOCOL_HANGOUT, ndpi_struct, NDPI_LOG_DEBUG, "No Hangout.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_HANGOUT); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } /* ***************************************************************** */ diff --git a/src/lib/protocols/hep.c b/src/lib/protocols/hep.c index 516e430e7..1c7617c88 100644 --- a/src/lib/protocols/hep.c +++ b/src/lib/protocols/hep.c @@ -24,9 +24,15 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" + #ifdef NDPI_PROTOCOL_HEP +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_HEP + +#include "ndpi_api.h" + + static void ndpi_int_hep_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -39,17 +45,16 @@ void ndpi_search_hep(struct ndpi_detection_module_struct *ndpi_struct, struct nd const u_int8_t *packet_payload = packet->payload; u_int32_t payload_len = packet->payload_packet_len; - NDPI_LOG(NDPI_PROTOCOL_HEP, ndpi_struct, NDPI_LOG_DEBUG, "searching for HEP.\n"); + NDPI_LOG_DBG(ndpi_struct, "searching HEP\n"); if (payload_len > 10) { if (memcmp(packet_payload, "HEP3", 4) == 0) { - NDPI_LOG(NDPI_PROTOCOL_HEP, ndpi_struct, NDPI_LOG_DEBUG, "found HEP3.\n"); + NDPI_LOG_INFO(ndpi_struct, "found HEP3\n"); ndpi_int_hep_add_connection(ndpi_struct, flow); return; } } - NDPI_LOG(NDPI_PROTOCOL_HEP, ndpi_struct, NDPI_LOG_DEBUG, "exclude HEP.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_HEP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index c57c73aac..1d12ea2e9 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -20,10 +20,15 @@ * along with nDPI. If not, see . * */ -#include "ndpi_protocols.h" + +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_HTTP +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_HTTP + +#include "ndpi_api.h" + /* global variables used for 1kxun protocol and iqiyi service */ @@ -63,7 +68,7 @@ static void flash_check_http_payload(struct ndpi_detection_module_struct if(memcmp(pos, "FLV", 3) == 0 && pos[3] == 0x01 && (pos[4] == 0x01 || pos[4] == 0x04 || pos[4] == 0x05) && pos[5] == 0x00 && pos[6] == 0x00 && pos[7] == 0x00 && pos[8] == 0x09) { - NDPI_LOG(NDPI_CONTENT_FLASH, ndpi_struct, NDPI_LOG_DEBUG, "Flash content in HTTP detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found Flash content in HTTP\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_CONTENT_FLASH); } } @@ -75,7 +80,7 @@ static void avi_check_http_payload(struct ndpi_detection_module_struct *ndpi_str struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_CONTENT_AVI, ndpi_struct, NDPI_LOG_DEBUG, "called avi_check_http_payload: %u %u %u\n", + NDPI_LOG_DBG2(ndpi_struct, "called avi_check_http_payload: %u %u %u\n", packet->empty_line_position_set, flow->l4.tcp.http_empty_line_seen, packet->empty_line_position); if(packet->empty_line_position_set == 0 && flow->l4.tcp.http_empty_line_seen == 0) @@ -90,7 +95,7 @@ static void avi_check_http_payload(struct ndpi_detection_module_struct *ndpi_str if(flow->l4.tcp.http_empty_line_seen == 1) { if(packet->payload_packet_len > 20 && memcmp(packet->payload, "RIFF", 4) == 0 && memcmp(packet->payload + 8, "AVI LIST", 8) == 0) { - NDPI_LOG(NDPI_CONTENT_AVI, ndpi_struct, NDPI_LOG_DEBUG, "Avi content in HTTP detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found Avi content in HTTP\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_CONTENT_AVI); } flow->l4.tcp.http_empty_line_seen = 0; @@ -105,11 +110,11 @@ static void avi_check_http_payload(struct ndpi_detection_module_struct *ndpi_str u_int32_t p = packet->empty_line_position + 2; // check for avi header - NDPI_LOG(NDPI_CONTENT_AVI, ndpi_struct, NDPI_LOG_DEBUG, "p = %u\n", p); + NDPI_LOG_DBG2(ndpi_struct, "p = %u\n", p); if((p + 16) <= packet->payload_packet_len && memcmp(&packet->payload[p], "RIFF", 4) == 0 && memcmp(&packet->payload[p + 8], "AVI LIST", 8) == 0) { - NDPI_LOG(NDPI_CONTENT_AVI, ndpi_struct, NDPI_LOG_DEBUG, "Avi content in HTTP detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found Avi content in HTTP\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_CONTENT_AVI); } } @@ -122,7 +127,7 @@ static void teamviewer_check_http_payload(struct ndpi_detection_module_struct *n struct ndpi_packet_struct *packet = &flow->packet; const u_int8_t *pos; - NDPI_LOG(NDPI_PROTOCOL_TEAMVIEWER, ndpi_struct, NDPI_LOG_DEBUG, "called teamviewer_check_http_payload: %u %u %u\n", + NDPI_LOG_DBG2(ndpi_struct, "called teamviewer_check_http_payload: %u %u %u\n", packet->empty_line_position_set, flow->l4.tcp.http_empty_line_seen, packet->empty_line_position); if(packet->empty_line_position_set == 0 || (packet->empty_line_position + 5) > (packet->payload_packet_len)) @@ -131,7 +136,7 @@ static void teamviewer_check_http_payload(struct ndpi_detection_module_struct *n pos = &packet->payload[packet->empty_line_position] + 2; if(pos[0] == 0x17 && pos[1] == 0x24) { - NDPI_LOG(NDPI_PROTOCOL_TEAMVIEWER, ndpi_struct, NDPI_LOG_DEBUG, "TeamViewer content in HTTP detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found TeamViewer content in HTTP\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_TEAMVIEWER); } } @@ -145,7 +150,7 @@ static void rtsp_parse_packet_acceptline(struct ndpi_detection_module_struct struct ndpi_packet_struct *packet = &flow->packet; if(packet->accept_line.len >= 28 && memcmp(packet->accept_line.ptr, "application/x-rtsp-tunnelled", 28) == 0) { - NDPI_LOG(NDPI_PROTOCOL_RTSP, ndpi_struct, NDPI_LOG_DEBUG, "RTSP accept line detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found RTSP accept line\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_RTSP); } } @@ -199,12 +204,12 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ #if defined(NDPI_PROTOCOL_1KXUN) || defined(NDPI_PROTOCOL_IQIYI) /* PPStream */ if(flow->l4.tcp.ppstream_stage > 0 && flow->iqiyi_counter == 0) { - NDPI_LOG(NDPI_PROTOCOL_PPSTREAM, ndpi_struct, NDPI_LOG_DEBUG, "PPStream found.\n"); + NDPI_LOG_INFO(ndpi_struct, "found PPStream\n"); /* ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_PPSTREAM); */ ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_HTTP); } else if(flow->iqiyi_counter > 0) { - NDPI_LOG(NDPI_PROTOCOL_IQIYI, ndpi_struct, NDPI_LOG_DEBUG, "iQiyi found.\n"); + NDPI_LOG_INFO(ndpi_struct, "found iQiyi\n"); /* ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_IQIYI); */ ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_HTTP); } @@ -213,7 +218,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ #if defined(NDPI_PROTOCOL_1KXUN) || defined(NDPI_PROTOCOL_IQIYI) /* 1KXUN */ if(flow->kxun_counter > 0) { - NDPI_LOG(NDPI_PROTOCOL_1KXUN, ndpi_struct, NDPI_LOG_DEBUG, "1kxun found.\n"); + NDPI_LOG_INFO(ndpi_struct, "found 1kxun\n"); /* ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_1KXUN); */ ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_HTTP); } @@ -330,12 +335,13 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ } } else if(memcmp(ua, "netflix-ios-app", 15) == 0) { + NDPI_LOG_INFO(ndpi_struct, "found netflix\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_NETFLIX); return; } } - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "User Agent Type line found %.*s\n", + NDPI_LOG_DBG2(ndpi_struct, "User Agent Type line found %.*s\n", packet->user_agent_line.len, packet->user_agent_line.ptr); } @@ -343,7 +349,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ if(packet->host_line.ptr != NULL) { u_int len; - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HOST line found %.*s\n", + NDPI_LOG_DBG2(ndpi_struct, "HOST line found %.*s\n", packet->host_line.len, packet->host_line.ptr); /* call ndpi_match_host_subprotocol to see if there is a match with known-host HTTP subprotocol */ @@ -395,6 +401,8 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ if(flow->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) { if(packet->detected_protocol_stack[0] != NDPI_PROTOCOL_HTTP) { + NDPI_LOG_INFO(ndpi_struct, "found HTTP/%s\n", + ndpi_get_proto_name(ndpi_struct, packet->detected_protocol_stack[0])); ndpi_int_http_add_connection(ndpi_struct, flow, packet->detected_protocol_stack[0]); return; /* We have identified a sub-protocol so we're done */ } @@ -409,7 +417,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ /* check for accept line */ if(packet->accept_line.ptr != NULL) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "Accept line found %.*s\n", + NDPI_LOG_DBG2(ndpi_struct, "Accept line found %.*s\n", packet->accept_line.len, packet->accept_line.ptr); #ifdef NDPI_PROTOCOL_RTSP if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(ndpi_struct->detection_bitmask, NDPI_PROTOCOL_RTSP) != 0) { @@ -422,7 +430,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ #ifdef NDPI_CONTENT_MPEG for (a = 0; a < packet->parsed_lines; a++) { if(packet->line[a].len > 11 && memcmp(packet->line[a].ptr, "Icy-MetaData", 12) == 0) { - NDPI_LOG(NDPI_CONTENT_MPEG, ndpi_struct, NDPI_LOG_DEBUG, "MPEG: Icy-MetaData found.\n"); + NDPI_LOG_INFO(ndpi_struct, "found MPEG: Icy-MetaData\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_CONTENT_MPEG); return; } @@ -432,7 +440,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ #endif if(packet->content_line.ptr != NULL && packet->content_line.len != 0) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "Content Type line found %.*s\n", + NDPI_LOG_DBG2(ndpi_struct, "Content Type line found %.*s\n", packet->content_line.len, packet->content_line.ptr); if((ndpi_struct->http_dont_dissect_response) || flow->http_detected) @@ -444,7 +452,7 @@ static void check_content_type_and_change_protocol(struct ndpi_detection_module_ static void check_http_payload(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "called check_http_payload.\n"); + NDPI_LOG_DBG2(ndpi_struct, "called check_http_payload\n"); #ifdef NDPI_CONTENT_FLASH if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(ndpi_struct->detection_bitmask, NDPI_CONTENT_FLASH) != 0) @@ -466,54 +474,55 @@ static void check_http_payload(struct ndpi_detection_module_struct *ndpi_struct, * @returnvalue 0 if no valid request has been found * @returnvalue >0 indicates start of filename but not necessarily in packet limit */ + +#define STATIC_STRING_L(a) {.str=a, .len=sizeof(a)-1 } + +static struct l_string { + const char *str; + size_t len; +} http_methods[] = { + STATIC_STRING_L("GET "), + STATIC_STRING_L("POST "), + STATIC_STRING_L("OPTIONS "), + STATIC_STRING_L("HEAD "), + STATIC_STRING_L("PUT "), + STATIC_STRING_L("DELETE "), + STATIC_STRING_L("CONNECT "), + STATIC_STRING_L("PROPFIND "), + STATIC_STRING_L("REPORT ") }; +static const char *http_fs = "CDGHOPR"; + +static inline uint8_t non_ctrl(uint8_t c) { + return c < 32 ? '.':c; +} + static u_int16_t http_request_url_offset(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; + int i; - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "====>>>> HTTP: %c%c%c%c [len: %u]\n", - packet->payload[0], packet->payload[1], packet->payload[2], packet->payload[3], + NDPI_LOG_DBG2(ndpi_struct, "====>>>> HTTP: %c%c%c%c [len: %u]\n", + non_ctrl(packet->payload[0]), non_ctrl(packet->payload[1]), + non_ctrl(packet->payload[2]), non_ctrl(packet->payload[3]), packet->payload_packet_len); + /* Check first char */ + if(!strchr(http_fs,packet->payload[0])) return 0; /** FIRST PAYLOAD PACKET FROM CLIENT **/ - - /* check if the packet starts with POST or GET */ - if(packet->payload_packet_len >= 4 && memcmp(packet->payload, "GET ", 4) == 0) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP: GET FOUND\n"); - return 4; - } else if(packet->payload_packet_len >= 5 && memcmp(packet->payload, "POST ", 5) == 0) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP: POST FOUND\n"); - return 5; - } else if(packet->payload_packet_len >= 8 && memcmp(packet->payload, "OPTIONS ", 8) == 0) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP: OPTIONS FOUND\n"); - return 8; - } else if(packet->payload_packet_len >= 5 && memcmp(packet->payload, "HEAD ", 5) == 0) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP: HEAD FOUND\n"); - return 5; - } else if(packet->payload_packet_len >= 4 && memcmp(packet->payload, "PUT ", 4) == 0) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP: PUT FOUND\n"); - return 4; - } else if(packet->payload_packet_len >= 7 && memcmp(packet->payload, "DELETE ", 7) == 0) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP: DELETE FOUND\n"); - return 7; - } else if(packet->payload_packet_len >= 8 && memcmp(packet->payload, "CONNECT ", 8) == 0) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP: CONNECT FOUND\n"); - return 8; - } else if(packet->payload_packet_len >= 9 && memcmp(packet->payload, "PROPFIND ", 9) == 0) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP: PROFIND FOUND\n"); - return 9; - } else if(packet->payload_packet_len >= 7 && memcmp(packet->payload, "REPORT ", 7) == 0) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP: REPORT FOUND\n"); - return 7; + for(i=0; i < sizeof(http_methods)/sizeof(http_methods[0]); i++) { + if(packet->payload_packet_len >= http_methods[i].len && + memcmp(packet->payload,http_methods[i].str,http_methods[i].len) == 0) { + NDPI_LOG_DBG2(ndpi_struct, "HTTP: %sFOUND\n",http_methods[i].str); + return http_methods[i].len; + } } - return 0; } -static void http_bitmask_exclude(struct ndpi_flow_struct *flow) +static void http_bitmask_exclude_other(struct ndpi_flow_struct *flow) { - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_HTTP); #ifdef NDPI_CONTENT_MPEG NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_CONTENT_MPEG); #endif @@ -554,18 +563,15 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct if(flow->l4.tcp.http_stage == 0) { /* Expected a request */ flow->http_detected = 0; - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP stage %d: \n", - flow->l4.tcp.http_stage); + NDPI_LOG_DBG2(ndpi_struct, "HTTP stage %d: \n", flow->l4.tcp.http_stage); filename_start = http_request_url_offset(ndpi_struct, flow); if(filename_start == 0) { /* not a regular request. In the HTTP first stage, may be a truncated flow or other protocols */ - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, - "Filename HTTP not found, we look for possible truncate flow...\n"); + NDPI_LOG_DBG2(ndpi_struct, "Filename HTTP not found, we look for possible truncate flow..\n"); if(packet->payload_packet_len >= 7 && memcmp(packet->payload, "HTTP/1.", 7) == 0) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, - "HTTP response found (truncated flow ?)\n"); + NDPI_LOG_INFO(ndpi_struct, "found HTTP response\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP); check_content_type_and_change_protocol(ndpi_struct, flow); return; @@ -589,18 +595,18 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct return; } - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "Exclude HTTP\n"); - http_bitmask_exclude(flow); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + http_bitmask_exclude_other(flow); return; } - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "Filename HTTP found: %d, we look for line info..\n", filename_start); ndpi_parse_packet_line_info(ndpi_struct, flow); if(packet->parsed_lines <= 1) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "Found just one line, we will look further for the next packet...\n"); packet->http_method.ptr = packet->line[0].ptr; @@ -611,7 +617,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct return; } - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "Found more than one line, we look further for the next packet...\n"); if(packet->line[0].len >= (9 + filename_start) @@ -643,6 +649,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct /* Check for additional field introduced by Steam */ int x = 1; if((memcmp(packet->line[x].ptr, "x-steam-sid", 11)) == 0) { + NDPI_LOG_INFO(ndpi_struct, "found STEAM\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_STEAM); check_content_type_and_change_protocol(ndpi_struct, flow); return; @@ -652,6 +659,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct x = 1; while(packet->line[x].len != 0) { if(packet->line[x].len >= 12 && (memcmp(packet->line[x].ptr, "X-FB-SIM-HNI", 12)) == 0) { + NDPI_LOG_INFO(ndpi_struct, "found FACEBOOK\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_FACEBOOK); check_content_type_and_change_protocol(ndpi_struct, flow); return; @@ -704,19 +712,19 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct if((packet->http_url_name.len > 7) && (!strncmp((const char*) packet->http_url_name.ptr, "http://", 7))) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP_PROXY Found.\n"); + NDPI_LOG_INFO(ndpi_struct, "found HTTP_PROXY\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP_PROXY); check_content_type_and_change_protocol(ndpi_struct, flow); } if(filename_start == 8 && (memcmp(packet->payload, "CONNECT ", 8) == 0)) { /* nathan@getoffmalawn.com */ - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP_CONNECT Found.\n"); + NDPI_LOG_INFO(ndpi_struct, "found HTTP_CONNECT\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP_CONNECT); check_content_type_and_change_protocol(ndpi_struct, flow); } - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "HTTP START Found, we will look for sub-protocols (content and host)...\n"); if(packet->host_line.ptr != NULL) { @@ -729,10 +737,11 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct if(ndpi_struct->http_dont_dissect_response) { if(flow->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) /* No subprotocol found */ + NDPI_LOG_INFO(ndpi_struct, "found HTTP\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP); } else { flow->http_detected = 1; - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "HTTP START Found, we will look further for the response...\n"); flow->l4.tcp.http_stage = packet->packet_direction + 1; // packet_direction 0: stage 1, packet_direction 1: stage 2 } @@ -742,13 +751,12 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct } } - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP: REQUEST NOT HTTP CONFORM\n"); - http_bitmask_exclude(flow); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + http_bitmask_exclude_other(flow); } else if((flow->l4.tcp.http_stage == 1) || (flow->l4.tcp.http_stage == 2)) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP stage %u: \n", - flow->l4.tcp.http_stage); + NDPI_LOG_DBG2(ndpi_struct, "HTTP stage %u: \n", flow->l4.tcp.http_stage); if(flow->l4.tcp.http_stage == 1) { @@ -769,7 +777,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct if(flow->http_detected) return; - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, " SECOND PAYLOAD TRAFFIC FROM CLIENT, FIRST PACKET MIGHT HAVE BEEN HTTP...UNKNOWN TRAFFIC, HERE FOR HTTP again.. \n"); ndpi_parse_packet_line_info(ndpi_struct, flow); @@ -780,14 +788,13 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct if(packet->parsed_lines <= 1) { /* wait some packets in case request is split over more than 2 packets */ if(flow->packet_counter < 5) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, - "line still not finished, search next packet\n"); + NDPI_LOG_DBG2(ndpi_struct, "line still not finished, search next packet\n"); return; } else { /* stop parsing here */ - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, - "HTTP: PACKET DOES NOT HAVE A LINE STRUCTURE\n"); - http_bitmask_exclude(flow); + NDPI_LOG_DBG2(ndpi_struct, "exclude HTTP: PACKET DOES NOT HAVE A LINE STRUCTURE\n"); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + http_bitmask_exclude_other(flow); return; } } @@ -795,11 +802,11 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct if(packet->line[0].len >= 9 && memcmp(&packet->line[0].ptr[packet->line[0].len - 9], " HTTP/1.", 8) == 0) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "Found HTTP.\n"); + NDPI_LOG_INFO(ndpi_struct, "found HTTP\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP); check_content_type_and_change_protocol(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "HTTP START Found in 2. packet, we will look further for the response....\n"); flow->http_detected = 1; } @@ -817,15 +824,17 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct */ if((packet->parsed_lines == 1) && (packet->packet_direction == 1 /* server -> client */)) { /* In Apache if you do "GET /\n\n" the response comes without any header */ - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "Found HTTP. (apache)\n"); + NDPI_LOG_INFO(ndpi_struct, "found HTTP. (apache)\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP); check_content_type_and_change_protocol(ndpi_struct, flow); return; } /* If we already detected the HTTP request, we can add the connection and then check for the sub-protocol */ - if(flow->http_detected) + if(flow->http_detected) { + NDPI_LOG_INFO(ndpi_struct, "found HTTP\n"); ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_HTTP); + } /* Parse packet line and we look for the subprotocols */ ndpi_parse_packet_line_info(ndpi_struct, flow); @@ -836,7 +845,7 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct } if(packet->empty_line_position_set != 0 || flow->l4.tcp.http_empty_line_seen == 1) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "empty line. check_http_payload.\n"); + NDPI_LOG_DBG2(ndpi_struct, "empty line. check_http_payload\n"); check_http_payload(ndpi_struct, flow); } @@ -852,8 +861,8 @@ void ndpi_search_http_tcp(struct ndpi_detection_module_struct *ndpi_struct, /* Break after 20 packets. */ if(flow->packet_counter > 20) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "Exclude HTTP.\n"); - http_bitmask_exclude(flow); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + http_bitmask_exclude_other(flow); return; } @@ -861,7 +870,7 @@ void ndpi_search_http_tcp(struct ndpi_detection_module_struct *ndpi_struct, return; } - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search HTTP\n"); ndpi_check_http_tcp(ndpi_struct, flow); } diff --git a/src/lib/protocols/http_activesync.c b/src/lib/protocols/http_activesync.c index 8f17af8d6..55451f6bf 100644 --- a/src/lib/protocols/http_activesync.c +++ b/src/lib/protocols/http_activesync.c @@ -24,8 +24,14 @@ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" + #ifdef NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC + +#include "ndpi_api.h" + static void ndpi_int_activesync_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC, NDPI_PROTOCOL_HTTP); @@ -35,20 +41,19 @@ void ndpi_search_activesync(struct ndpi_detection_module_struct *ndpi_struct, st { struct ndpi_packet_struct *packet = &flow->packet; + NDPI_LOG_DBG(ndpi_struct, "search activesync\n"); if (packet->tcp != NULL) { if (packet->payload_packet_len > 150 && ((memcmp(packet->payload, "OPTIONS /Microsoft-Server-ActiveSync?", 37) == 0) || (memcmp(packet->payload, "POST /Microsoft-Server-ActiveSync?", 34) == 0))) { ndpi_int_activesync_add_connection(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC, ndpi_struct, NDPI_LOG_DEBUG, - " flow marked as ActiveSync \n"); + NDPI_LOG_INFO(ndpi_struct, "found ActiveSync \n"); return; } } - NDPI_LOG(NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC, ndpi_struct, NDPI_LOG_DEBUG, "exclude activesync\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_HTTP_APPLICATION_ACTIVESYNC); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/iax.c b/src/lib/protocols/iax.c index 84e039c2b..7f6e960f1 100644 --- a/src/lib/protocols/iax.c +++ b/src/lib/protocols/iax.c @@ -23,10 +23,15 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_IAX +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_IAX + +#include "ndpi_api.h" + + #define NDPI_IAX_MAX_INFORMATION_ELEMENTS 15 static void ndpi_int_iax_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -58,7 +63,7 @@ static void ndpi_search_setup_iax(struct ndpi_detection_module_struct *ndpi_stru && packet->payload[11] <= 15) { if (packet->payload_packet_len == 12) { - NDPI_LOG(NDPI_PROTOCOL_IAX, ndpi_struct, NDPI_LOG_DEBUG, "found IAX.\n"); + NDPI_LOG_INFO(ndpi_struct, "found IAX\n"); ndpi_int_iax_add_connection(ndpi_struct, flow); return; } @@ -66,7 +71,7 @@ static void ndpi_search_setup_iax(struct ndpi_detection_module_struct *ndpi_stru for (i = 0; i < NDPI_IAX_MAX_INFORMATION_ELEMENTS; i++) { packet_len = packet_len + 2 + packet->payload[packet_len + 1]; if (packet_len == packet->payload_packet_len) { - NDPI_LOG(NDPI_PROTOCOL_IAX, ndpi_struct, NDPI_LOG_DEBUG, "found IAX.\n"); + NDPI_LOG_INFO(ndpi_struct, "found IAX\n"); ndpi_int_iax_add_connection(ndpi_struct, flow); return; } @@ -77,16 +82,13 @@ static void ndpi_search_setup_iax(struct ndpi_detection_module_struct *ndpi_stru } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_IAX); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } void ndpi_search_iax(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_flow_struct *flow=ndpi_struct->flow; - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; if(packet->udp && (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN)) diff --git a/src/lib/protocols/icecast.c b/src/lib/protocols/icecast.c index 3e89cc043..23aca33e9 100644 --- a/src/lib/protocols/icecast.c +++ b/src/lib/protocols/icecast.c @@ -22,11 +22,14 @@ * */ - -#include "ndpi_api.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_ICECAST +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_ICECAST + +#include "ndpi_api.h" + static void ndpi_int_icecast_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ICECAST, NDPI_PROTOCOL_UNKNOWN); @@ -37,17 +40,17 @@ void ndpi_search_icecast_tcp(struct ndpi_detection_module_struct *ndpi_struct, s struct ndpi_packet_struct *packet = &flow->packet; u_int8_t i; - NDPI_LOG(NDPI_PROTOCOL_ICECAST, ndpi_struct, NDPI_LOG_DEBUG, "search icecast.\n"); + NDPI_LOG_DBG(ndpi_struct, "search icecast\n"); if ((packet->payload_packet_len < 500 && packet->payload_packet_len >= 7 && memcmp(packet->payload, "SOURCE ", 7) == 0) || flow->l4.tcp.icecast_stage) { ndpi_parse_packet_line_info_any(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_ICECAST, ndpi_struct, NDPI_LOG_DEBUG, "Icecast lines=%d\n", packet->parsed_lines); + NDPI_LOG_DBG2(ndpi_struct, "Icecast lines=%d\n", packet->parsed_lines); for (i = 0; i < packet->parsed_lines; i++) { if (packet->line[i].ptr != NULL && packet->line[i].len > 4 && memcmp(packet->line[i].ptr, "ice-", 4) == 0) { - NDPI_LOG(NDPI_PROTOCOL_ICECAST, ndpi_struct, NDPI_LOG_DEBUG, "Icecast detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found Icecast\n"); ndpi_int_icecast_add_connection(ndpi_struct, flow); return; } @@ -75,18 +78,17 @@ void ndpi_search_icecast_tcp(struct ndpi_detection_module_struct *ndpi_struct, s if (packet->server_line.ptr != NULL && packet->server_line.len > NDPI_STATICSTRING_LEN("Icecast") && memcmp(packet->server_line.ptr, "Icecast", NDPI_STATICSTRING_LEN("Icecast")) == 0) { - NDPI_LOG(NDPI_PROTOCOL_ICECAST, ndpi_struct, NDPI_LOG_DEBUG, "Icecast detected.\n"); /* TODO maybe store the previous protocol type as subtype? * e.g. ogg or mpeg */ + NDPI_LOG_INFO(ndpi_struct, "found Icecast\n"); ndpi_int_icecast_add_connection(ndpi_struct, flow); return; } } icecast_exclude: - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_ICECAST); - NDPI_LOG(NDPI_PROTOCOL_ICECAST, ndpi_struct, NDPI_LOG_DEBUG, "Icecast excluded.\n"); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/ipp.c b/src/lib/protocols/ipp.c index 2135f297f..fcf25a758 100644 --- a/src/lib/protocols/ipp.c +++ b/src/lib/protocols/ipp.c @@ -22,11 +22,15 @@ * */ - -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_IPP +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_IPP + +#include "ndpi_api.h" + + static void ndpi_int_ipp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow/* , ndpi_protocol_type_t protocol_type */) { @@ -36,22 +40,20 @@ static void ndpi_int_ipp_add_connection(struct ndpi_detection_module_struct *ndp void ndpi_search_ipp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; -// struct ndpi_id_struct *src=ndpi_struct->src; -// struct ndpi_id_struct *dst=ndpi_struct->dst; - u_int8_t i; - NDPI_LOG(NDPI_PROTOCOL_IPP, ndpi_struct, NDPI_LOG_DEBUG, "search ipp\n"); + NDPI_LOG_DBG(ndpi_struct, "search ipp\n"); + if (packet->payload_packet_len > 20) { - NDPI_LOG(NDPI_PROTOCOL_IPP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "searching for a payload with a pattern like 'number(1to8)blanknumber(1to3)ipp://.\n"); /* this pattern means that there is a printer saying that his state is idle, * means that he is not printing anything at the moment */ i = 0; if (packet->payload[i] < '0' || packet->payload[i] > '9') { - NDPI_LOG(NDPI_PROTOCOL_IPP, ndpi_struct, NDPI_LOG_DEBUG, "payload does not begin with a number.\n"); + NDPI_LOG_DBG2(ndpi_struct, "payload does not begin with a number\n"); goto search_for_next_pattern; } @@ -60,37 +62,37 @@ void ndpi_search_ipp(struct ndpi_detection_module_struct *ndpi_struct, struct nd if (!((packet->payload[i] >= '0' && packet->payload[i] <= '9') || (packet->payload[i] >= 'a' && packet->payload[i] <= 'f') || (packet->payload[i] >= 'A' && packet->payload[i] <= 'F')) || i > 8) { - NDPI_LOG(NDPI_PROTOCOL_IPP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "read symbols while the symbol is a number.\n"); break; } } if (packet->payload[i++] != ' ') { - NDPI_LOG(NDPI_PROTOCOL_IPP, ndpi_struct, NDPI_LOG_DEBUG, "there is no blank following the number.\n"); + NDPI_LOG_DBG2(ndpi_struct, "there is no blank following the number\n"); goto search_for_next_pattern; } if (packet->payload[i] < '0' || packet->payload[i] > '9') { - NDPI_LOG(NDPI_PROTOCOL_IPP, ndpi_struct, NDPI_LOG_DEBUG, "no number following the blank.\n"); + NDPI_LOG_DBG2(ndpi_struct, "no number following the blank\n"); goto search_for_next_pattern; } for (;;) { i++; if (packet->payload[i] < '0' || packet->payload[i] > '9' || i > 12) { - NDPI_LOG(NDPI_PROTOCOL_IPP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "read symbols while the symbol is a number.\n"); break; } } if (memcmp(&packet->payload[i], " ipp://", 7) != 0) { - NDPI_LOG(NDPI_PROTOCOL_IPP, ndpi_struct, NDPI_LOG_DEBUG, "the string ' ipp://' does not follow.\n"); + NDPI_LOG_DBG2(ndpi_struct, "the string ' ipp://' does not follow\n"); goto search_for_next_pattern; } - NDPI_LOG(NDPI_PROTOCOL_IPP, ndpi_struct, NDPI_LOG_DEBUG, "found ipp\n"); + NDPI_LOG_INFO(ndpi_struct, "found ipp\n"); ndpi_int_ipp_add_connection(ndpi_struct, flow); return; } @@ -101,13 +103,12 @@ void ndpi_search_ipp(struct ndpi_detection_module_struct *ndpi_struct, struct nd ndpi_parse_packet_line_info(ndpi_struct, flow); if (packet->content_line.ptr != NULL && packet->content_line.len > 14 && memcmp(packet->content_line.ptr, "application/ipp", 15) == 0) { - NDPI_LOG(NDPI_PROTOCOL_IPP, ndpi_struct, NDPI_LOG_DEBUG, "found ipp via POST ... application/ipp.\n"); + NDPI_LOG_INFO(ndpi_struct, "found ipp via POST ... application/ipp\n"); ndpi_int_ipp_add_connection(ndpi_struct, flow); return; } } - NDPI_LOG(NDPI_PROTOCOL_IPP, ndpi_struct, NDPI_LOG_DEBUG, "no ipp detected.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_IPP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/irc.c b/src/lib/protocols/irc.c index b2b73ac5f..2cadf0a32 100644 --- a/src/lib/protocols/irc.c +++ b/src/lib/protocols/irc.c @@ -23,9 +23,14 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_IRC + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_IRC + +#include "ndpi_api.h" + #define NDPI_IRC_FIND_LESS(time_err,less) {int t1 = 0; \ u_int32_t timestamp = time_err[0]; \ for(t1=0;t1 < NDPI_PROTOCOL_IRC_MAXPORT;t1++) { \ @@ -65,7 +70,7 @@ static u_int8_t ndpi_check_for_NOTICE_or_PRIVMSG(struct ndpi_detection_module_st for (i = 0; i < packet->payload_packet_len - 7; i++) { if (packet->payload[i] == 'N' || packet->payload[i] == 'P') { if (memcmp(&packet->payload[i + 1], "OTICE ", 6) == 0 || memcmp(&packet->payload[i + 1], "RIVMSG ", 7) == 0) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_DEBUG, "found NOTICE or PRIVMSG\n"); + NDPI_LOG_DBG2(ndpi_struct, "found NOTICE or PRIVMSG\n"); return 1; } } @@ -94,7 +99,7 @@ static u_int8_t ndpi_check_for_Nickname(struct ndpi_detection_module_struct *ndp if ((((packetl - (i + 1)) >= 4) && memcmp(&packet->payload[i + 1], "ick=", 4) == 0) || (((packetl - (i + 1)) >= 8) && (memcmp(&packet->payload[i + 1], "ickname=", 8) == 0)) || (((packetl - (i + 1)) >= 8) && (memcmp(&packet->payload[i + 1], "ickName=", 8) == 0))) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_DEBUG, "found HTTP IRC Nickname pattern\n"); + NDPI_LOG_DBG2(ndpi_struct, "found HTTP IRC Nickname pattern\n"); return 1; } } @@ -114,7 +119,7 @@ static u_int8_t ndpi_check_for_cmd(struct ndpi_detection_module_struct *ndpi_str for (i = 0; i < packet->payload_packet_len - 4; i++) { if (packet->payload[i] == 'c') { if (memcmp(&packet->payload[i + 1], "md=", 3) == 0) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_DEBUG, "found HTTP IRC cmd pattern \n"); + NDPI_LOG_DBG2(ndpi_struct, "found HTTP IRC cmd pattern \n"); return 1; } } @@ -147,8 +152,7 @@ u_int8_t ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast(struct ndpi_det struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_DEBUG, - "called ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast\n"); + NDPI_LOG_DBG(ndpi_struct, "start fast detect\n"); /* case 1: len 1460, len 1460, len 1176 several times in one direction, than len = 4, 4096, 8192 in the other direction */ if (packet->payload_packet_len == 1460 @@ -174,7 +178,7 @@ u_int8_t ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast(struct ndpi_det && flow->l4.tcp.irc_direction == 2 - packet->packet_direction && (ntohs(get_u_int16_t(packet->payload, 2)) == 0x1000 || ntohs(get_u_int16_t(packet->payload, 2)) == 0x2000)) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, "IRC SSL detected: ->1460,1460,1176,<-4096||8192"); + NDPI_LOG_INFO(ndpi_struct, "found IRC SSL: ->1460,1460,1176,<-4096||8192"); ndpi_int_irc_add_connection(ndpi_struct, flow); return 1; } @@ -185,27 +189,27 @@ u_int8_t ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast(struct ndpi_det 1 + packet->packet_direction))) { flow->l4.tcp.irc_stage2 = 4; flow->l4.tcp.irc_direction = 1 + packet->packet_direction; - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_DEBUG, "len = 1448 first\n"); + NDPI_LOG_DBG2(ndpi_struct, "len = 1448 first\n"); return 1; } if (packet->payload_packet_len == 1448 && flow->l4.tcp.irc_stage2 == 4 && flow->l4.tcp.irc_direction == 1 + packet->packet_direction) { flow->l4.tcp.irc_stage2 = 5; - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_DEBUG, "len = 1448 second \n"); + NDPI_LOG_DBG2(ndpi_struct, "len = 1448 second \n"); return 1; } if (packet->payload_packet_len == 1200 && flow->l4.tcp.irc_stage2 == 5 && flow->l4.tcp.irc_direction == 1 + packet->packet_direction) { flow->l4.tcp.irc_stage2 = 6; flow->l4.tcp.irc_0x1000_full = 1; - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_DEBUG, "len = 1200 \n"); + NDPI_LOG_DBG2(ndpi_struct, "len = 1200 \n"); return 1; } if (packet->payload_packet_len == 4 && (flow->l4.tcp.irc_stage2 == 6 || flow->l4.tcp.irc_0x1000_full == 1) && flow->l4.tcp.irc_direction == 2 - packet->packet_direction && (ntohs(get_u_int16_t(packet->payload, 2)) == 0x1000 || ntohs(get_u_int16_t(packet->payload, 2)) == 0x2000)) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, "IRC SSL detected: ->1448,1448,1200,<-4096||8192"); + NDPI_LOG_INFO(ndpi_struct, "found IRC SSL: ->1448,1448,1200,<-4096||8192"); ndpi_int_irc_add_connection(ndpi_struct, flow); return 1; } @@ -222,7 +226,7 @@ u_int8_t ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast(struct ndpi_det && flow->l4.tcp.irc_direction == 2 - packet->packet_direction && (ntohs(get_u_int16_t(packet->payload, 2)) == 1380 || ntohs(get_u_int16_t(packet->payload, 2)) == 2760)) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, "IRC SSL detected: ->1380,<-1380||2760"); + NDPI_LOG_INFO(ndpi_struct, "found IRC SSL: ->1380,<-1380||2760"); ndpi_int_irc_add_connection(ndpi_struct, flow); return 1; } @@ -237,7 +241,7 @@ u_int8_t ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast(struct ndpi_det && flow->l4.tcp.irc_direction == 2 - packet->packet_direction && (ntohs(get_u_int16_t(packet->payload, 2)) == 1200 || ntohs(get_u_int16_t(packet->payload, 2)) == 2400)) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, "IRC SSL detected: ->1200,<-1200||2400"); + NDPI_LOG_INFO(ndpi_struct, "found IRC SSL: ->1200,<-1200||2400"); ndpi_int_irc_add_connection(ndpi_struct, flow); return 1; } @@ -252,7 +256,7 @@ u_int8_t ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast(struct ndpi_det && flow->l4.tcp.irc_direction == 2 - packet->packet_direction && (ntohs(get_u_int16_t(packet->payload, 2)) == 1024 || ntohs(get_u_int16_t(packet->payload, 2)) == 2048)) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, "IRC SSL detected: ->1024,<-1024||2048"); + NDPI_LOG_INFO(ndpi_struct, "found IRC SSL: ->1024,<-1024||2048"); ndpi_int_irc_add_connection(ndpi_struct, flow); return 1; } @@ -267,7 +271,7 @@ u_int8_t ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast(struct ndpi_det && flow->l4.tcp.irc_direction == 2 - packet->packet_direction && (ntohs(get_u_int16_t(packet->payload, 2)) == 1248 || ntohs(get_u_int16_t(packet->payload, 2)) == 2496)) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, "IRC SSL detected: ->1248,<-1248||2496"); + NDPI_LOG_INFO(ndpi_struct, "found IRC SSL: ->1248,<-1248||2496"); ndpi_int_irc_add_connection(ndpi_struct, flow); return 1; } @@ -282,7 +286,7 @@ u_int8_t ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast(struct ndpi_det && flow->l4.tcp.irc_direction == 2 - packet->packet_direction && (ntohs(get_u_int16_t(packet->payload, 2)) == 1448 || ntohs(get_u_int16_t(packet->payload, 2)) == 2896)) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, "IRC SSL detected: ->1448,<-1448||2896"); + NDPI_LOG_INFO(ndpi_struct, "found IRC SSL: ->1448,<-1448||2896"); ndpi_int_irc_add_connection(ndpi_struct, flow); return 1; } @@ -305,8 +309,7 @@ u_int8_t ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast(struct ndpi_det if (packet->payload_packet_len == 4 && flow->l4.tcp.irc_stage2 == 14 && flow->l4.tcp.irc_direction == 2 - packet->packet_direction && ntohs(get_u_int16_t(packet->payload, 2)) == 8192) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, - "IRC SSL detected: ->1448,1448,1448,1448,1448,952,<-8192"); + NDPI_LOG_INFO(ndpi_struct, "found IRC SSL: ->1448,1448,1448,1448,1448,952,<-8192"); ndpi_int_irc_add_connection(ndpi_struct, flow); return 1; } @@ -339,8 +342,7 @@ u_int8_t ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast(struct ndpi_det if (packet->payload_packet_len == 4 && flow->l4.tcp.irc_stage2 == 19 && flow->l4.tcp.irc_direction == 2 - packet->packet_direction && ntohs(get_u_int16_t(packet->payload, 2)) == 7168) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, - "IRC SSL detected: ->1024,1448,1448,1200,1448,600,<-7168"); + NDPI_LOG_INFO(ndpi_struct, "found IRC SSL: ->1024,1448,1448,1200,1448,600,<-7168"); ndpi_int_irc_add_connection(ndpi_struct, flow); return 1; } @@ -353,7 +355,7 @@ u_int8_t ndpi_search_irc_ssl_detect_ninety_percent_but_very_fast(struct ndpi_det if (packet->payload_packet_len == 4 && flow->l4.tcp.irc_stage2 == 20 && flow->l4.tcp.irc_direction == 2 - packet->packet_direction && ntohs(get_u_int16_t(packet->payload, 2)) == 2404) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, "IRC SSL detected: ->1024,1380 <-2404"); + NDPI_LOG_INFO(ndpi_struct, "found IRC SSL: ->1024,1380 <-2404"); ndpi_int_irc_add_connection(ndpi_struct, flow); return 1; @@ -382,26 +384,26 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc u_int16_t http_content_ptr_len = 0; u_int8_t space = 0; - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_DEBUG, "irc : search irc\n"); + NDPI_LOG_DBG(ndpi_struct, "search irc\n"); if (flow->detected_protocol_stack[0] != NDPI_PROTOCOL_IRC && flow->packet_counter > 70) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_DEBUG, "exclude irc, packet_counter > 70\n"); + NDPI_LOG_DBG(ndpi_struct, "exclude irc, packet_counter > 70\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_IRC); return; } if (flow->detected_protocol_stack[0] != NDPI_PROTOCOL_IRC && flow->packet_counter > 30 && flow->l4.tcp.irc_stage2 == 0) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_DEBUG, "packet_counter > 30, exclude irc.\n"); + NDPI_LOG_DBG(ndpi_struct, "exclude irc, packet_counter > 30\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_IRC); return; } if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_IRC) { if (src != NULL && ((u_int32_t) (packet->tick_timestamp - src->irc_ts) < ndpi_struct->irc_timeout)) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_DEBUG, "irc : save src connection packet detected\n"); + NDPI_LOG_DBG2(ndpi_struct, "irc : save src connection packet detected\n"); src->irc_ts = packet->tick_timestamp; } else if (dst != NULL && ((u_int32_t) (packet->tick_timestamp - dst->irc_ts) < ndpi_struct->irc_timeout)) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_DEBUG, "irc : save dst connection packet detected\n"); + NDPI_LOG_DBG2(ndpi_struct, "irc : save dst connection packet detected\n"); dst->irc_ts = packet->tick_timestamp; } } @@ -423,8 +425,7 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc for (counter = 0; counter < dst->irc_number_of_port; counter++) { if (dst->irc_port[counter] == sport || dst->irc_port[counter] == dport) { dst->last_time_port_used[counter] = packet->tick_timestamp; - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, - "dest port matched with the DCC port and the flow is marked as IRC"); + NDPI_LOG_INFO(ndpi_struct, "found IRC: dest port matched with the DCC port"); ndpi_int_irc_add_connection(ndpi_struct, flow); return; } @@ -434,9 +435,8 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc for (counter = 0; counter < src->irc_number_of_port; counter++) { if (src->irc_port[counter] == sport || src->irc_port[counter] == dport) { src->last_time_port_used[counter] = packet->tick_timestamp; + NDPI_LOG_INFO(ndpi_struct, "found IRC: Source port matched with the DCC port"); ndpi_int_irc_add_connection(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, - "Source port matched with the DCC port and the flow is marked as IRC"); return; } } @@ -465,8 +465,8 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc || (memcmp(&packet->payload[c1], "irc.discostars.de1", 18) == 0) || (memcmp(&packet->payload[c1], "irc.rizon.net", 13) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, - "IRC SSL detected with :- irc.hackthissite.org0 | irc.gamepad.ca1 | dungeon.axenet.org0 " + NDPI_LOG_INFO(ndpi_struct, + "found IRC SSL: - irc.hackthissite.org0 | irc.gamepad.ca1 | dungeon.axenet.org0 " "| dazed.nuggethaus.net | irc.indymedia.org | irc.discostars.de1 "); ndpi_int_irc_add_connection(ndpi_struct, flow); break; @@ -496,14 +496,14 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc if (packet->line[i].ptr[0] == ':') { flow->l4.tcp.irc_3a_counter++; if (flow->l4.tcp.irc_3a_counter == 7) { /* ':' == 0x3a */ - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, "0x3a. seven times. found irc."); + NDPI_LOG_INFO(ndpi_struct, "found irc. 0x3a. seven times."); ndpi_int_irc_add_connection(ndpi_struct, flow); goto detected_irc; } } } if (flow->l4.tcp.irc_3a_counter == 7) { /* ':' == 0x3a */ - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, "0x3a. seven times. found irc."); + NDPI_LOG_INFO(ndpi_struct, "found irc. 0x3a. seven times."); ndpi_int_irc_add_connection(ndpi_struct, flow); goto detected_irc; } @@ -518,19 +518,19 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc || (memcmp(packet->payload, "NOTICE ", 7) == 0) || (memcmp(packet->payload, "PRIVMSG ", 8) == 0) || (memcmp(packet->payload, "VERSION ", 8) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, + NDPI_LOG_DBG2(ndpi_struct, "USER, NICK, PASS, NOTICE, PRIVMSG one time"); if (flow->l4.tcp.irc_stage == 2) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, "found irc"); + NDPI_LOG_INFO(ndpi_struct, "found irc"); ndpi_int_irc_add_connection(ndpi_struct, flow); flow->l4.tcp.irc_stage = 3; } if (flow->l4.tcp.irc_stage == 1) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, "second time, stage=2"); + NDPI_LOG_DBG2(ndpi_struct, "second time, stage=2"); flow->l4.tcp.irc_stage = 2; } if (flow->l4.tcp.irc_stage == 0) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, "first time, stage=1"); + NDPI_LOG_DBG2(ndpi_struct, "first time, stage=1"); flow->l4.tcp.irc_stage = 1; } /* irc packets can have either windows line breaks (0d0a) or unix line breaks (0a) */ @@ -538,13 +538,11 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc && packet->payload[packet->payload_packet_len - 1] == 0x0a) { ndpi_parse_packet_line_info(ndpi_struct, flow); if (packet->parsed_lines > 1) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, - "packet contains more than one line"); + NDPI_LOG_DBG2(ndpi_struct, "packet contains more than one line"); for (c = 1; c < packet->parsed_lines; c++) { if (packet->line[c].len > 4 && (memcmp(packet->line[c].ptr, "NICK ", 5) == 0 || memcmp(packet->line[c].ptr, "USER ", 5) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, - NDPI_LOG_TRACE, "two icq signal words in the same packet"); + NDPI_LOG_INFO(ndpi_struct, "found IRC: two icq signal words in the same packet"); ndpi_int_irc_add_connection(ndpi_struct, flow); flow->l4.tcp.irc_stage = 3; return; @@ -555,14 +553,12 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc } else if (packet->payload[packet->payload_packet_len - 1] == 0x0a) { ndpi_parse_packet_line_info_any(ndpi_struct, flow); if (packet->parsed_lines > 1) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, - "packet contains more than one line"); + NDPI_LOG_DBG2(ndpi_struct, "packet contains more than one line"); for (c = 1; c < packet->parsed_lines; c++) { if (packet->line[c].len > 4 && (memcmp(packet->line[c].ptr, "NICK ", 5) == 0 || memcmp(packet->line[c].ptr, "USER ", 5) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, - "two icq signal words in the same packet"); + NDPI_LOG_INFO(ndpi_struct, "found IRC: two icq signal words in the same packet"); ndpi_int_irc_add_connection(ndpi_struct, flow); flow->l4.tcp.irc_stage = 3; return; @@ -594,7 +590,7 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc && (ndpi_check_for_IRC_traces(packet->http_url_name.ptr, packet->http_url_name.len))) || ((packet->referer_line.ptr) && (ndpi_check_for_IRC_traces(packet->referer_line.ptr, packet->referer_line.len)))) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, + NDPI_LOG_DBG2(ndpi_struct, "IRC detected from the Http URL/ Referer header "); flow->l4.tcp.irc_stage = 1; // HTTP POST Request body is not in the same packet. @@ -613,22 +609,21 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc || (((packet->payload_packet_len - http_content_ptr_len) > 5) && (memcmp(packet->payload + http_content_ptr_len, "item=", 5) == 0) && (ndpi_check_for_cmd(ndpi_struct, flow) != 0))) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, "IRC Nickname, cmd, one time"); + NDPI_LOG_INFO(ndpi_struct, "found IRC: Nickname, cmd, one time"); ndpi_int_irc_add_connection(ndpi_struct, flow); return; } } detected_irc: - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_DEBUG, "detected_irc:"); + NDPI_LOG_DBG2(ndpi_struct, "detected_irc:"); if (flow->detected_protocol_stack[0] == NDPI_PROTOCOL_IRC) { /* maybe this can be deleted at the end */ if (packet->payload[packet->payload_packet_len - 2] != 0x0d && packet->payload[packet->payload_packet_len - 1] == 0x0a) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_DEBUG, - "ndpi_parse_packet_line_info_any(ndpi_struct, flow);"); + NDPI_LOG_DBG2(ndpi_struct, "ndpi_parse_packet_line_info_any(ndpi_struct, flow);"); ndpi_parse_packet_line_info_any(ndpi_struct, flow); } else if (packet->payload[packet->payload_packet_len - 2] == 0x0d) { ndpi_parse_packet_line_info(ndpi_struct, flow); @@ -637,27 +632,27 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc } for (i = 0; i < packet->parsed_lines; i++) { if (packet->line[i].len > 6 && memcmp(packet->line[i].ptr, "NOTICE ", 7) == 0) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_DEBUG, "NOTICE"); + NDPI_LOG_DBG2(ndpi_struct, "NOTICE"); for (j = 7; j < packet->line[i].len - 8; j++) { if (packet->line[i].ptr[j] == ':') { if (memcmp(&packet->line[i].ptr[j + 1], "DCC SEND ", 9) == 0 || memcmp(&packet->line[i].ptr[j + 1], "DCC CHAT ", 9) == 0) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, + NDPI_LOG_INFO(ndpi_struct, "found NOTICE and DCC CHAT or DCC SEND."); } } } } if (packet->payload_packet_len > 0 && packet->payload[0] == 0x3a /* 0x3a = ':' */ ) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_DEBUG, "3a"); + NDPI_LOG_DBG2(ndpi_struct, "3a"); for (j = 1; j < packet->line[i].len - 9; j++) { if (packet->line[i].ptr[j] == ' ') { j++; if (packet->line[i].ptr[j] == 'P') { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_DEBUG, "P"); + NDPI_LOG_DBG2(ndpi_struct, "P"); j++; if (memcmp(&packet->line[i].ptr[j], "RIVMSG ", 7) == 0) - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_DEBUG, "RIVMSG"); + NDPI_LOG_DBG2(ndpi_struct, "RIVMSG"); h = j + 7; goto read_privmsg; } @@ -665,25 +660,24 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc } } if (packet->line[i].len > 7 && (memcmp(packet->line[i].ptr, "PRIVMSG ", 8) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_DEBUG, "PRIVMSG "); + NDPI_LOG_DBG2(ndpi_struct, "PRIVMSG "); h = 7; read_privmsg: for (j = h; j < packet->line[i].len - 9; j++) { if (packet->line[i].ptr[j] == ':') { if (memcmp(&packet->line[i].ptr[j + 1], "xdcc ", 5) == 0) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, "xdcc should match."); + NDPI_LOG_DBG2(ndpi_struct, "xdcc should match."); } j += 2; if (memcmp(&packet->line[i].ptr[j], "DCC ", 4) == 0) { j += 4; - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, "found DCC."); + NDPI_LOG_DBG2(ndpi_struct, "found DCC."); if (memcmp(&packet->line[i].ptr[j], "SEND ", 5) == 0 || (memcmp(&packet->line[i].ptr[j], "CHAT", 4) == 0) || (memcmp(&packet->line[i].ptr[j], "chat", 4) == 0) || (memcmp(&packet->line[i].ptr[j], "sslchat", 7) == 0) || (memcmp(&packet->line[i].ptr[j], "TSEND", 5) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, - "found CHAT,chat,sslchat,TSEND."); + NDPI_LOG_DBG2(ndpi_struct, "found CHAT,chat,sslchat,TSEND."); j += 4; while (packet->line[i].len > j && @@ -696,35 +690,29 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc if (packet->line[i].ptr[j] == ' ') { space++; - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, "space %u.", space); + NDPI_LOG_DBG2(ndpi_struct, "space %u.", space); } if (space == 3) { j++; - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, "read port."); + NDPI_LOG_DBG2(ndpi_struct, "read port."); if (src != NULL) { k = j; port = ntohs_ndpi_bytestream_to_number (&packet->line[i].ptr[j], packet->payload_packet_len - j, &j); - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, "port %u.", + NDPI_LOG_DBG2(ndpi_struct, "port %u.", port); j = k; // hier jetzt überlegen, wie die ports abgespeichert werden sollen if (src->irc_number_of_port < NDPI_PROTOCOL_IRC_MAXPORT) - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, - "src->irc_number_of_port < NDPI_PROTOCOL_IRC_MAXPORT."); + NDPI_LOG_DBG2(ndpi_struct, "src->irc_number_of_port < NDPI_PROTOCOL_IRC_MAXPORT."); if (src->irc_number_of_port < NDPI_PROTOCOL_IRC_MAXPORT && port != 0) { if (!ndpi_is_duplicate(src, port)) { src->irc_port[src->irc_number_of_port] = port; src->irc_number_of_port++; - NDPI_LOG - (NDPI_PROTOCOL_IRC, - ndpi_struct, - NDPI_LOG_DEBUG, "found port=%d", + NDPI_LOG_DBG2(ndpi_struct, "found port=%d jjeeeeeeeeeeeeeeeeeeeeeeeee", ntohs(get_u_int16_t(src->irc_port, 0))); - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_DEBUG, - "jjeeeeeeeeeeeeeeeeeeeeeeeee"); } src->irc_ts = packet->tick_timestamp; } else if (port != 0 && src->irc_number_of_port == NDPI_PROTOCOL_IRC_MAXPORT) { @@ -732,11 +720,7 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc less = 0; NDPI_IRC_FIND_LESS(src->last_time_port_used, less); src->irc_port[less] = port; - NDPI_LOG - (NDPI_PROTOCOL_IRC, - ndpi_struct, - NDPI_LOG_DEBUG, "found port=%d", - ntohs(get_u_int16_t(src->irc_port, 0))); + NDPI_LOG_DBG2(ndpi_struct, "found port=%d", ntohs(get_u_int16_t(src->irc_port, 0))); } src->irc_ts = packet->tick_timestamp; } @@ -747,8 +731,7 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc if (dst != NULL) { port = ntohs_ndpi_bytestream_to_number (&packet->line[i].ptr[j], packet->payload_packet_len - j, &j); - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_TRACE, "port %u.", - port); + NDPI_LOG_DBG2(ndpi_struct, "port %u.", port); // hier das gleiche wie oben. /* hier werden NDPI_PROTOCOL_IRC_MAXPORT ports pro irc flows mitgespeichert. könnte man denn nicht ein- * fach an die dst oder src einen flag setzten, dass dieser port für eine bestimmte @@ -759,13 +742,8 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc dst->irc_port[dst->irc_number_of_port] = port; dst->irc_number_of_port++; - NDPI_LOG - (NDPI_PROTOCOL_IRC, - ndpi_struct, - NDPI_LOG_DEBUG, "found port=%d", - ntohs(get_u_int16_t(dst->irc_port, 0))); - NDPI_LOG(NDPI_PROTOCOL_IRC, ndpi_struct, NDPI_LOG_DEBUG, - "juuuuuuuuuuuuuuuu"); + NDPI_LOG_DBG2(ndpi_struct, "found port=%d", ntohs(get_u_int16_t(dst->irc_port, 0))); + NDPI_LOG_DBG2(ndpi_struct, "juuuuuuuuuuuuuuuu"); } dst->irc_ts = packet->tick_timestamp; } else if (port != 0 && dst->irc_number_of_port == NDPI_PROTOCOL_IRC_MAXPORT) { @@ -774,11 +752,7 @@ void ndpi_search_irc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc NDPI_IRC_FIND_LESS(dst->last_time_port_used, less); dst->irc_port[less] = port; - NDPI_LOG - (NDPI_PROTOCOL_IRC, - ndpi_struct, - NDPI_LOG_DEBUG, "found port=%d", - ntohs(get_u_int16_t(dst->irc_port, 0))); + NDPI_LOG_DBG2(ndpi_struct, "found port=%d", ntohs(get_u_int16_t(dst->irc_port, 0))); } dst->irc_ts = packet->tick_timestamp; } diff --git a/src/lib/protocols/jabber.c b/src/lib/protocols/jabber.c index d8be54adf..05950d8c5 100644 --- a/src/lib/protocols/jabber.c +++ b/src/lib/protocols/jabber.c @@ -22,10 +22,14 @@ * */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_UNENCRYPTED_JABBER + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_UNENCRYPTED_JABBER #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_UNENCRYPTED_JABBER struct jabber_string { char *string; u_int ndpi_protocol; @@ -70,51 +74,47 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st u_int16_t x; - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_TRACE, "JABBER detection....\n"); + NDPI_LOG_DBG(ndpi_struct, "search JABBER\n"); /* search for jabber file transfer */ /* this part is working asymmetrically */ if (packet->tcp != NULL && packet->tcp->syn != 0 && packet->payload_packet_len == 0) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "check jabber syn\n"); + NDPI_LOG_DBG2(ndpi_struct, "check jabber syn\n"); if (src != NULL && src->jabber_file_transfer_port[0] != 0) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, - "src jabber ft port set, ports are: %u, %u\n", ntohs(src->jabber_file_transfer_port[0]), - ntohs(src->jabber_file_transfer_port[1])); + NDPI_LOG_DBG2(ndpi_struct, "src jabber ft port set, ports are: %u, %u\n", + ntohs(src->jabber_file_transfer_port[0]), + ntohs(src->jabber_file_transfer_port[1])); if (((u_int32_t) (packet->tick_timestamp - src->jabber_stun_or_ft_ts)) >= ndpi_struct->jabber_file_transfer_timeout) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, - NDPI_LOG_DEBUG, "JABBER src stun timeout %u %u\n", src->jabber_stun_or_ft_ts, - packet->tick_timestamp); + NDPI_LOG_DBG2(ndpi_struct, "JABBER src stun timeout %u %u\n", + src->jabber_stun_or_ft_ts, packet->tick_timestamp); src->jabber_file_transfer_port[0] = 0; src->jabber_file_transfer_port[1] = 0; } else if (src->jabber_file_transfer_port[0] == packet->tcp->dest || src->jabber_file_transfer_port[0] == packet->tcp->source || src->jabber_file_transfer_port[1] == packet->tcp->dest || src->jabber_file_transfer_port[1] == packet->tcp->source) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, - "found jabber file transfer.\n"); + NDPI_LOG_INFO(ndpi_struct, "found jabber file transfer\n"); ndpi_int_jabber_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_UNENCRYPTED_JABBER); } } if (dst != NULL && dst->jabber_file_transfer_port[0] != 0) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, - "dst jabber ft port set, ports are: %u, %u\n", ntohs(dst->jabber_file_transfer_port[0]), - ntohs(dst->jabber_file_transfer_port[1])); + NDPI_LOG_DBG2(ndpi_struct, "dst jabber ft port set, ports are: %u, %u\n", + ntohs(dst->jabber_file_transfer_port[0]), + ntohs(dst->jabber_file_transfer_port[1])); if (((u_int32_t) (packet->tick_timestamp - dst->jabber_stun_or_ft_ts)) >= ndpi_struct->jabber_file_transfer_timeout) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, - NDPI_LOG_DEBUG, "JABBER dst stun timeout %u %u\n", dst->jabber_stun_or_ft_ts, - packet->tick_timestamp); + NDPI_LOG_DBG2(ndpi_struct, "JABBER dst stun timeout %u %u\n", + dst->jabber_stun_or_ft_ts, packet->tick_timestamp); dst->jabber_file_transfer_port[0] = 0; dst->jabber_file_transfer_port[1] = 0; } else if (dst->jabber_file_transfer_port[0] == packet->tcp->dest || dst->jabber_file_transfer_port[0] == packet->tcp->source || dst->jabber_file_transfer_port[1] == packet->tcp->dest || dst->jabber_file_transfer_port[1] == packet->tcp->source) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, - "found jabber file transfer.\n"); + NDPI_LOG_INFO(ndpi_struct, "found jabber file transfer\n"); ndpi_int_jabber_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_UNENCRYPTED_JABBER); @@ -135,17 +135,17 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st /* check for google jabber voip connections ... */ /* need big packet */ if (packet->payload_packet_len < 100) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "packet too small, return.\n"); + NDPI_LOG_DBG2(ndpi_struct, "packet too small, return\n"); return; } /* need message to or type for file-transfer */ if (memcmp(packet->payload, "payload, "payload_packet_len - 11; for (x = 10; x < lastlen; x++) { if (packet->payload[x] == 'p') { if (memcmp(&packet->payload[x], "port=", 5) == 0) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "port=\n"); + NDPI_LOG_DBG2(ndpi_struct, "port=\n"); if (src != NULL) { src->jabber_stun_or_ft_ts = packet->tick_timestamp; } @@ -155,30 +155,25 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st } x += 6; j_port = ntohs_ndpi_bytestream_to_number(&packet->payload[x], packet->payload_packet_len, &x); - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, - NDPI_LOG_DEBUG, "JABBER port : %u\n", ntohs(j_port)); + NDPI_LOG_DBG2(ndpi_struct, "JABBER port : %u\n", ntohs(j_port)); if (src != NULL) { if (src->jabber_file_transfer_port[0] == 0 || src->jabber_file_transfer_port[0] == j_port) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, - NDPI_LOG_DEBUG, "src->jabber_file_transfer_port[0] = j_port = %u;\n", + NDPI_LOG_DBG2(ndpi_struct, "src->jabber_file_transfer_port[0] = j_port = %u;\n", ntohs(j_port)); src->jabber_file_transfer_port[0] = j_port; } else { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, - NDPI_LOG_DEBUG, "src->jabber_file_transfer_port[1] = j_port = %u;\n", + NDPI_LOG_DBG2(ndpi_struct, "src->jabber_file_transfer_port[1] = j_port = %u;\n", ntohs(j_port)); src->jabber_file_transfer_port[1] = j_port; } } if (dst != NULL) { if (dst->jabber_file_transfer_port[0] == 0 || dst->jabber_file_transfer_port[0] == j_port) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, - NDPI_LOG_DEBUG, "dst->jabber_file_transfer_port[0] = j_port = %u;\n", + NDPI_LOG_DBG2(ndpi_struct, "dst->jabber_file_transfer_port[0] = j_port = %u;\n", ntohs(j_port)); dst->jabber_file_transfer_port[0] = j_port; } else { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, - NDPI_LOG_DEBUG, "dst->jabber_file_transfer_port[1] = j_port = %u;\n", + NDPI_LOG_DBG2(ndpi_struct, "dst->jabber_file_transfer_port[1] = j_port = %u;\n", ntohs(j_port)); dst->jabber_file_transfer_port[1] = j_port; } @@ -191,7 +186,7 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st } else if (memcmp(packet->payload, "payload, "payload, "payload_packet_len - 21; for (x = 8; x < lastlen; x++) { /* invalid character */ @@ -199,7 +194,7 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st return; } if (packet->payload[x] == '@') { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "JABBER @\n"); + NDPI_LOG_DBG2(ndpi_struct, "JABBER @\n"); break; } } @@ -211,7 +206,7 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st for (; x < lastlen; x++) { if (packet->payload[x] == 'p') { if (memcmp(&packet->payload[x], "port=", 5) == 0) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "port=\n"); + NDPI_LOG_DBG2(ndpi_struct, "port=\n"); if (src != NULL) { src->jabber_stun_or_ft_ts = packet->tick_timestamp; } @@ -222,8 +217,7 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st x += 6; j_port = ntohs_ndpi_bytestream_to_number(&packet->payload[x], packet->payload_packet_len, &x); - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, - NDPI_LOG_DEBUG, "JABBER port : %u\n", ntohs(j_port)); + NDPI_LOG_DBG2(ndpi_struct, "JABBER port : %u\n", ntohs(j_port)); if (src != NULL && src->jabber_voice_stun_used_ports < JABBER_MAX_STUN_PORTS - 1) { if (packet->payload[5] == 'o') { @@ -232,13 +226,12 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st } else { if (src->jabber_file_transfer_port[0] == 0 || src->jabber_file_transfer_port[0] == j_port) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, - "src->jabber_file_transfer_port[0] = j_port = %u;\n", ntohs(j_port)); + NDPI_LOG_DBG2(ndpi_struct, "src->jabber_file_transfer_port[0] = j_port = %u;\n", + ntohs(j_port)); src->jabber_file_transfer_port[0] = j_port; } else { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, - NDPI_LOG_DEBUG, "src->jabber_file_transfer_port[1] = j_port = %u;\n", - ntohs(j_port)); + NDPI_LOG_DBG2(ndpi_struct, "src->jabber_file_transfer_port[1] = j_port = %u;\n", + ntohs(j_port)); src->jabber_file_transfer_port[1] = j_port; } } @@ -251,13 +244,12 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st } else { if (dst->jabber_file_transfer_port[0] == 0 || dst->jabber_file_transfer_port[0] == j_port) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, - "dst->jabber_file_transfer_port[0] = j_port = %u;\n", ntohs(j_port)); + NDPI_LOG_DBG2(ndpi_struct, "dst->jabber_file_transfer_port[0] = j_port = %u;\n", + ntohs(j_port)); dst->jabber_file_transfer_port[0] = j_port; } else { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, - NDPI_LOG_DEBUG, "dst->jabber_file_transfer_port[1] = j_port = %u;\n", - ntohs(j_port)); + NDPI_LOG_DBG2(ndpi_struct, "dst->jabber_file_transfer_port[1] = j_port = %u;\n", + ntohs(j_port)); dst->jabber_file_transfer_port[1] = j_port; } } @@ -291,16 +283,14 @@ void ndpi_search_jabber_tcp(struct ndpi_detection_module_struct *ndpi_struct, st } if (flow->packet_counter < 3) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, - NDPI_LOG_DEBUG, "packet_counter: %u\n", flow->packet_counter); + NDPI_LOG_DBG2(ndpi_struct, "packet_counter: %u\n", flow->packet_counter); return; } - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_TRACE, "JABBER Excluded.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_UNENCRYPTED_JABBER); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); #ifdef NDPI_PROTOCOL_TRUPHONE - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_TRUPHONE); + ndpi_exclude_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TRUPHONE,__FILE__,__FUNCTION__,__LINE__); #endif } diff --git a/src/lib/protocols/kakaotalk_voice.c b/src/lib/protocols/kakaotalk_voice.c index fbdc8eac6..87c1ef061 100644 --- a/src/lib/protocols/kakaotalk_voice.c +++ b/src/lib/protocols/kakaotalk_voice.c @@ -24,13 +24,20 @@ http://www.kakao.com/services/talk/voices */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_KAKAOTALK_VOICE + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_KAKAOTALK_VOICE + #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_KAKAOTALK_VOICE void ndpi_search_kakaotalk_voice(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; + NDPI_LOG_DBG(ndpi_struct, "search kakaotalk_voice\n"); + if(packet->iph && packet->udp && (packet->payload_packet_len >= 4) @@ -48,14 +55,14 @@ void ndpi_search_kakaotalk_voice(struct ndpi_detection_module_struct *ndpi_struc if(((ntohl(packet->iph->saddr) & 0xFFFF0000 /* 255.255.0.0 */) == 0x01C90000 /* 1.201.0.0/16 */) || ((ntohl(packet->iph->daddr) & 0xFFFF0000 /* 255.255.0.0 */) == 0x01C90000 /* 1.201.0.0/16 */)) { + NDPI_LOG_INFO(ndpi_struct, "found kakaotalk_voice\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_KAKAOTALK_VOICE, NDPI_PROTOCOL_UNKNOWN); return; } } } - NDPI_LOG(NDPI_PROTOCOL_KAKAOTALK_VOICE, ndpi_struct, NDPI_LOG_DEBUG, "Exclude kakaotalk_voice.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_KAKAOTALK_VOICE); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/kerberos.c b/src/lib/protocols/kerberos.c index b86b58a20..71f4a8636 100644 --- a/src/lib/protocols/kerberos.c +++ b/src/lib/protocols/kerberos.c @@ -22,24 +22,28 @@ * */ - -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_KERBEROS +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_KERBEROS + +#include "ndpi_api.h" + + static void ndpi_int_kerberos_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_KERBEROS, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_DBG(ndpi_struct, "trace KERBEROS\n"); } void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; -// struct ndpi_id_struct *src=ndpi_struct->src; -// struct ndpi_id_struct *dst=ndpi_struct->dst; + struct ndpi_packet_struct *packet = &flow->packet; + NDPI_LOG_DBG(ndpi_struct, "search KERBEROS\n"); /* I have observed 0a,0c,0d,0e at packet->payload[19/21], maybe there are other possibilities */ if (packet->payload_packet_len >= 4 && ntohl(get_u_int32_t(packet->payload, 0)) == packet->payload_packet_len - 4) { @@ -47,7 +51,6 @@ void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struct, stru packet->payload[14] == 0x05 && (packet->payload[19] == 0x0a || packet->payload[19] == 0x0c || packet->payload[19] == 0x0d || packet->payload[19] == 0x0e)) { - NDPI_LOG(NDPI_PROTOCOL_KERBEROS, ndpi_struct, NDPI_LOG_DEBUG, "found KERBEROS\n"); ndpi_int_kerberos_add_connection(ndpi_struct, flow); return; @@ -56,18 +59,12 @@ void ndpi_search_kerberos(struct ndpi_detection_module_struct *ndpi_struct, stru packet->payload[16] == 0x05 && (packet->payload[21] == 0x0a || packet->payload[21] == 0x0c || packet->payload[21] == 0x0d || packet->payload[21] == 0x0e)) { - NDPI_LOG(NDPI_PROTOCOL_KERBEROS, ndpi_struct, NDPI_LOG_DEBUG, "found KERBEROS\n"); ndpi_int_kerberos_add_connection(ndpi_struct, flow); return; } - - - } - - NDPI_LOG(NDPI_PROTOCOL_KERBEROS, ndpi_struct, NDPI_LOG_DEBUG, "no KERBEROS detected.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_KERBEROS); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/kontiki.c b/src/lib/protocols/kontiki.c index 6bd55cdc5..425fd6b1b 100644 --- a/src/lib/protocols/kontiki.c +++ b/src/lib/protocols/kontiki.c @@ -23,44 +23,46 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_KONTIKI +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_KONTIKI + +#include "ndpi_api.h" + + static void ndpi_int_kontiki_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_KONTIKI, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found Kontiki UDP\n"); } void ndpi_search_kontiki(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; -// struct ndpi_id_struct *src=ndpi_struct->src; -// struct ndpi_id_struct *dst=ndpi_struct->dst; - + NDPI_LOG_DBG(ndpi_struct, "search Kontiki\n"); if (packet->payload_packet_len == 4 && (get_u_int32_t(packet->payload, 0) == htonl(0x02010100))) { - NDPI_LOG(NDPI_PROTOCOL_KONTIKI, ndpi_struct, NDPI_LOG_DEBUG, "Kontiki UDP detected.\n"); ndpi_int_kontiki_add_connection(ndpi_struct, flow); return; } + if (packet->payload_packet_len > 0 && packet->payload[0] == 0x02) { if (packet->payload_packet_len == 20 && (get_u_int32_t(packet->payload, 16) == htonl(0x02040100))) { - NDPI_LOG(NDPI_PROTOCOL_KONTIKI, ndpi_struct, NDPI_LOG_DEBUG, "Kontiki UDP detected.\n"); ndpi_int_kontiki_add_connection(ndpi_struct, flow); return; } if (packet->payload_packet_len == 16 && (get_u_int32_t(packet->payload, 12) == htonl(0x000004e4))) { - NDPI_LOG(NDPI_PROTOCOL_KONTIKI, ndpi_struct, NDPI_LOG_DEBUG, "Kontiki UDP detected.\n"); ndpi_int_kontiki_add_connection(ndpi_struct, flow); return; } } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_KONTIKI); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/ldap.c b/src/lib/protocols/ldap.c index fee99a92d..4adb7c471 100644 --- a/src/lib/protocols/ldap.c +++ b/src/lib/protocols/ldap.c @@ -22,11 +22,15 @@ * */ - -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_LDAP +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_LDAP + +#include "ndpi_api.h" + + static void ndpi_int_ldap_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -37,15 +41,7 @@ void ndpi_search_ldap(struct ndpi_detection_module_struct *ndpi_struct, struct n { struct ndpi_packet_struct *packet = &flow->packet; -// struct ndpi_id_struct *src=ndpi_struct->src; -// struct ndpi_id_struct *dst=ndpi_struct->dst; - -// u_int16_t dport; - - - - NDPI_LOG(NDPI_PROTOCOL_LDAP, ndpi_struct, NDPI_LOG_DEBUG, "search ldap\n"); - + NDPI_LOG_DBG(ndpi_struct, "search ldap\n"); if (packet->payload_packet_len >= 14 && packet->payload[0] == 0x30) { @@ -55,14 +51,14 @@ void ndpi_search_ldap(struct ndpi_detection_module_struct *ndpi_struct, struct n if (packet->payload[3] == 0x01 && (packet->payload[5] == 0x60 || packet->payload[5] == 0x61) && packet->payload[6] == 0x07) { - NDPI_LOG(NDPI_PROTOCOL_LDAP, ndpi_struct, NDPI_LOG_DEBUG, "found ldap simple type 1\n"); + NDPI_LOG_INFO(ndpi_struct, "found ldap simple type 1\n"); ndpi_int_ldap_add_connection(ndpi_struct, flow); return; } if (packet->payload[3] == 0x02 && (packet->payload[6] == 0x60 || packet->payload[6] == 0x61) && packet->payload[7] == 0x07) { - NDPI_LOG(NDPI_PROTOCOL_LDAP, ndpi_struct, NDPI_LOG_DEBUG, "found ldap simple type 2\n"); + NDPI_LOG_INFO(ndpi_struct, "found ldap simple type 2\n"); ndpi_int_ldap_add_connection(ndpi_struct, flow); return; } @@ -75,7 +71,7 @@ void ndpi_search_ldap(struct ndpi_detection_module_struct *ndpi_struct, struct n (packet->payload[9] == 0x60 || packet->payload[9] == 0x61 || packet->payload[9] == 0x63 || packet->payload[9] == 0x64) && packet->payload[10] == 0x84) { - NDPI_LOG(NDPI_PROTOCOL_LDAP, ndpi_struct, NDPI_LOG_DEBUG, "found ldap type 1\n"); + NDPI_LOG_INFO(ndpi_struct, "found ldap type 1\n"); ndpi_int_ldap_add_connection(ndpi_struct, flow); return; } @@ -84,7 +80,7 @@ void ndpi_search_ldap(struct ndpi_detection_module_struct *ndpi_struct, struct n (packet->payload[10] == 0x60 || packet->payload[10] == 0x61 || packet->payload[10] == 0x63 || packet->payload[10] == 0x64) && packet->payload[11] == 0x84) { - NDPI_LOG(NDPI_PROTOCOL_LDAP, ndpi_struct, NDPI_LOG_DEBUG, "found ldap type 2\n"); + NDPI_LOG_INFO(ndpi_struct, "found ldap type 2\n"); ndpi_int_ldap_add_connection(ndpi_struct, flow); return; } @@ -92,8 +88,7 @@ void ndpi_search_ldap(struct ndpi_detection_module_struct *ndpi_struct, struct n } - NDPI_LOG(NDPI_PROTOCOL_LDAP, ndpi_struct, NDPI_LOG_DEBUG, "ldap excluded.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_LDAP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/lisp.c b/src/lib/protocols/lisp.c index 01e445398..e507be9f9 100644 --- a/src/lib/protocols/lisp.c +++ b/src/lib/protocols/lisp.c @@ -1,6 +1,11 @@ -#include "ndpi_api.h" +#include "ndpi_protocol_ids.h" + #ifdef NDPI_PROTOCOL_LISP +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_LISP + +#include "ndpi_api.h" + #define LISP_PORT 4341 #define LISP_PORT1 4342 @@ -16,9 +21,8 @@ static void ndpi_check_lisp(struct ndpi_detection_module_struct *ndpi_struct, st { struct ndpi_packet_struct *packet = &flow->packet; - u_int32_t payload_len = packet->payload_packet_len; - if(packet->udp != NULL) { + if(packet->udp != NULL) { u_int16_t lisp_port = htons(LISP_PORT); u_int16_t lisp_port1 = htons(LISP_PORT1); @@ -28,22 +32,21 @@ static void ndpi_check_lisp(struct ndpi_detection_module_struct *ndpi_struct, st ((packet->udp->source == lisp_port1) && (packet->udp->dest == lisp_port1)) ) { - NDPI_LOG(NDPI_PROTOCOL_LISP, ndpi_struct, NDPI_LOG_DEBUG, "Found lisp.\n"); + NDPI_LOG_INFO(ndpi_struct, "found lisp\n"); ndpi_int_lisp_add_connection(ndpi_struct, flow, 0); return; } } - NDPI_LOG(NDPI_PROTOCOL_LISP, ndpi_struct, NDPI_LOG_DEBUG, "exclude lisp.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_LISP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } void ndpi_search_lisp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_LISP, ndpi_struct, NDPI_LOG_DEBUG, "lisp detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search lisp\n"); /* skip marked packets */ if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_LISP) { diff --git a/src/lib/protocols/lotus_notes.c b/src/lib/protocols/lotus_notes.c index 37c4cf896..5750c50cd 100644 --- a/src/lib/protocols/lotus_notes.c +++ b/src/lib/protocols/lotus_notes.c @@ -18,10 +18,14 @@ * */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_LOTUS_NOTES + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_LOTUS_NOTES #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_LOTUS_NOTES /* ************************************ */ @@ -32,38 +36,35 @@ static void ndpi_check_lotus_notes(struct ndpi_detection_module_struct *ndpi_str // const u_int8_t *packet_payload = packet->payload; u_int32_t payload_len = packet->payload_packet_len; - if(packet->tcp != NULL) { - flow->l4.tcp.lotus_notes_packet_id++; - - if((flow->l4.tcp.lotus_notes_packet_id == 1) - /* We have seen the 3-way handshake */ - && flow->l4.tcp.seen_syn - && flow->l4.tcp.seen_syn_ack - && flow->l4.tcp.seen_ack) { - if(payload_len > 16) { - char lotus_notes_header[] = { 0x00, 0x00, 0x02, 0x00, 0x00, 0x40, 0x02, 0x0F }; - - if(memcmp(&packet->payload[6], lotus_notes_header, sizeof(lotus_notes_header)) == 0) { - NDPI_LOG(NDPI_PROTOCOL_LOTUS_NOTES, ndpi_struct, NDPI_LOG_DEBUG, "Found lotus_notes.\n"); - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_LOTUS_NOTES, NDPI_PROTOCOL_UNKNOWN); - } - - return; + if(packet->tcp == NULL) return; + + flow->l4.tcp.lotus_notes_packet_id++; + + if((flow->l4.tcp.lotus_notes_packet_id == 1) + /* We have seen the 3-way handshake */ + && flow->l4.tcp.seen_syn + && flow->l4.tcp.seen_syn_ack + && flow->l4.tcp.seen_ack) { + if(payload_len > 16) { + char lotus_notes_header[] = { 0x00, 0x00, 0x02, 0x00, 0x00, 0x40, 0x02, 0x0F }; + + if(memcmp(&packet->payload[6], lotus_notes_header, sizeof(lotus_notes_header)) == 0) { + NDPI_LOG_INFO(ndpi_struct, "found lotus_notes\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_LOTUS_NOTES, NDPI_PROTOCOL_UNKNOWN); } + return; + } + + } else if(flow->l4.tcp.lotus_notes_packet_id <= 3) return; - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_LOTUS_NOTES); - } else if(flow->l4.tcp.lotus_notes_packet_id > 3) - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_LOTUS_NOTES); - - return; - } + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } void ndpi_search_lotus_notes(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_LOTUS_NOTES, ndpi_struct, NDPI_LOG_DEBUG, "lotus_notes detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search lotus_notes\n"); /* skip marked packets */ if(packet->detected_protocol_stack[0] != NDPI_PROTOCOL_LOTUS_NOTES) diff --git a/src/lib/protocols/mail_imap.c b/src/lib/protocols/mail_imap.c index 4e352583e..2c3d3d2d7 100644 --- a/src/lib/protocols/mail_imap.c +++ b/src/lib/protocols/mail_imap.c @@ -22,10 +22,15 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_MAIL_IMAP +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MAIL_IMAP + +#include "ndpi_api.h" + + static void ndpi_int_mail_imap_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MAIL_IMAP, NDPI_PROTOCOL_UNKNOWN); @@ -40,11 +45,11 @@ void ndpi_search_mail_imap_tcp(struct ndpi_detection_module_struct *ndpi_struct, u_int8_t saw_command = 0; /* const u_int8_t *command = 0; */ - NDPI_LOG(NDPI_PROTOCOL_MAIL_IMAP, ndpi_struct, NDPI_LOG_DEBUG, "search IMAP.\n"); + NDPI_LOG_DBG(ndpi_struct, "search IMAP_IMAP\n"); if (flow->l4.tcp.mail_imap_starttls == 2) { #ifdef NDPI_PROTOCOL_SSL - NDPI_LOG(NDPI_PROTOCOL_MAIL_IMAP, ndpi_struct, NDPI_LOG_DEBUG, "starttls detected\n"); + NDPI_LOG_DBG2(ndpi_struct, "starttls detected\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MAIL_IMAP); NDPI_DEL_PROTOCOL_FROM_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SSL); return; @@ -275,7 +280,7 @@ void ndpi_search_mail_imap_tcp(struct ndpi_detection_module_struct *ndpi_struct, if (saw_command == 1) { if (flow->l4.tcp.mail_imap_stage == 3 || flow->l4.tcp.mail_imap_stage == 5) { - NDPI_LOG(NDPI_PROTOCOL_MAIL_IMAP, ndpi_struct, NDPI_LOG_DEBUG, "mail imap identified\n"); + NDPI_LOG_INFO(ndpi_struct, "found MAIL_IMAP\n"); ndpi_int_mail_imap_add_connection(ndpi_struct, flow); return; } @@ -283,7 +288,7 @@ void ndpi_search_mail_imap_tcp(struct ndpi_detection_module_struct *ndpi_struct, } if (packet->payload_packet_len > 1 && packet->payload[packet->payload_packet_len - 1] == ' ') { - NDPI_LOG(NDPI_PROTOCOL_MAIL_IMAP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "maybe a split imap command -> need next packet and imap_stage is set to 4.\n"); flow->l4.tcp.mail_imap_stage = 4; return; @@ -295,13 +300,12 @@ void ndpi_search_mail_imap_tcp(struct ndpi_detection_module_struct *ndpi_struct, // if the packet count is low enough and at least one command or response was seen before if ((packet->payload_packet_len >= 2 && ntohs(get_u_int16_t(packet->payload, packet->payload_packet_len - 2)) == 0x0d0a) && flow->packet_counter < 6 && flow->l4.tcp.mail_imap_stage >= 1) { - NDPI_LOG(NDPI_PROTOCOL_MAIL_IMAP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "no imap command or response but packet count < 6 and imap stage >= 1 -> skip\n"); return; } - NDPI_LOG(NDPI_PROTOCOL_MAIL_IMAP, ndpi_struct, NDPI_LOG_DEBUG, "exclude IMAP.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MAIL_IMAP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/mail_pop.c b/src/lib/protocols/mail_pop.c index 0e487c4a5..4f9a6ea5f 100644 --- a/src/lib/protocols/mail_pop.c +++ b/src/lib/protocols/mail_pop.c @@ -23,10 +23,15 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_MAIL_POP +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MAIL_POP + +#include "ndpi_api.h" + + #define POP_BIT_AUTH 0x0001 #define POP_BIT_APOP 0x0002 #define POP_BIT_USER 0x0004 @@ -52,9 +57,6 @@ static int ndpi_int_mail_pop_check_for_client_commands(struct ndpi_detection_mod { struct ndpi_packet_struct *packet = &flow->packet; -// struct ndpi_id_struct *src=ndpi_struct->src; -// struct ndpi_id_struct *dst=ndpi_struct->dst; - if (packet->payload_packet_len > 4) { if ((packet->payload[0] == 'A' || packet->payload[0] == 'a') && (packet->payload[1] == 'U' || packet->payload[1] == 'u') @@ -133,13 +135,10 @@ void ndpi_search_mail_pop_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - -// struct ndpi_id_struct *src=ndpi_struct->src; -// struct ndpi_id_struct *dst=ndpi_struct->dst; u_int8_t a = 0; u_int8_t bit_count = 0; - NDPI_LOG(NDPI_PROTOCOL_MAIL_POP, ndpi_struct, NDPI_LOG_DEBUG, "search mail_pop\n"); + NDPI_LOG_DBG(ndpi_struct, "search mail_pop\n"); @@ -165,12 +164,12 @@ void ndpi_search_mail_pop_tcp(struct ndpi_detection_module_struct } } - NDPI_LOG(NDPI_PROTOCOL_MAIL_POP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "mail_pop +OK/-ERR responses: %u, unique commands: %u\n", flow->l4.tcp.mail_pop_stage, bit_count); if ((bit_count + flow->l4.tcp.mail_pop_stage) >= 3) { if (flow->l4.tcp.mail_pop_stage > 0) { - NDPI_LOG(NDPI_PROTOCOL_MAIL_POP, ndpi_struct, NDPI_LOG_DEBUG, "mail_pop identified\n"); + NDPI_LOG_INFO(ndpi_struct, "mail_pop identified\n"); ndpi_int_mail_pop_add_connection(ndpi_struct, flow); return; } else { @@ -182,7 +181,7 @@ void ndpi_search_mail_pop_tcp(struct ndpi_detection_module_struct } else { // first part of a split packet - NDPI_LOG(NDPI_PROTOCOL_MAIL_POP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "mail_pop command without line ending -> skip\n"); return; } @@ -193,13 +192,12 @@ void ndpi_search_mail_pop_tcp(struct ndpi_detection_module_struct if (((packet->payload_packet_len > 2 && ntohs(get_u_int16_t(packet->payload, packet->payload_packet_len - 2)) == 0x0d0a) || flow->l4.tcp.pop_command_bitmask != 0 || flow->l4.tcp.mail_pop_stage != 0) && flow->packet_counter < 12) { // maybe part of a split pop packet - NDPI_LOG(NDPI_PROTOCOL_MAIL_POP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "maybe part of split mail_pop packet -> skip\n"); return; } - NDPI_LOG(NDPI_PROTOCOL_MAIL_POP, ndpi_struct, NDPI_LOG_DEBUG, "exclude mail_pop\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MAIL_POP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/mail_smtp.c b/src/lib/protocols/mail_smtp.c index 422ed0dc2..252c74ffe 100644 --- a/src/lib/protocols/mail_smtp.c +++ b/src/lib/protocols/mail_smtp.c @@ -23,10 +23,15 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_MAIL_SMTP +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MAIL_SMTP + +#include "ndpi_api.h" + + #define SMTP_BIT_220 0x01 #define SMTP_BIT_250 0x02 #define SMTP_BIT_235 0x04 @@ -53,12 +58,7 @@ void ndpi_search_mail_smtp_tcp(struct ndpi_detection_module_struct { struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; - - - NDPI_LOG(NDPI_PROTOCOL_MAIL_SMTP, ndpi_struct, NDPI_LOG_DEBUG, "search mail_smtp.\n"); - + NDPI_LOG_DBG(ndpi_struct, "search mail_smtp\n"); if (packet->payload_packet_len > 2 && ntohs(get_u_int16_t(packet->payload, packet->payload_packet_len - 2)) == 0x0d0a) { u_int8_t a; @@ -152,11 +152,11 @@ void ndpi_search_mail_smtp_tcp(struct ndpi_detection_module_struct bit_count += (flow->l4.tcp.smtp_command_bitmask >> a) & 0x01; } } - NDPI_LOG(NDPI_PROTOCOL_MAIL_SMTP, ndpi_struct, NDPI_LOG_DEBUG, "seen smtp commands and responses: %u.\n", + NDPI_LOG_DBG2(ndpi_struct, "seen smtp commands and responses: %u\n", bit_count); if (bit_count >= 3) { - NDPI_LOG(NDPI_PROTOCOL_MAIL_SMTP, ndpi_struct, NDPI_LOG_DEBUG, "mail smtp identified\n"); + NDPI_LOG_INFO(ndpi_struct, "mail smtp identified\n"); ndpi_int_mail_smtp_add_connection(ndpi_struct, flow); return; } @@ -169,12 +169,11 @@ void ndpi_search_mail_smtp_tcp(struct ndpi_detection_module_struct packet->payload_packet_len >= 4 && (ntohs(get_u_int16_t(packet->payload, packet->payload_packet_len - 2)) == 0x0d0a || memcmp(packet->payload, "220", 3) == 0 || memcmp(packet->payload, "EHLO", 4) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_MAIL_SMTP, ndpi_struct, NDPI_LOG_DEBUG, "maybe SMTP, need next packet.\n"); + NDPI_LOG_DBG2(ndpi_struct, "maybe SMTP, need next packet\n"); return; } - NDPI_LOG(NDPI_PROTOCOL_MAIL_SMTP, ndpi_struct, NDPI_LOG_DEBUG, "exclude smtp\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MAIL_SMTP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/maplestory.c b/src/lib/protocols/maplestory.c index fa6feffd0..a55c2cc11 100644 --- a/src/lib/protocols/maplestory.c +++ b/src/lib/protocols/maplestory.c @@ -22,10 +22,14 @@ * */ -#include "ndpi_api.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_MAPLESTORY +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MAPLESTORY + +#include "ndpi_api.h" + static void ndpi_int_maplestory_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MAPLESTORY, NDPI_PROTOCOL_UNKNOWN); @@ -36,16 +40,13 @@ void ndpi_search_maplestory(struct ndpi_detection_module_struct *ndpi_struct, st { struct ndpi_packet_struct *packet = &flow->packet; -// struct ndpi_id_struct *src=ndpi_struct->src; -// struct ndpi_id_struct *dst=ndpi_struct->dst; - - + NDPI_LOG_DBG(ndpi_struct, "search maplestory\n"); if (packet->payload_packet_len == 16 && (ntohl(get_u_int32_t(packet->payload, 0)) == 0x0e003a00 || ntohl(get_u_int32_t(packet->payload, 0)) == 0x0e003b00 || ntohl(get_u_int32_t(packet->payload, 0)) == 0x0e004200) && ntohs(get_u_int16_t(packet->payload, 4)) == 0x0100 && (packet->payload[6] == 0x32 || packet->payload[6] == 0x33)) { - NDPI_LOG(NDPI_PROTOCOL_MAPLESTORY, ndpi_struct, NDPI_LOG_DEBUG, "found maplestory.\n"); + NDPI_LOG_INFO(ndpi_struct, "found maplestory\n"); ndpi_int_maplestory_add_connection(ndpi_struct, flow); return; } @@ -63,7 +64,7 @@ void ndpi_search_maplestory(struct ndpi_detection_module_struct *ndpi_struct, st NDPI_STATICSTRING_LEN("patch")) == 0 && memcmp(packet->user_agent_line.ptr, "Patcher", NDPI_STATICSTRING_LEN("Patcher")) == 0 && memcmp(packet->host_line.ptr, "patch.", NDPI_STATICSTRING_LEN("patch.")) == 0) { - NDPI_LOG(NDPI_PROTOCOL_MAPLESTORY, ndpi_struct, NDPI_LOG_DEBUG, "found maplestory update.\n"); + NDPI_LOG_INFO(ndpi_struct, "found maplestory update\n"); ndpi_int_maplestory_add_connection(ndpi_struct, flow); return; } @@ -71,14 +72,13 @@ void ndpi_search_maplestory(struct ndpi_detection_module_struct *ndpi_struct, st && memcmp(&packet->payload[NDPI_STATICSTRING_LEN("GET /maple")], "story/", NDPI_STATICSTRING_LEN("story/")) == 0 && memcmp(packet->user_agent_line.ptr, "AspINet", NDPI_STATICSTRING_LEN("AspINet")) == 0) { - NDPI_LOG(NDPI_PROTOCOL_MAPLESTORY, ndpi_struct, NDPI_LOG_DEBUG, "found maplestory update.\n"); + NDPI_LOG_INFO(ndpi_struct, "found maplestory update\n"); ndpi_int_maplestory_add_connection(ndpi_struct, flow); return; } } - NDPI_LOG(NDPI_PROTOCOL_MAPLESTORY, ndpi_struct, NDPI_LOG_DEBUG, "exclude maplestory.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MAPLESTORY); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/mdns.c b/src/lib/protocols/mdns.c index d805a0bca..aa3c3f525 100644 --- a/src/lib/protocols/mdns.c +++ b/src/lib/protocols/mdns.c @@ -20,10 +20,14 @@ * along with nDPI. If not, see . * */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_MDNS +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MDNS + +#include "ndpi_api.h" + #define NDPI_MAX_MDNS_REQUESTS 128 PACK_ON @@ -65,7 +69,7 @@ static int ndpi_int_check_mdns_payload(struct ndpi_detection_module_struct if(((packet->payload[2] & 0x80) == 0) && (questions <= NDPI_MAX_MDNS_REQUESTS) && (answers <= NDPI_MAX_MDNS_REQUESTS)) { - NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, NDPI_LOG_DEBUG, "found MDNS with question query.\n"); + NDPI_LOG_INFO(ndpi_struct, "found MDNS with question query\n"); return 1; } else if(((packet->payload[2] & 0x80) != 0) @@ -86,7 +90,7 @@ static int ndpi_int_check_mdns_payload(struct ndpi_detection_module_struct strncpy(flow->protos.mdns.answer, (const char *)answer, len); flow->protos.mdns.answer[len] = '\0'; - NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, NDPI_LOG_DEBUG, "found MDNS with answer query.\n"); + NDPI_LOG_INFO(ndpi_struct, "found MDNS with answer query\n"); return 1; } @@ -98,6 +102,8 @@ void ndpi_search_mdns(struct ndpi_detection_module_struct *ndpi_struct, struct n struct ndpi_packet_struct *packet = &flow->packet; u_int16_t dport; + NDPI_LOG_DBG(ndpi_struct, "search MDNS\n"); + /** information from http://www.it-administrator.de/lexikon/multicast-dns.html */ @@ -112,8 +118,7 @@ void ndpi_search_mdns(struct ndpi_detection_module_struct *ndpi_struct, struct n /* mdns protocol must have destination address 224.0.0.251 */ if(packet->iph != NULL /* && ntohl(packet->iph->daddr) == 0xe00000fb */) { - NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, - NDPI_LOG_DEBUG, "found MDNS with destination address 224.0.0.251 (=0xe00000fb)\n"); + NDPI_LOG_INFO(ndpi_struct, "found MDNS with destination address 224.0.0.251 (=0xe00000fb)\n"); if(ndpi_int_check_mdns_payload(ndpi_struct, flow) == 1) { ndpi_int_mdns_add_connection(ndpi_struct, flow); @@ -125,8 +130,7 @@ void ndpi_search_mdns(struct ndpi_detection_module_struct *ndpi_struct, struct n const u_int32_t *daddr = packet->iphv6->ip6_dst.u6_addr.u6_addr32; if(daddr[0] == htonl(0xff020000) /* && daddr[1] == 0 && daddr[2] == 0 && daddr[3] == htonl(0xfb) */) { - NDPI_LOG(NDPI_PROTOCOL_MDNS, ndpi_struct, - NDPI_LOG_DEBUG, "found MDNS with destination address ff02::fb\n"); + NDPI_LOG_INFO(ndpi_struct, "found MDNS with destination address ff02::fb\n"); if(ndpi_int_check_mdns_payload(ndpi_struct, flow) == 1) { ndpi_int_mdns_add_connection(ndpi_struct, flow); @@ -137,7 +141,7 @@ void ndpi_search_mdns(struct ndpi_detection_module_struct *ndpi_struct, struct n #endif } } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MDNS); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/megaco.c b/src/lib/protocols/megaco.c index 7b7d910de..bb317f5d5 100644 --- a/src/lib/protocols/megaco.c +++ b/src/lib/protocols/megaco.c @@ -18,16 +18,20 @@ * If not, see . */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_MEGACO + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MEGACO #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_MEGACO void ndpi_search_megaco(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_MEGACO, ndpi_struct, NDPI_LOG_DEBUG, "search for MEGACO.\n"); + NDPI_LOG_DBG(ndpi_struct, "search for MEGACO\n"); if(packet->udp != NULL) { if((packet->payload_packet_len > 4 && packet->payload[0] == '!' && packet->payload[1] == '/' && @@ -36,14 +40,13 @@ void ndpi_search_megaco(struct ndpi_detection_module_struct *ndpi_struct, struct packet->payload[2] == 'G' && packet->payload[3] == 'A' && packet->payload[4] == 'C' && packet->payload[5] == 'O' && packet->payload[6] == '/' && packet->payload[7] == '1' && packet->payload[8] == ' ' && packet->payload[9] == '[')) { - NDPI_LOG(NDPI_PROTOCOL_MEGACO, ndpi_struct, NDPI_LOG_DEBUG, "found MEGACO.\n"); + NDPI_LOG_INFO(ndpi_struct, "found MEGACO\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MEGACO, NDPI_PROTOCOL_UNKNOWN); return; } } - NDPI_LOG(NDPI_PROTOCOL_MEGACO, ndpi_struct, NDPI_LOG_DEBUG, "exclude MEGACO.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MEGACO); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/mgcp.c b/src/lib/protocols/mgcp.c index e16091642..69fe33fac 100644 --- a/src/lib/protocols/mgcp.c +++ b/src/lib/protocols/mgcp.c @@ -20,10 +20,16 @@ * along with nDPI. If not, see . * */ -#include "ndpi_protocols.h" + +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_MGCP +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MGCP + +#include "ndpi_api.h" + + static void ndpi_int_mgcp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -39,40 +45,39 @@ void ndpi_search_mgcp(struct ndpi_detection_module_struct *ndpi_struct, struct n u_int16_t pos = 5; - if (packet->payload_packet_len < 8) { - goto mgcp_excluded; - } - - /* packet must end with 0x0d0a or with 0x0a */ - if (packet->payload[packet->payload_packet_len - 1] != 0x0a) { - goto mgcp_excluded; - } - - if (packet->payload[0] != 'A' && packet->payload[0] != 'C' && packet->payload[0] != 'D' && - packet->payload[0] != 'E' && packet->payload[0] != 'M' && packet->payload[0] != 'N' && - packet->payload[0] != 'R') { - goto mgcp_excluded; - } - if (memcmp(packet->payload, "AUEP ", 5) != 0 && memcmp(packet->payload, "AUCX ", 5) != 0 && - memcmp(packet->payload, "CRCX ", 5) != 0 && memcmp(packet->payload, "DLCX ", 5) != 0 && - memcmp(packet->payload, "EPCF ", 5) != 0 && memcmp(packet->payload, "MDCX ", 5) != 0 && - memcmp(packet->payload, "NTFY ", 5) != 0 && memcmp(packet->payload, "RQNT ", 5) != 0 && - memcmp(packet->payload, "RSIP ", 5) != 0) { - goto mgcp_excluded; - } - // now search for string "MGCP " in the rest of the message - while ((pos + 4) < packet->payload_packet_len) { - if (memcmp(&packet->payload[pos], "MGCP ", 5) == 0) { - NDPI_LOG(NDPI_PROTOCOL_MGCP, ndpi_struct, NDPI_LOG_DEBUG, "MGCP match.\n"); - ndpi_int_mgcp_add_connection(ndpi_struct, flow); - return; + NDPI_LOG_DBG(ndpi_struct, "search MGCP\n"); + + do { + if (packet->payload_packet_len < 8) break; + + /* packet must end with 0x0d0a or with 0x0a */ + if (packet->payload[packet->payload_packet_len - 1] != 0x0a) break; + + if (packet->payload[0] != 'A' && packet->payload[0] != 'C' && packet->payload[0] != 'D' && + packet->payload[0] != 'E' && packet->payload[0] != 'M' && packet->payload[0] != 'N' && + packet->payload[0] != 'R') + break; + + if (memcmp(packet->payload, "AUEP ", 5) != 0 && memcmp(packet->payload, "AUCX ", 5) != 0 && + memcmp(packet->payload, "CRCX ", 5) != 0 && memcmp(packet->payload, "DLCX ", 5) != 0 && + memcmp(packet->payload, "EPCF ", 5) != 0 && memcmp(packet->payload, "MDCX ", 5) != 0 && + memcmp(packet->payload, "NTFY ", 5) != 0 && memcmp(packet->payload, "RQNT ", 5) != 0 && + memcmp(packet->payload, "RSIP ", 5) != 0) + break; + + // now search for string "MGCP " in the rest of the message + while ((pos + 4) < packet->payload_packet_len) { + if (memcmp(&packet->payload[pos], "MGCP ", 5) == 0) { + NDPI_LOG_INFO(ndpi_struct, "found MGCP\n"); + ndpi_int_mgcp_add_connection(ndpi_struct, flow); + return; + } + pos++; } - pos++; - } - mgcp_excluded: - NDPI_LOG(NDPI_PROTOCOL_MGCP, ndpi_struct, NDPI_LOG_DEBUG, "exclude MGCP.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MGCP); + } while(0); + + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/mms.c b/src/lib/protocols/mms.c index d6b4edbca..42391b5fc 100644 --- a/src/lib/protocols/mms.c +++ b/src/lib/protocols/mms.c @@ -23,10 +23,14 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_CONTENT_MMS +#define NDPI_CURRENT_PROTO NDPI_CONTENT_MMS + +#include "ndpi_api.h" + static void ndpi_int_mms_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -39,9 +43,7 @@ void ndpi_search_mms_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc { struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; - + NDPI_LOG_DBG(ndpi_struct, "search MMS\n"); /* search MSMMS packets */ if (packet->payload_packet_len >= 20) { @@ -49,7 +51,7 @@ void ndpi_search_mms_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc && packet->payload[5] == 0xfa && packet->payload[6] == 0x0b && packet->payload[7] == 0xb0 && packet->payload[12] == 0x4d && packet->payload[13] == 0x4d && packet->payload[14] == 0x53 && packet->payload[15] == 0x20) { - NDPI_LOG(NDPI_CONTENT_MMS, ndpi_struct, NDPI_LOG_DEBUG, "MMS: MSMMS Request found \n"); + NDPI_LOG_INFO(ndpi_struct, "found MMS: MSMMS Request \n"); flow->l4.tcp.mms_stage = 1 + packet->packet_direction; return; } @@ -59,7 +61,7 @@ void ndpi_search_mms_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc && packet->payload[6] == 0x0b && packet->payload[7] == 0xb0 && packet->payload[12] == 0x4d && packet->payload[13] == 0x4d && packet->payload[14] == 0x53 && packet->payload[15] == 0x20) { - NDPI_LOG(NDPI_CONTENT_MMS, ndpi_struct, NDPI_LOG_DEBUG, "MMS: MSMMS Response found \n"); + NDPI_LOG_INFO(ndpi_struct, "found MMS: MSMMS Response \n"); ndpi_int_mms_add_connection(ndpi_struct, flow); return; } @@ -67,12 +69,11 @@ void ndpi_search_mms_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc #ifdef NDPI_PROTOCOL_HTTP if (NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_HTTP) != 0) { #endif /* NDPI_PROTOCOL_HTTP */ - NDPI_LOG(NDPI_CONTENT_MMS, ndpi_struct, NDPI_LOG_DEBUG, "MMS: exclude\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_CONTENT_MMS); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); #ifdef NDPI_PROTOCOL_HTTP } else { - NDPI_LOG(NDPI_CONTENT_MMS, ndpi_struct, NDPI_LOG_DEBUG, "MMS avoid early exclude from http\n"); + NDPI_LOG_DBG(ndpi_struct, "MMS avoid early exclude from http\n"); } #endif /* NDPI_PROTOCOL_HTTP */ diff --git a/src/lib/protocols/mpegts.c b/src/lib/protocols/mpegts.c index 4970147e1..3558bdce7 100644 --- a/src/lib/protocols/mpegts.c +++ b/src/lib/protocols/mpegts.c @@ -19,16 +19,19 @@ * */ - -#include "ndpi_api.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_MPEGTS +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MPEGTS + +#include "ndpi_api.h" + void ndpi_search_mpegts(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_MPEGTS, ndpi_struct, NDPI_LOG_DEBUG, "search for MPEGTS.\n"); + NDPI_LOG_DBG(ndpi_struct, "search MPEGTS\n"); if((packet->udp != NULL) && ((packet->payload_packet_len % 188) == 0)) { u_int i, num_chunks = packet->payload_packet_len / 188; @@ -40,13 +43,13 @@ void ndpi_search_mpegts(struct ndpi_detection_module_struct *ndpi_struct, struct } /* This looks MPEG TS */ + NDPI_LOG_INFO(ndpi_struct, "found MPEGTS\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_MPEGTS, NDPI_PROTOCOL_UNKNOWN); return; } no_mpegts: - NDPI_LOG(NDPI_PROTOCOL_MPEGTS, ndpi_struct, NDPI_LOG_DEBUG, "Excluded MPEGTS.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MPEGTS); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/mqtt.c b/src/lib/protocols/mqtt.c index 37c469066..950dde5d1 100644 --- a/src/lib/protocols/mqtt.c +++ b/src/lib/protocols/mqtt.c @@ -21,9 +21,15 @@ * */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" + #ifdef NDPI_PROTOCOL_MQTT +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MQTT + +#include "ndpi_api.h" + + /** * The type of control messages in mqtt version 3.1.1 * see http://docs.oasis-open.org/mqtt/mqtt/v3.1.1 @@ -52,7 +58,7 @@ static void ndpi_int_mqtt_add_connection (struct ndpi_detection_module_struct *n struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct,flow,NDPI_PROTOCOL_MQTT,NDPI_PROTOCOL_UNKNOWN); - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt found.\n"); + NDPI_LOG_INFO(ndpi_struct, "found Mqtt\n"); } /** @@ -61,95 +67,96 @@ static void ndpi_int_mqtt_add_connection (struct ndpi_detection_module_struct *n void ndpi_search_mqtt (struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt search called...\n"); + u_int8_t rl,pt,flags; + + NDPI_LOG_DBG(ndpi_struct, "search Mqtt\n"); struct ndpi_packet_struct *packet = &flow->packet; if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) { return; } - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt detection...\n"); if (flow->packet_counter > 10) { - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt .. mandatory header not found!\n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding Mqtt .. mandatory header not found!\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); return; } - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "====>>>> Mqtt header: %4x%4x%4x%4x [len: %u]\n", + NDPI_LOG_DBG2(ndpi_struct, "====>>>> Mqtt header: %4x%4x%4x%4x [len: %u]\n", packet->payload[0], packet->payload[1], packet->payload[2], packet->payload[3], packet->payload_packet_len); if (packet->payload_packet_len < 2) { - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt .. mandatory header not found!\n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding Mqtt .. mandatory header not found!\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); return; } if (packet->payload_packet_len > 258) { - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt .. maximum packet size exceeded!\n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding Mqtt .. maximum packet size exceeded!\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); return; } // we extract the remaining length - u_int8_t rl = (u_int8_t) (packet->payload[1]); + rl = (u_int8_t) (packet->payload[1]); if (packet->payload_packet_len != (rl + 2)) { - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt .. packet size exceeded!\n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding Mqtt .. packet size exceeded!\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); return; } // we extract the packet type - u_int8_t pt = (u_int8_t) ((packet->payload[0] & 0xF0) >> 4); - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> Mqtt packet type: [%d]\n",pt); + pt = (u_int8_t) ((packet->payload[0] & 0xF0) >> 4); + NDPI_LOG_DBG2(ndpi_struct,"====>>>> Mqtt packet type: [%d]\n",pt); if ((pt == 0) || (pt == 15)) { - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt .. invalid packet type!\n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding Mqtt .. invalid packet type!\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); return; } // we extract the flags - u_int8_t flags = (u_int8_t) (packet->payload[0] & 0x0F); - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> Mqtt flags type: [%d]\n",flags); + flags = (u_int8_t) (packet->payload[0] & 0x0F); + NDPI_LOG_DBG2(ndpi_struct,"====>>>> Mqtt flags type: [%d]\n",flags); // first stage verification if (((pt == CONNECT) || (pt == CONNACK) || (pt == PUBACK) || (pt == PUBREC) || (pt == PUBCOMP) || (pt == SUBACK) || (pt == UNSUBACK) || (pt == PINGREQ) || (pt == PINGRESP) || (pt == DISCONNECT)) && (flags > 0)) { - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid Packet-Flag combination flag!=0\n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding Mqtt invalid Packet-Flag combination flag!=0\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); return; } if (((pt == PUBREL) || (pt == SUBSCRIBE) || (pt == UNSUBSCRIBE)) && (flags != 2)) { - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid Packet-Flag combination flag!=2\n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding Mqtt invalid Packet-Flag combination flag!=2\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); return; } - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> Passed first stage of identification\n"); + NDPI_LOG_DBG2(ndpi_struct,"====>>>> Passed first stage of identification\n"); // second stage verification (no payload, just variable headers) if ((pt == CONNACK) || (pt == PUBACK) || (pt == PUBREL) || (pt == PUBREC) || (pt == PUBCOMP) || (pt == UNSUBACK)) { if (packet->payload_packet_len != 4) { // these packets are always 4 bytes long - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid Packet-Length < 4 \n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding Mqtt invalid Packet-Length < 4 \n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); return; } else { - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt found CONNACK/PUBACK/PUBREL/PUBREC/PUBCOMP/UNSUBACK\n"); + NDPI_LOG_INFO(ndpi_struct, "found Mqtt CONNACK/PUBACK/PUBREL/PUBREC/PUBCOMP/UNSUBACK\n"); ndpi_int_mqtt_add_connection(ndpi_struct,flow); return; } } if ((pt == PINGREQ) || (pt == PINGRESP) || (pt == DISCONNECT)) { if (packet->payload_packet_len != 2) { // these packets are always 2 bytes long - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid Packet-Length <2 \n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding Mqtt invalid Packet-Length <2 \n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); return; } else { - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt found PING/PINGRESP/DISCONNECT\n"); + NDPI_LOG_INFO(ndpi_struct, "found Mqtt PING/PINGRESP/DISCONNECT\n"); ndpi_int_mqtt_add_connection(ndpi_struct,flow); return; } } - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> Passed second stage of identification\n"); + NDPI_LOG_DBG2(ndpi_struct,"====>>>> Passed second stage of identification\n"); // third stage verification (payload) if (pt == CONNECT) { if (packet->payload_packet_len >= 8 && memcmp(&(packet->payload[4]),"MQTT",4) == 0) { - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt found CONNECT\n"); + NDPI_LOG_DBG(ndpi_struct, "found Mqtt CONNECT\n"); ndpi_int_mqtt_add_connection(ndpi_struct,flow); return; } else { - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid CONNECT\n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding Mqtt invalid CONNECT\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); return; } @@ -160,79 +167,78 @@ void ndpi_search_mqtt (struct ndpi_detection_module_struct *ndpi_struct, u_int8_t retain = (u_int8_t) (flags & 0x01); u_int8_t dup = (u_int8_t) (flags & 0x04); if (qos > 2) { // qos values possible are 0,1,2 - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid PUBLISH qos\n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding Mqtt invalid PUBLISH qos\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); return; } if (retain > 1) { // retain flag possible 0,1 - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid PUBLISH retain\n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding Mqtt invalid PUBLISH retain\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); return; } if (dup > 1) { // dup flag possible 0,1 - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid PUBLISH dup\n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding Mqtt invalid PUBLISH dup\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); return; } if (qos == 0) { if (dup != 0) { - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid PUBLISH qos0 and dup combination\n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding Mqtt invalid PUBLISH qos0 and dup combination\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); return; } if (packet->payload_packet_len < 5) { // at least topic (3Bytes + 2Bytes fixed header) - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid PUBLISH qos0 size\n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding Mqtt invalid PUBLISH qos0 size\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); return; } } if ((qos == 1) || (qos == 2)) { if (packet->payload_packet_len < 7 ) { // at least topic + pkt identifier (3Bytes + 2Bytes + 2Bytes fixed header) - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid PUBLISH qos1&2\n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding Mqtt invalid PUBLISH qos1&2\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); return; } } - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt found PUBLISH\n"); + NDPI_LOG_INFO(ndpi_struct, "found Mqtt PUBLISH\n"); ndpi_int_mqtt_add_connection(ndpi_struct,flow); return; } if (pt == SUBSCRIBE) { if (packet->payload_packet_len < 8) { // at least one topic+filter is required in the payload - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid SUBSCRIBE\n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding Mqtt invalid SUBSCRIBE\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); return; } else { - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt found SUBSCRIBE\n"); + NDPI_LOG_INFO(ndpi_struct, "found Mqtt SUBSCRIBE\n"); ndpi_int_mqtt_add_connection(ndpi_struct,flow); return; } } if (pt == SUBACK ) { if (packet->payload_packet_len <5 ) { // must have at least a response code - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid SUBACK\n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding Mqtt invalid SUBACK\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); return; } else { - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt found SUBACK\n"); + NDPI_LOG_INFO(ndpi_struct, "found Mqtt SUBACK\n"); ndpi_int_mqtt_add_connection(ndpi_struct,flow); return; } } if (pt == UNSUBSCRIBE) { if (packet->payload_packet_len < 7) { // at least a topic - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Excluding Mqtt invalid UNSUBSCRIBE\n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding Mqtt invalid UNSUBSCRIBE\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); return; } else { - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt found UNSUBSCRIBE\n",pt); + NDPI_LOG_INFO(ndpi_struct, "found Mqtt UNSUBSCRIBE\n",pt); ndpi_int_mqtt_add_connection(ndpi_struct,flow); return; } } - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> Passed third stage of identification"); - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Reached the end excluding Mqtt ...\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MQTT); + NDPI_LOG_DBG2(ndpi_struct,"====>>>> Passed third stage of identification"); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } /** @@ -241,7 +247,6 @@ void ndpi_search_mqtt (struct ndpi_detection_module_struct *ndpi_struct, void init_mqtt_dissector (struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { - NDPI_LOG(NDPI_PROTOCOL_MQTT, ndpi_struct, NDPI_LOG_DEBUG, "Mqtt dissector init...\n"); ndpi_set_bitmask_protocol_detection ("MQTT", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_MQTT, ndpi_search_mqtt, diff --git a/src/lib/protocols/msn.c b/src/lib/protocols/msn.c index 2938d39b8..4c5b73dcd 100644 --- a/src/lib/protocols/msn.c +++ b/src/lib/protocols/msn.c @@ -21,10 +21,16 @@ * along with nDPI. If not, see . * */ -#include "ndpi_api.h" + +#include "ndpi_protocol_ids.h" + #ifdef NDPI_PROTOCOL_MSN +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MSN + +#include "ndpi_api.h" + #define MAX_PACKETS_FOR_MSN 100 static void ndpi_int_msn_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -59,17 +65,16 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct u_int16_t plen; u_int16_t status = 0; - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, "MSN tcp detection...\n"); #ifdef NDPI_PROTOCOL_SSL if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_SSL) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, "msn ssl ft test\n"); + NDPI_LOG_DBG2(ndpi_struct, "msn ssl ft test\n"); if(flow->packet_counter < 10) { if(flow->packet_counter == 7 && packet->payload_packet_len > 300) { if(memcmp(packet->payload + 24, "MSNSLP", 6) == 0 || (get_u_int32_t(packet->payload, 0) == htonl(0x30000000) && get_u_int32_t(packet->payload, 4) == 0x00000000)) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, "detected MSN File Transfer, ifdef ssl.\n"); + NDPI_LOG_INFO(ndpi_struct, "found MSN File Transfer, ifdef ssl\n"); ndpi_int_msn_add_connection(ndpi_struct, flow); return; } @@ -77,12 +82,12 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct if(flow->packet_counter >= 5 && flow->packet_counter <= 10 && (get_u_int32_t(packet->payload, 0) == htonl(0x18000000) && get_u_int32_t(packet->payload, 4) == 0x00000000)) { flow->l4.tcp.msn_ssl_ft++; - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, + NDPI_LOG_DBG2(ndpi_struct, "increased msn ft ssl stage to: %u at packet nr: %u\n", flow->l4.tcp.msn_ssl_ft, flow->packet_counter); if (flow->l4.tcp.msn_ssl_ft == 2) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, - "detected MSN File Transfer, ifdef ssl 2.\n"); + NDPI_LOG_INFO(ndpi_struct, + "found MSN File Transfer, ifdef ssl 2.\n"); ndpi_int_msn_add_connection(ndpi_struct, flow); } return; @@ -109,18 +114,13 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct && ((ntohl(get_u_int32_t(packet->payload, 24)) == 0x000f0004 && ntohl(get_u_int32_t(packet->payload, 28)) == 0x72c64bc6) || (ntohl(get_u_int32_t(packet->payload, 20)) == 0x000f0004 && ntohl(get_u_int32_t(packet->payload, 24)) == 0x72c64bc6))) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, + NDPI_LOG_INFO(ndpi_struct, "found MSN in packets that also contain voice.messenger.live.com.\n"); /* TODO this is an alternative pattern for video detection */ /* if (packet->payload_packet_len > 100 && get_u_int16_t(packet->payload, 86) == htons(0x05dc)) { */ - if(packet->payload_packet_len > 101 && packet->payload[101] == 0x02) { - ndpi_int_msn_add_connection(ndpi_struct, flow); - } else { - ndpi_int_msn_add_connection(ndpi_struct, flow); - } - + ndpi_int_msn_add_connection(ndpi_struct, flow); return; } @@ -133,14 +133,12 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct if (memcmp(&packet->payload[packet->payload_packet_len - 6], "CVR", 3) == 0 || memcmp(&packet->payload[packet->payload_packet_len - 8], "MSNP", 4) == 0) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, - "found MSN by pattern VER...CVR/MSNP ODOA.\n"); + NDPI_LOG_INFO(ndpi_struct, "found MSN by pattern VER...CVR/MSNP ODOA\n"); ndpi_int_msn_add_connection(ndpi_struct, flow); return; } if (ndpi_match_strprefix(&packet->payload[4], packet->payload_packet_len-4, "MSNFT")) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, - "found MSN FT by pattern VER MSNFT...0d0a.\n"); + NDPI_LOG_INFO(ndpi_struct, "found MSN FT by pattern VER MSNFT...0d0a\n"); ndpi_int_msn_add_connection(ndpi_struct, flow); return; } @@ -157,6 +155,7 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct if (packet->user_agent_line.ptr != NULL && packet->user_agent_line.len > NDPI_STATICSTRING_LEN("Messenger/") && memcmp(packet->user_agent_line.ptr, "Messenger/", NDPI_STATICSTRING_LEN("Messenger/")) == 0) { + NDPI_LOG_INFO(ndpi_struct, "found MSN Messenger/\n"); ndpi_int_msn_add_connection(ndpi_struct, flow); return; } @@ -184,8 +183,7 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct (packet->content_line.len >= NDPI_STATICSTRING_LEN("text/x-msnmsgr") && memcmp(packet->content_line.ptr, "text/x-msnmsgr", NDPI_STATICSTRING_LEN("text/x-msnmsgr")) == 0))) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, - "found MSN by pattern POST http:// .... application/x-msn-messenger.\n"); + NDPI_LOG_INFO(ndpi_struct, "found MSN POST application/x-msn-messenger\n"); ndpi_int_msn_add_connection(ndpi_struct, flow); return; } @@ -209,16 +207,14 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct for(c = 13; c < 50; c++) { if(memcmp(&packet->payload[c], "/", 1) == 0) { if(memcmp(&packet->payload[c], "/gateway/gateway.dll", 20) == 0) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, - "found pattern http://.../gateway/gateway.ddl.\n"); + NDPI_LOG_DBG2(ndpi_struct, "found pattern http://.../gateway/gateway.ddl\n"); status = 1; break; } } } } else if((memcmp(&packet->payload[5], "/gateway/gateway.dll", 20) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, - "found pattern http://.../gateway/gateway.ddl.\n"); + NDPI_LOG_DBG2(ndpi_struct, "found pattern http://.../gateway/gateway.ddl\n"); status = 1; } } @@ -239,7 +235,7 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct if ((src != NULL && NDPI_COMPARE_PROTOCOL_TO_BITMASK(src->detected_protocol_bitmask, NDPI_PROTOCOL_MSN) != 0) || (dst != NULL && NDPI_COMPARE_PROTOCOL_TO_BITMASK(dst->detected_protocol_bitmask, NDPI_PROTOCOL_MSN) != 0)) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, "found MSN with pattern text/xml; charset=utf-8.\n"); + NDPI_LOG_INFO(ndpi_struct, "found MSN with pattern text/xml; charset=utf-8\n"); ndpi_int_msn_add_connection(ndpi_struct, flow); return; } @@ -248,10 +244,8 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct || memcmp(packet->line[a].ptr, "VER ", 4) == 0 || memcmp(packet->line[a].ptr, "ANS ", 4) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, - "found MSN with pattern text/sml; charset0utf-8.\n"); - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, - NDPI_LOG_TRACE, "MSN xml CVS / VER / ANS found\n"); + NDPI_LOG_DBG2(ndpi_struct, "found MSN with pattern text/sml; charset0utf-8\n"); + NDPI_LOG_INFO(ndpi_struct, "found MSN xml CVS / VER / ANS found\n"); ndpi_int_msn_add_connection(ndpi_struct, flow); return; } @@ -280,13 +274,13 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct (packet->content_line.len >= NDPI_STATICSTRING_LEN("text/x-msnmsgr") && memcmp(packet->content_line.ptr, "text/x-msnmsgr", NDPI_STATICSTRING_LEN("text/x-msnmsgr")) == 0))) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, - "HTTP/1.0 200 OK .... application/x-msn-messenger.\n"); + NDPI_LOG_INFO(ndpi_struct, + "found MSN application/x-msn-messenger.\n"); ndpi_int_msn_add_connection(ndpi_struct, flow); return; } if(ndpi_int_find_xmsn(ndpi_struct, flow) == 1) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, "HTTP/1.0 200 OK .... X-MSN.\n"); + NDPI_LOG_INFO(ndpi_struct, "found MSN X-MSN\n"); ndpi_int_msn_add_connection(ndpi_struct, flow); return; } @@ -296,7 +290,7 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct /* now block proxy connection */ if(packet->payload_packet_len >= 42) { if(memcmp(packet->payload, "CONNECT messenger.hotmail.com:1863 HTTP/1.", 42) == 0) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, "found MSN with pattern CONNECT messenger.hotmail.com:1863 HTTP/1..\n"); + NDPI_LOG_INFO(ndpi_struct, "found MSN with pattern CONNECT messenger.hotmail.com:1863 HTTP/1.\n"); ndpi_int_msn_add_connection(ndpi_struct, flow); return; } @@ -322,7 +316,7 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct while (plen < endlen) { if (ndpi_check_for_email_address(ndpi_struct, flow, plen) != 0) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, "found mail address\n"); + NDPI_LOG_DBG2(ndpi_struct, "found mail address\n"); break; } if (packet->payload_packet_len > plen + 1 @@ -334,7 +328,7 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct goto ndpi_msn_exclude; } } - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, "found MSN with pattern USR/ANS ...mail_address.\n"); + NDPI_LOG_INFO(ndpi_struct, "found MSN with pattern USR/ANS ...mail_address\n"); ndpi_int_msn_add_connection(ndpi_struct, flow); return; } @@ -362,12 +356,12 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct (packet->content_line.len >= NDPI_STATICSTRING_LEN("text/x-msnmsgr") && memcmp(packet->content_line.ptr, "text/x-msnmsgr", NDPI_STATICSTRING_LEN("text/x-msnmsgr")) == 0))) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, "HTTP/1.0 200 OK .... application/x-msn-messenger.\n"); + NDPI_LOG_INFO(ndpi_struct, "found MSN application/x-msn-messenger\n"); ndpi_int_msn_add_connection(ndpi_struct, flow); return; } if(ndpi_int_find_xmsn(ndpi_struct, flow) == 1) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, "HTTP/1.0 200 OK .... X-MSN.\n"); + NDPI_LOG_INFO(ndpi_struct, "found MSN X-MSN\n"); ndpi_int_msn_add_connection(ndpi_struct, flow); return; } @@ -381,7 +375,7 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct && NDPI_COMPARE_PROTOCOL_TO_BITMASK(dst->detected_protocol_bitmask, NDPI_PROTOCOL_MSN) != 0)) { if (flow->packet_counter == 1 && packet->payload_packet_len > 12 && memcmp(packet->payload, "recipientid=", 12) == 0) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_DEBUG, "detected file transfer.\n"); + NDPI_LOG_INFO(ndpi_struct, "found MSN file transfer\n"); ndpi_int_msn_add_connection(ndpi_struct, flow); return; } @@ -396,7 +390,7 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct if((packet->payload_packet_len == 4 || packet->payload_packet_len == 8) && get_u_int32_t(packet->payload, 0) == htonl(0x04000000)) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_DEBUG, "maybe first TCP MSN detected\n"); + NDPI_LOG_DBG2(ndpi_struct, "maybe first TCP MSN detected\n"); if(packet->payload_packet_len == 8 && get_u_int32_t(packet->payload, 4) == htonl(0x666f6f00)) { flow->l4.tcp.msn_stage = 5 + packet->packet_direction; @@ -409,12 +403,12 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct } else if (flow->l4.tcp.msn_stage == 1 + packet->packet_direction) { if (packet->payload_packet_len > 10 && get_u_int32_t(packet->payload, 0) == htonl(0x666f6f00)) { ndpi_int_msn_add_connection(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, "MSN File Transfer detected 1\n"); + NDPI_LOG_INFO(ndpi_struct, "found MSN File Transfer 1\n"); return; } /* did not see this pattern in any trace */ if (packet->payload_packet_len == 56 && get_u_int32_t(packet->payload, 16) == 0) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_DEBUG, "maybe Second TCP MSN detected\n"); + NDPI_LOG_DBG2(ndpi_struct, "maybe Second TCP MSN detected\n"); flow->l4.tcp.msn_stage = 3 + packet->packet_direction; return; } @@ -423,30 +417,30 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct } else if (flow->l4.tcp.msn_stage == 2 - packet->packet_direction && packet->payload_packet_len == 4 && get_u_int32_t(packet->payload, 0) == htonl(0x30000000)) { ndpi_int_msn_add_connection(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, "MSN File Transfer detected 2\n"); + NDPI_LOG_INFO(ndpi_struct, "found MSN File Transfer 2\n"); return; } else if ((flow->l4.tcp.msn_stage == 3 + packet->packet_direction) || (flow->l4.tcp.msn_stage == 4 - packet->packet_direction)) { if (packet->payload_packet_len == 4 && get_u_int32_t(packet->payload, 0) == htonl(0x30000000)) { ndpi_int_msn_add_connection(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, "MSN File Transfer detected 2\n"); + NDPI_LOG_INFO(ndpi_struct, "found MSN File Transfer 2\n"); return; } } else if (flow->l4.tcp.msn_stage == 6 - packet->packet_direction) { if ((packet->payload_packet_len == 4) && (get_u_int32_t(packet->payload, 0) == htonl(0x10000000) || get_u_int32_t(packet->payload, 0) == htonl(0x30000000))) { ndpi_int_msn_add_connection(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, "MSN File Transfer detected 3\n"); + NDPI_LOG_INFO(ndpi_struct, "found MSN File Transfer 3\n"); return; } } else if (flow->l4.tcp.msn_stage == 5 + packet->packet_direction) { if ((packet->payload_packet_len == 20) && get_u_int32_t(packet->payload, 0) == htonl(0x10000000)) { ndpi_int_msn_add_connection(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, "MSN File Transfer detected 3\n"); + NDPI_LOG_INFO(ndpi_struct, "found MSN File Transfer 3\n"); return; } } - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_DEBUG, "msn 7.\n"); + NDPI_LOG_DBG(ndpi_struct, "msn 7\n"); if (flow->packet_counter <= MAX_PACKETS_FOR_MSN) { if (memcmp(&packet->payload[0], "MSG ", 4) == 0 @@ -459,13 +453,12 @@ static void ndpi_search_msn_tcp(struct ndpi_detection_module_struct *ndpi_struct || memcmp(&packet->payload[0], "XFR ", 4) == 0) { ndpi_int_msn_add_connection(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, "MSN detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found MSN\n"); return; } } - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, "MSN tcp excluded.\n"); ndpi_msn_exclude: - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MSN); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } /* search over UDP */ @@ -482,7 +475,7 @@ static void ndpi_search_msn_udp_misc(struct ndpi_detection_module_struct if ((src == NULL || NDPI_COMPARE_PROTOCOL_TO_BITMASK(src->detected_protocol_bitmask, NDPI_PROTOCOL_MSN) == 0) && (dst == NULL || NDPI_COMPARE_PROTOCOL_TO_BITMASK(dst->detected_protocol_bitmask, NDPI_PROTOCOL_MSN) == 0)) { - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MSN); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } @@ -490,7 +483,7 @@ static void ndpi_search_msn_udp_misc(struct ndpi_detection_module_struct if (packet->payload_packet_len == 20 && get_u_int32_t(packet->payload, 4) == 0 && packet->payload[9] == 0 && get_u_int16_t(packet->payload, 10) == htons(0x0100)) { - NDPI_LOG(NDPI_PROTOCOL_MSN, ndpi_struct, NDPI_LOG_TRACE, "msn udp misc data connection detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found MSN udp misc data connection\n"); ndpi_int_msn_add_connection(ndpi_struct, flow); } @@ -504,6 +497,7 @@ void ndpi_search_msn(struct ndpi_detection_module_struct *ndpi_struct, struct nd { struct ndpi_packet_struct *packet = &flow->packet; + NDPI_LOG_DBG(ndpi_struct, "search msn\n"); /* this if request should always be true */ if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MSN) == 0) { /* we deal with tcp now */ diff --git a/src/lib/protocols/mssql_tds.c b/src/lib/protocols/mssql_tds.c index 42cecb8e2..75507fd52 100644 --- a/src/lib/protocols/mssql_tds.c +++ b/src/lib/protocols/mssql_tds.c @@ -22,10 +22,15 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_MSSQL_TDS +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MSSQL_TDS + +#include "ndpi_api.h" + + struct tds_packet_header { u_int8_t type; u_int8_t status; @@ -46,24 +51,24 @@ void ndpi_search_mssql_tds(struct ndpi_detection_module_struct *ndpi_struct, str struct ndpi_packet_struct *packet = &flow->packet; struct tds_packet_header *h = (struct tds_packet_header*) packet->payload; + NDPI_LOG_DBG(ndpi_struct, "search mssql_tds\n"); + if(packet->payload_packet_len < sizeof(struct tds_packet_header)) { - NDPI_LOG(NDPI_PROTOCOL_MSSQL_TDS, ndpi_struct, NDPI_LOG_DEBUG, "exclude mssql_tds\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MSSQL_TDS); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } if((h->type >= 1 && h->type <= 8) || (h->type >= 14 && h->type <= 18)) { if(h->status == 0x00 || h->status == 0x01 || h->status == 0x02 || h->status == 0x04 || h->status == 0x08 || h->status == 0x09 || h->status == 0x10) { if(ntohs(h->length) == packet->payload_packet_len && h->window == 0x00) { - NDPI_LOG(NDPI_PROTOCOL_MSSQL_TDS, ndpi_struct, NDPI_LOG_DEBUG, "found mssql_tds\n"); + NDPI_LOG_INFO(ndpi_struct, "found mssql_tds\n"); ndpi_int_mssql_tds_add_connection(ndpi_struct, flow); return; } } } - NDPI_LOG(NDPI_PROTOCOL_MSSQL_TDS, ndpi_struct, NDPI_LOG_DEBUG, "exclude mssql_tds\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MSSQL_TDS); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/mysql.c b/src/lib/protocols/mysql.c index e500b2976..d1e695e55 100644 --- a/src/lib/protocols/mysql.c +++ b/src/lib/protocols/mysql.c @@ -23,10 +23,15 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_MYSQL +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_MYSQL + +#include "ndpi_api.h" + + static void ndpi_int_mysql_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -36,9 +41,9 @@ static void ndpi_int_mysql_add_connection(struct ndpi_detection_module_struct void ndpi_search_mysql_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; + + NDPI_LOG_DBG(ndpi_struct, "search MySQL\n"); - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; if(packet->tcp) { if (packet->payload_packet_len > 38 //min length && get_u_int16_t(packet->payload, 0) == packet->payload_packet_len - 4 //first 3 bytes are length @@ -55,7 +60,7 @@ void ndpi_search_mysql_tcp(struct ndpi_detection_module_struct *ndpi_struct, str && get_u_int64_t(packet->payload, a + 19) == 0x0ULL //13 more && get_u_int32_t(packet->payload, a + 27) == 0x0 //filler bytes && get_u_int8_t(packet->payload, a + 31) == 0x0) { - NDPI_LOG(NDPI_PROTOCOL_MYSQL, ndpi_struct, NDPI_LOG_DEBUG, "MySQL detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found MySQL\n"); ndpi_int_mysql_add_connection(ndpi_struct, flow); return; } @@ -65,7 +70,7 @@ void ndpi_search_mysql_tcp(struct ndpi_detection_module_struct *ndpi_struct, str } } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_MYSQL); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/netbios.c b/src/lib/protocols/netbios.c index c899086eb..d10a33b1a 100644 --- a/src/lib/protocols/netbios.c +++ b/src/lib/protocols/netbios.c @@ -23,10 +23,15 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_NETBIOS +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_NETBIOS + +#include "ndpi_api.h" + + struct netbios_header { u_int16_t transaction_id, flags, questions, answer_rrs, authority_rrs, additional_rrs; }; @@ -81,10 +86,10 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc u_int16_t dport; char name[64]; + NDPI_LOG_DBG(ndpi_struct, "search netbios\n"); if(packet->udp != NULL) { dport = ntohs(packet->udp->dest); - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "netbios udp start\n"); /*check standard NETBIOS over udp to port 137 */ if((dport == 137 || 0) && packet->payload_packet_len >= 50) { @@ -95,16 +100,14 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc h.questions = ntohs(h.questions), h.answer_rrs = ntohs(h.answer_rrs), h.authority_rrs = ntohs(h.authority_rrs), h.additional_rrs = ntohs(h.additional_rrs); - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, - NDPI_LOG_DEBUG, "found netbios port 137 and payload_packet_len 50\n"); + NDPI_LOG_DBG(ndpi_struct, "found netbios port 137 and payload_packet_len 50\n"); if(h.flags == 0 && h.questions == 1 && h.answer_rrs == 0 && h.authority_rrs == 0 && h.additional_rrs == 0) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, - NDPI_LOG_DEBUG, "found netbios with questions = 1 and answers = 0, authority = 0 \n"); + NDPI_LOG_INFO(ndpi_struct, "found netbios with questions = 1 and answers = 0, authority = 0 \n"); ndpi_int_netbios_add_connection(ndpi_struct, flow); return; @@ -114,8 +117,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc h.answer_rrs == 0 && h.authority_rrs == 0) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, - NDPI_LOG_DEBUG, "found netbios with questions = 1 and answers = 0, authority = 0 and broadcast \n"); + NDPI_LOG_INFO(ndpi_struct, "found netbios with questions = 1 and answers = 0, authority = 0 and broadcast \n"); if(ndpi_netbios_name_interpret((char*)&packet->payload[12], name, sizeof(name)) > 0) snprintf((char*)flow->host_server_name, sizeof(flow->host_server_name)-1, "%s", name); @@ -128,8 +130,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc h.answer_rrs == 0 && h.authority_rrs == 0 && h.additional_rrs == 1) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, - NDPI_LOG_DEBUG, "found netbios with questions = 1 and answers, authority, additional = 0 \n"); + NDPI_LOG_INFO(ndpi_struct, "found netbios with questions = 1 and answers, authority, additional = 0 \n"); ndpi_int_netbios_add_connection(ndpi_struct, flow); return; @@ -139,8 +140,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc h.answer_rrs == 0 && h.authority_rrs == 0 && h.additional_rrs == 1) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, - NDPI_LOG_DEBUG, "found netbios with questions = 1 and answers = 0, authority = 0 \n"); + NDPI_LOG_INFO(ndpi_struct, "found netbios with questions = 1 and answers = 0, authority = 0 \n"); ndpi_int_netbios_add_connection(ndpi_struct, flow); return; @@ -150,8 +150,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc h.answer_rrs == 1 && h.authority_rrs == 0 && h.additional_rrs == 0) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, - NDPI_LOG_DEBUG, + NDPI_LOG_INFO(ndpi_struct, "found netbios with flag 8400 questions = 0 and answers = 1, authority, additional = 0 \n"); ndpi_int_netbios_add_connection(ndpi_struct, flow); @@ -162,8 +161,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc h.answer_rrs == 1 && h.authority_rrs == 0 && h.additional_rrs == 0) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, - NDPI_LOG_DEBUG, + NDPI_LOG_INFO(ndpi_struct, "found netbios with flag 8500 questions = 0 and answers = 1, authority, additional = 0 \n"); ndpi_int_netbios_add_connection(ndpi_struct, flow); @@ -174,8 +172,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc h.answer_rrs == 0 && h.authority_rrs == 0 && h.additional_rrs == 1) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, - NDPI_LOG_DEBUG, + NDPI_LOG_INFO(ndpi_struct, "found netbios with flag 2910, questions = 1 and answers, authority=0, additional = 1 \n"); ndpi_int_netbios_add_connection(ndpi_struct, flow); @@ -186,8 +183,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc h.answer_rrs == 1 && h.authority_rrs == 0 && h.additional_rrs == 0) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, - NDPI_LOG_DEBUG, + NDPI_LOG_INFO(ndpi_struct, "found netbios with flag ad86 questions = 0 and answers = 1, authority, additional = 0 \n"); ndpi_int_netbios_add_connection(ndpi_struct, flow); @@ -198,8 +194,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc h.answer_rrs == 0 && h.authority_rrs == 0 && h.additional_rrs == 0) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, - NDPI_LOG_DEBUG, + NDPI_LOG_INFO(ndpi_struct, "found netbios with flag 0110 questions = 1 and answers = 0, authority, additional = 0 \n"); ndpi_int_netbios_add_connection(ndpi_struct, flow); @@ -208,7 +203,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc if((h.flags & 0xf800) == 0) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "possible netbios name query request\n"); + NDPI_LOG_DBG2(ndpi_struct, "possible netbios name query request\n"); if(get_u_int16_t(packet->payload, 4) == htons(1) && get_u_int16_t(packet->payload, 6) == 0 && @@ -217,12 +212,12 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc /* name is encoded as described in rfc883 */ u_int8_t name_length = packet->payload[12]; - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "possible netbios name query request, one question\n"); if(packet->payload_packet_len == 12 + 1 + name_length + 1 + 2 + 2) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "possible netbios name query request, length matches\n"); /* null terminated? */ @@ -230,7 +225,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc get_u_int16_t(packet->payload, 12 + name_length + 2) == htons(0x0020) && get_u_int16_t(packet->payload, 12 + name_length + 4) == htons(0x0001)) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_INFO(ndpi_struct, "found netbios name query request\n"); ndpi_int_netbios_add_connection(ndpi_struct, flow); return; @@ -238,7 +233,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc } } } else if((h.flags & 0xf800) == 0x8000) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "possible netbios name query response\n"); if(get_u_int16_t(packet->payload, 4) == 0 && @@ -248,12 +243,12 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc /* name is encoded as described in rfc883 */ u_int8_t name_length = packet->payload[12]; - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "possible netbios positive name query response, one answer\n"); if(packet->payload_packet_len >= 12 + 1 + name_length + 1 + 2 + 2) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "possible netbios name query response, length matches\n"); /* null terminated? */ @@ -261,7 +256,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc get_u_int16_t(packet->payload, 12 + name_length + 2) == htons(0x0020) && get_u_int16_t(packet->payload, 12 + name_length + 4) == htons(0x0001)) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_INFO(ndpi_struct, "found netbios name query response\n"); ndpi_int_netbios_add_connection(ndpi_struct, flow); return; @@ -274,12 +269,12 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc /* name is encoded as described in rfc883 */ u_int8_t name_length = packet->payload[12]; - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "possible netbios negative name query response, one answer\n"); if(packet->payload_packet_len >= 12 + 1 + name_length + 1 + 2 + 2) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "possible netbios name query response, length matches\n"); /* null terminated? */ @@ -287,7 +282,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc get_u_int16_t(packet->payload, 12 + name_length + 2) == htons(0x000A) && get_u_int16_t(packet->payload, 12 + name_length + 4) == htons(0x0001)) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_INFO(ndpi_struct, "found netbios name query response\n"); ndpi_int_netbios_add_connection(ndpi_struct, flow); return; @@ -300,12 +295,12 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc /* name is encoded as described in rfc883 */ u_int8_t name_length = packet->payload[12]; - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "possible netbios redirect name query response, one answer\n"); if(packet->payload_packet_len >= 12 + 1 + name_length + 1 + 2 + 2) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "possible netbios name query response, length matches\n"); /* null terminated? */ @@ -313,7 +308,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc get_u_int16_t(packet->payload, 12 + name_length + 2) == htons(0x0002) && get_u_int16_t(packet->payload, 12 + name_length + 4) == htons(0x0001)) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_INFO(ndpi_struct, "found netbios name query response\n"); ndpi_int_netbios_add_connection(ndpi_struct, flow); return; @@ -332,17 +327,14 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc packet->payload_packet_len >= 14 && ntohs(get_u_int16_t(packet->payload, 10)) == packet->payload_packet_len - 14) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, - NDPI_LOG_DEBUG, "found netbios port 138 and payload length >= 112 \n"); + NDPI_LOG_DBG2(ndpi_struct, "found netbios port 138 and payload length >= 112 \n"); if(packet->payload[0] >= 0x11 && packet->payload[0] <= 0x16) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, - NDPI_LOG_DEBUG, "found netbios with MSG-type 0x11,0x12,0x13,0x14,0x15 or 0x16\n"); + NDPI_LOG_DBG2(ndpi_struct, "found netbios with MSG-type 0x11,0x12,0x13,0x14,0x15 or 0x16\n"); if(ntohl(get_u_int32_t(packet->payload, 4)) == ntohl(packet->iph->saddr)) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, - NDPI_LOG_DEBUG, "found netbios with checked ip-address.\n"); + NDPI_LOG_INFO(ndpi_struct, "found netbios with checked ip-address\n"); if(ndpi_netbios_name_interpret((char*)&packet->payload[12], name, sizeof(name)) > 0) snprintf((char*)flow->host_server_name, sizeof(flow->host_server_name)-1, "%s", name); @@ -357,21 +349,17 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc if(packet->tcp != NULL) { dport = ntohs(packet->tcp->dest); - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "netbios tcp start\n"); - /* destination port must be 139 */ if(dport == 139) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "found netbios with destination port 139\n"); + NDPI_LOG_DBG2(ndpi_struct, "found netbios with destination port 139\n"); /* payload_packet_len must be 72 */ if(packet->payload_packet_len == 72) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, - NDPI_LOG_DEBUG, "found netbios with payload_packen_len = 72. \n"); + NDPI_LOG_DBG2(ndpi_struct, "found netbios with payload_packen_len = 72. \n"); if(packet->payload[0] == 0x81 && packet->payload[1] == 0 && ntohs(get_u_int16_t(packet->payload, 2)) == 68) { - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, - NDPI_LOG_DEBUG, + NDPI_LOG_INFO(ndpi_struct, "found netbios with session request = 81, flags=0 and length od following bytes = 68. \n"); ndpi_int_netbios_add_connection(ndpi_struct, flow); @@ -382,8 +370,7 @@ void ndpi_search_netbios(struct ndpi_detection_module_struct *ndpi_struct, struc } - NDPI_LOG(NDPI_PROTOCOL_NETBIOS, ndpi_struct, NDPI_LOG_DEBUG, "exclude netbios\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_NETBIOS); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } void init_netbios_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) diff --git a/src/lib/protocols/netflow.c b/src/lib/protocols/netflow.c index 54c634263..a553e4b6a 100644 --- a/src/lib/protocols/netflow.c +++ b/src/lib/protocols/netflow.c @@ -18,10 +18,14 @@ * */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_NETFLOW + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_NETFLOW #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_NETFLOW #ifdef WIN32 extern int gettimeofday(struct timeval * tp, struct timezone * tzp); @@ -95,7 +99,7 @@ struct flow_ver7_rec { u_int32_t router_sc; /* Router which is shortcut by switch */ }; -static void ndpi_check_netflow(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) +void ndpi_search_netflow(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; // const u_int8_t *packet_payload = packet->payload; @@ -103,6 +107,8 @@ static void ndpi_check_netflow(struct ndpi_detection_module_struct *ndpi_struct, time_t now; struct timeval now_tv; + NDPI_LOG_DBG(ndpi_struct, "search netflow\n"); + if((packet->udp != NULL) && (payload_len >= 24)) { u_int16_t version = (packet->payload[0] << 8) + packet->payload[1], uptime_offset; u_int32_t when, *_when; @@ -132,7 +138,7 @@ static void ndpi_check_netflow(struct ndpi_detection_module_struct *ndpi_struct, } if((expected_len > 0) && (expected_len != payload_len)) { - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_NETFLOW); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } @@ -159,20 +165,13 @@ static void ndpi_check_netflow(struct ndpi_detection_module_struct *ndpi_struct, if(((version == 1) && (when == 0)) || ((when >= 946684800 /* 1/1/2000 */) && (when <= now))) { - NDPI_LOG(NDPI_PROTOCOL_NETFLOW, ndpi_struct, NDPI_LOG_DEBUG, "Found netflow.\n"); + NDPI_LOG_INFO(ndpi_struct, "found netflow\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_NETFLOW, NDPI_PROTOCOL_UNKNOWN); return; } } } -void ndpi_search_netflow(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) -{ - NDPI_LOG(NDPI_PROTOCOL_NETFLOW, ndpi_struct, NDPI_LOG_DEBUG, "netflow detection...\n"); - ndpi_check_netflow(ndpi_struct, flow); -} - - void init_netflow_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { ndpi_set_bitmask_protocol_detection("NetFlow", ndpi_struct, detection_bitmask, *id, diff --git a/src/lib/protocols/nfs.c b/src/lib/protocols/nfs.c index 36fc007d6..c074b9d3b 100644 --- a/src/lib/protocols/nfs.c +++ b/src/lib/protocols/nfs.c @@ -23,10 +23,15 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_NFS +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_NFS + +#include "ndpi_api.h" + + static void ndpi_int_nfs_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -37,8 +42,7 @@ void ndpi_search_nfs(struct ndpi_detection_module_struct *ndpi_struct, struct nd { struct ndpi_packet_struct *packet = &flow->packet; -// struct ndpi_id_struct *src=ndpi_struct->src; -// struct ndpi_id_struct *dst=ndpi_struct->dst; + NDPI_LOG_DBG(ndpi_struct, "search NFS\n"); u_int8_t offset = 0; if (packet->tcp != NULL) @@ -47,41 +51,41 @@ void ndpi_search_nfs(struct ndpi_detection_module_struct *ndpi_struct, struct nd if (packet->payload_packet_len < (40 + offset)) goto exclude_nfs; - NDPI_LOG(NDPI_PROTOCOL_NFS, ndpi_struct, NDPI_LOG_DEBUG, "NFS user match stage 1\n"); + NDPI_LOG_DBG2(ndpi_struct, "NFS user match stage 1\n"); if (offset != 0 && get_u_int32_t(packet->payload, 0) != htonl(0x80000000 + packet->payload_packet_len - 4)) goto exclude_nfs; - NDPI_LOG(NDPI_PROTOCOL_NFS, ndpi_struct, NDPI_LOG_DEBUG, "NFS user match stage 2\n"); + NDPI_LOG_DBG2(ndpi_struct, "NFS user match stage 2\n"); if (get_u_int32_t(packet->payload, 4 + offset) != 0) goto exclude_nfs; - NDPI_LOG(NDPI_PROTOCOL_NFS, ndpi_struct, NDPI_LOG_DEBUG, "NFS user match stage 3\n"); + NDPI_LOG_DBG2(ndpi_struct, "NFS user match stage 3\n"); if (get_u_int32_t(packet->payload, 8 + offset) != htonl(0x02)) goto exclude_nfs; - NDPI_LOG(NDPI_PROTOCOL_NFS, ndpi_struct, NDPI_LOG_DEBUG, "NFS match stage 3\n"); + NDPI_LOG_DBG2(ndpi_struct, "NFS match stage 3\n"); if (get_u_int32_t(packet->payload, 12 + offset) != htonl(0x000186a5) && get_u_int32_t(packet->payload, 12 + offset) != htonl(0x000186a3) && get_u_int32_t(packet->payload, 12 + offset) != htonl(0x000186a0)) goto exclude_nfs; - NDPI_LOG(NDPI_PROTOCOL_NFS, ndpi_struct, NDPI_LOG_DEBUG, "NFS match stage 4\n"); + NDPI_LOG_DBG2(ndpi_struct, "NFS match stage 4\n"); if (ntohl(get_u_int32_t(packet->payload, 16 + offset)) > 4) goto exclude_nfs; - NDPI_LOG(NDPI_PROTOCOL_NFS, ndpi_struct, NDPI_LOG_DEBUG, "NFS match\n"); + NDPI_LOG_INFO(ndpi_struct, "found NFS\n"); ndpi_int_nfs_add_connection(ndpi_struct, flow); return; exclude_nfs: - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_NFS); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/nintendo.c b/src/lib/protocols/nintendo.c index d4f289d66..8b76f33a6 100644 --- a/src/lib/protocols/nintendo.c +++ b/src/lib/protocols/nintendo.c @@ -21,11 +21,14 @@ * */ - -#include "ndpi_api.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_NINTENDO +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_NINTENDO + +#include "ndpi_api.h" + static void ndpi_int_nintendo_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int8_t due_to_correlation) { @@ -43,15 +46,14 @@ void ndpi_search_nintendo(struct ndpi_detection_module_struct *ndpi_struct, stru const char nintendo_pattern[] = { 0x32, 0xab, 0x98, 0x64, 0x02 }; if(memcmp(payload, nintendo_pattern, 5) == 0) { - NDPI_LOG(NDPI_PROTOCOL_NINTENDO, ndpi_struct, NDPI_LOG_DEBUG, "Found nintendo.\n"); + NDPI_LOG_INFO(ndpi_struct, "found nintendo\n"); ndpi_int_nintendo_add_connection(ndpi_struct, flow, 0); return; } } } - NDPI_LOG(NDPI_PROTOCOL_NINTENDO, ndpi_struct, NDPI_LOG_DEBUG, "Exclude Nintendo.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_NINTENDO); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } void init_nintendo_dissector(struct ndpi_detection_module_struct *ndpi_struct, diff --git a/src/lib/protocols/noe.c b/src/lib/protocols/noe.c index 814cfc4a0..9899b056b 100644 --- a/src/lib/protocols/noe.c +++ b/src/lib/protocols/noe.c @@ -5,28 +5,32 @@ * */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_NOE + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_NOE #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_NOE static void ndpi_int_noe_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_NOE, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found noe\n"); } void ndpi_search_noe(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_NOE, ndpi_struct, NDPI_LOG_DEBUG, "search for NOE.\n"); + NDPI_LOG_DBG(ndpi_struct, "search NOE\n"); if(packet->udp != NULL) { - NDPI_LOG(NDPI_PROTOCOL_NOE, ndpi_struct, NDPI_LOG_DEBUG, "calculating dport over udp.\n"); + NDPI_LOG_DBG2(ndpi_struct, "calculating dport over udp\n"); if (packet->payload_packet_len == 1 && ( packet->payload[0] == 0x05 || packet->payload[0] == 0x04 )) { - NDPI_LOG(NDPI_PROTOCOL_NOE, ndpi_struct, NDPI_LOG_DEBUG, "found noe.\n"); ndpi_int_noe_add_connection(ndpi_struct, flow); return; } else if((packet->payload_packet_len == 5 || packet->payload_packet_len == 12) && @@ -34,19 +38,18 @@ void ndpi_search_noe(struct ndpi_detection_module_struct *ndpi_struct, struct nd (packet->payload[1] == 0x00 ) && (packet->payload[2] != 0x00 ) && (packet->payload[3] == 0x00 )) { - NDPI_LOG(NDPI_PROTOCOL_NOE, ndpi_struct, NDPI_LOG_DEBUG, "found noe.\n"); ndpi_int_noe_add_connection(ndpi_struct, flow); + return; } else if((packet->payload_packet_len >= 25) && (packet->payload[0] == 0x00 && packet->payload[1] == 0x06 && packet->payload[2] == 0x62 && packet->payload[3] == 0x6c)) { - NDPI_LOG(NDPI_PROTOCOL_NOE, ndpi_struct, NDPI_LOG_DEBUG, "found noe.\n"); ndpi_int_noe_add_connection(ndpi_struct, flow); + return; } } else { - NDPI_LOG(NDPI_PROTOCOL_NOE, ndpi_struct, NDPI_LOG_DEBUG, "exclude NOE.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_NOE); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } diff --git a/src/lib/protocols/ntp.c b/src/lib/protocols/ntp.c index 6e355c9f8..3b8eb3d7d 100644 --- a/src/lib/protocols/ntp.c +++ b/src/lib/protocols/ntp.c @@ -22,10 +22,13 @@ * */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_NTP +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_NTP + +#include "ndpi_api.h" static void ndpi_int_ntp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -37,31 +40,28 @@ void ndpi_search_ntp_udp(struct ndpi_detection_module_struct *ndpi_struct, struc { struct ndpi_packet_struct *packet = &flow->packet; - if (!(packet->udp->dest == htons(123) || packet->udp->source == htons(123))) - goto exclude_ntp; - - NDPI_LOG(NDPI_PROTOCOL_NTP, ndpi_struct, NDPI_LOG_DEBUG, "NTP port detected\n"); - - NDPI_LOG(NDPI_PROTOCOL_NTP, ndpi_struct, NDPI_LOG_DEBUG, "NTP length detected\n"); + NDPI_LOG_DBG(ndpi_struct, "search NTP\n"); + + if (packet->udp->dest == htons(123) || packet->udp->source == htons(123)) { + NDPI_LOG_DBG2(ndpi_struct, "NTP port and length detected\n"); - if ((((packet->payload[0] & 0x38) >> 3) <= 4)) { - NDPI_LOG(NDPI_PROTOCOL_NTP, ndpi_struct, NDPI_LOG_DEBUG, "detected NTP."); + if ((((packet->payload[0] & 0x38) >> 3) <= 4)) { - // 38 in binary representation is 00111000 - flow->protos.ntp.version = (packet->payload[0] & 0x38) >> 3; + // 38 in binary representation is 00111000 + flow->protos.ntp.version = (packet->payload[0] & 0x38) >> 3; - if (flow->protos.ntp.version == 2) { - flow->protos.ntp.request_code = packet->payload[3]; - } + if (flow->protos.ntp.version == 2) { + flow->protos.ntp.request_code = packet->payload[3]; + } - ndpi_int_ntp_add_connection(ndpi_struct, flow); - return; + NDPI_LOG_INFO(ndpi_struct, "found NTP\n"); + ndpi_int_ntp_add_connection(ndpi_struct, flow); + return; + } } - - exclude_ntp: - NDPI_LOG(NDPI_PROTOCOL_NTP, ndpi_struct, NDPI_LOG_DEBUG, "NTP excluded.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_NTP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + } diff --git a/src/lib/protocols/openft.c b/src/lib/protocols/openft.c index c4a10645b..4a86a067f 100644 --- a/src/lib/protocols/openft.c +++ b/src/lib/protocols/openft.c @@ -22,10 +22,14 @@ * */ +#include "ndpi_protocol_ids.h" -#include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_OPENFT +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_OPENFT + +#include "ndpi_protocols.h" + static void ndpi_int_openft_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -37,21 +41,18 @@ void ndpi_search_openft_tcp(struct ndpi_detection_module_struct { struct ndpi_packet_struct *packet = &flow->packet; -// struct ndpi_id_struct *src=ndpi_struct->src; -// struct ndpi_id_struct *dst=ndpi_struct->dst; - if (packet->payload_packet_len > 5 && memcmp(packet->payload, "GET /", 5) == 0) { - NDPI_LOG(NDPI_PROTOCOL_OPENFT, ndpi_struct, NDPI_LOG_DEBUG, "HTTP packet detected.\n"); + NDPI_LOG_DBG2(ndpi_struct, "HTTP packet detected\n"); ndpi_parse_packet_line_info(ndpi_struct, flow); if (packet->parsed_lines >= 2 && packet->line[1].len > 13 && memcmp(packet->line[1].ptr, "X-OpenftAlias:", 14) == 0) { - NDPI_LOG(NDPI_PROTOCOL_OPENFT, ndpi_struct, NDPI_LOG_DEBUG, "OpenFT detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found OpenFT\n"); ndpi_int_openft_add_connection(ndpi_struct, flow); return; } } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_OPENFT); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/openvpn.c b/src/lib/protocols/openvpn.c index 234f18df8..6756c173d 100644 --- a/src/lib/protocols/openvpn.c +++ b/src/lib/protocols/openvpn.c @@ -21,10 +21,15 @@ * */ -#include "ndpi_api.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_OPENVPN +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_OPENVPN + +#include "ndpi_api.h" + + #define P_CONTROL_HARD_RESET_CLIENT_V1 (0x01 << 3) #define P_CONTROL_HARD_RESET_CLIENT_V2 (0x07 << 3) #define P_CONTROL_HARD_RESET_SERVER_V1 (0x02 << 3) @@ -81,7 +86,7 @@ void ndpi_search_openvpn(struct ndpi_detection_module_struct* ndpi_struct, if (check_pkid_and_detect_hmac_size(ovpn_payload) > 0) { memcpy(flow->ovpn_session_id, ovpn_payload+1, 8); - NDPI_LOG(NDPI_PROTOCOL_OPENVPN, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "session key: %02x%02x%02x%02x%02x%02x%02x%02x\n", flow->ovpn_session_id[0], flow->ovpn_session_id[1], flow->ovpn_session_id[2], flow->ovpn_session_id[3], flow->ovpn_session_id[4], flow->ovpn_session_id[5], flow->ovpn_session_id[6], flow->ovpn_session_id[7]); @@ -95,10 +100,12 @@ void ndpi_search_openvpn(struct ndpi_detection_module_struct* ndpi_struct, alen = ovpn_payload[P_PACKET_ID_ARRAY_LEN_OFFSET(hmac_size)]; session_remote = ovpn_payload + P_PACKET_ID_ARRAY_LEN_OFFSET(hmac_size) + 1 + alen * 4; - if (memcmp(flow->ovpn_session_id, session_remote, 8) == 0) - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OPENVPN, NDPI_PROTOCOL_UNKNOWN); + if (memcmp(flow->ovpn_session_id, session_remote, 8) == 0) { + NDPI_LOG_INFO(ndpi_struct,"found openvpn\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OPENVPN, NDPI_PROTOCOL_UNKNOWN); + } else { - NDPI_LOG(NDPI_PROTOCOL_OPENVPN, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "key mismatch: %02x%02x%02x%02x%02x%02x%02x%02x\n", session_remote[0], session_remote[1], session_remote[2], session_remote[3], session_remote[4], session_remote[5], session_remote[6], session_remote[7]); @@ -111,8 +118,9 @@ void ndpi_search_openvpn(struct ndpi_detection_module_struct* ndpi_struct, flow->ovpn_counter++; - if (failed) - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_OPENVPN); + if (failed) { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + } } } diff --git a/src/lib/protocols/oracle.c b/src/lib/protocols/oracle.c index 0a12b8676..5fda78672 100644 --- a/src/lib/protocols/oracle.c +++ b/src/lib/protocols/oracle.c @@ -18,11 +18,15 @@ * */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_ORACLE + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_ORACLE #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_ORACLE static void ndpi_int_oracle_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -34,11 +38,11 @@ void ndpi_search_oracle(struct ndpi_detection_module_struct *ndpi_struct, struct struct ndpi_packet_struct *packet = &flow->packet; u_int16_t dport = 0, sport = 0; - NDPI_LOG(NDPI_PROTOCOL_ORACLE, ndpi_struct, NDPI_LOG_DEBUG, "search for ORACLE.\n"); + NDPI_LOG_DBG(ndpi_struct, "search ORACLE\n"); if(packet->tcp != NULL) { sport = ntohs(packet->tcp->source), dport = ntohs(packet->tcp->dest); - NDPI_LOG(NDPI_PROTOCOL_ORACLE, ndpi_struct, NDPI_LOG_DEBUG, "calculating ORACLE over tcp.\n"); + NDPI_LOG_DBG2(ndpi_struct, "calculating ORACLE over tcp\n"); /* Oracle Database 9g,10g,11g */ if ((dport == 1521 || sport == 1521) && (((packet->payload[0] == 0x07) && (packet->payload[1] == 0xff) && (packet->payload[2] == 0x00)) @@ -46,17 +50,16 @@ void ndpi_search_oracle(struct ndpi_detection_module_struct *ndpi_struct, struct && (packet->payload[1] != 0x00) && (packet->payload[2] == 0x00) && (packet->payload[3] == 0x00)))) { - NDPI_LOG(NDPI_PROTOCOL_ORACLE, ndpi_struct, NDPI_LOG_DEBUG, "found oracle.\n"); + NDPI_LOG_INFO(ndpi_struct, "found oracle\n"); ndpi_int_oracle_add_connection(ndpi_struct, flow); } else if (packet->payload_packet_len == 213 && packet->payload[0] == 0x00 && packet->payload[1] == 0xd5 && packet->payload[2] == 0x00 && packet->payload[3] == 0x00 ) { - NDPI_LOG(NDPI_PROTOCOL_ORACLE, ndpi_struct, NDPI_LOG_DEBUG, "found oracle.\n"); + NDPI_LOG_INFO(ndpi_struct, "found oracle\n"); ndpi_int_oracle_add_connection(ndpi_struct, flow); } } else { - NDPI_LOG(NDPI_PROTOCOL_ORACLE, ndpi_struct, NDPI_LOG_DEBUG, "exclude ORACLE.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_ORACLE); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } diff --git a/src/lib/protocols/oscar.c b/src/lib/protocols/oscar.c index d6ca25cde..6dec353a5 100644 --- a/src/lib/protocols/oscar.c +++ b/src/lib/protocols/oscar.c @@ -22,6 +22,11 @@ * */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_OSCAR + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_OSCAR #include "ndpi_api.h" @@ -69,7 +74,6 @@ #define EMAIL 0x0018 #define IS_EXT 0x0085 -#ifdef NDPI_PROTOCOL_OSCAR static void ndpi_int_oscar_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -146,28 +150,28 @@ static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct /* No TLVs */ if(packet->payload_packet_len == 10) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR - Sign In \n"); + NDPI_LOG_INFO(ndpi_struct, "found OSCAR - Sign In \n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); return; } /* /\* SCREEN_NAME *\/ */ /* if (get_u_int16_t(packet->payload, 10) == htons(SCREEN_NAME)) /\* packet->payload[10] == 0x00 && packet->payload[11] == 0x01 *\/ */ /* { */ - /* NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR - Screen Name \n"); */ + /* NDPI_LOG_INFO(ndpi_struct, "found OSCAR - Screen Name \n"); */ /* ndpi_int_oscar_add_connection(ndpi_struct, flow); */ /* return; */ /* } */ /* /\* PASSWD *\/ */ /* if (get_u_int16_t(packet->payload, 10) == htons(PASSWD)) /\* packet->payload[10] == 0x00 && packet->payload[11] == 0x02 *\/ */ /* { */ - /* NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR - Password (roasted) \n"); */ + /* NDPI_LOG_INFO(ndpi_struct, "found OSCAR - Password (roasted) \n"); */ /* ndpi_int_oscar_add_connection(ndpi_struct, flow); */ /* return; */ /* } */ /* CLIENT_NAME */ if (get_u_int16_t(packet->payload, 10) == htons(CLIENT_NAME)) /* packet->payload[10] == 0x00 && packet->payload[11] == 0x03 */ { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR - Client Name \n"); + NDPI_LOG_INFO(ndpi_struct, "found OSCAR - Client Name \n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); return; } @@ -182,7 +186,7 @@ static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct (get_u_int8_t(packet->payload, packet->payload_packet_len - 1) == 0x01) || (get_u_int8_t(packet->payload, packet->payload_packet_len - 1) == 0x03)) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR - Login \n"); + NDPI_LOG_INFO(ndpi_struct, "found OSCAR - Login \n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); return; } @@ -191,35 +195,35 @@ static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct /* MAJOR_VERSION */ if (get_u_int16_t(packet->payload, 10) == htons(MAJOR_VERSION)) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR - Major_Version \n"); + NDPI_LOG_INFO(ndpi_struct, "found OSCAR - Major_Version \n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); return; } /* MINOR_VERSION */ if (get_u_int16_t(packet->payload, 10) == htons(MINOR_VERSION)) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR - Minor_Version \n"); + NDPI_LOG_INFO(ndpi_struct, "found OSCAR - Minor_Version \n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); return; } /* POINT_VERSION */ if (get_u_int16_t(packet->payload, 10) == htons(POINT_VERSION)) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR - Point_Version \n"); + NDPI_LOG_INFO(ndpi_struct, "found OSCAR - Point_Version \n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); return; } /* BUILD_NUM */ if (get_u_int16_t(packet->payload, 10) == htons(BUILD_NUM)) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR - Build_Num \n"); + NDPI_LOG_INFO(ndpi_struct, "found OSCAR - Build_Num \n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); return; } /* CLIENT_RECONNECT */ if (get_u_int16_t(packet->payload, 10) == htons(CLIENT_RECONNECT)) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR - Client_Reconnect \n"); + NDPI_LOG_INFO(ndpi_struct, "found OSCAR - Client_Reconnect \n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); return; } @@ -254,7 +258,7 @@ static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct type = 0; if (family == 0 || type == 0) { - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_OSCAR); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } @@ -565,8 +569,7 @@ static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct if(excluded == 1) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "exclude oscar.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_OSCAR); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } /* flag */ @@ -581,7 +584,7 @@ static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct req_ID = get_u_int32_t(packet->payload, 12); if((req_ID <= ((u_int32_t)-1))) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR Detected \n"); + NDPI_LOG_INFO(ndpi_struct, "found OSCAR\n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); return; } @@ -595,7 +598,7 @@ static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct */ if (channel == O_ERROR) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR Detected - Error frame \n"); + NDPI_LOG_INFO(ndpi_struct, "found OSCAR - Error frame \n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); return; } @@ -605,7 +608,7 @@ static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct */ if (channel == SIGNOFF) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR Detected - Signoff frame \n"); + NDPI_LOG_INFO(ndpi_struct, "found OSCAR - Signoff frame \n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); return; } @@ -615,7 +618,7 @@ static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct */ if (channel == KEEP_ALIVE) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR Detected - Keep Alive frame \n"); + NDPI_LOG_INFO(ndpi_struct, "found OSCAR - Keep Alive frame \n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); return; } @@ -628,8 +631,8 @@ static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct NDPI_PARSE_PACKET_LINE_INFO(ndpi_struct, flow, packet); if (packet->host_line.len >= 18 && packet->host_line.ptr != NULL) { if (memcmp(packet->host_line.ptr, "lifestream.aol.com", 18) == 0) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, - "OSCAR over HTTP found, POST method\n"); + NDPI_LOG_INFO(ndpi_struct, + "found OSCAR over HTTP, POST method\n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); return; } @@ -643,7 +646,7 @@ static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct (memcmp(&packet->payload[5], "aim/gromit/aim_express", 22) == 0) || (memcmp(&packet->payload[5], "b/ss/aolwpaim", 13) == 0) || (memcmp(&packet->payload[5], "hss/storage/aimtmpshare", 23) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR over HTTP found, GET /aim/\n"); + NDPI_LOG_INFO(ndpi_struct, "found OSCAR over HTTP, GET /aim/\n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); return; } @@ -656,7 +659,7 @@ static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct (memcmp(packet->user_agent_line.ptr, "mobileICQ/", 10) == 0) || (memcmp(packet->user_agent_line.ptr, "AIM%20Free/", NDPI_STATICSTRING_LEN("AIM%20Free/")) == 0) || (memcmp(packet->user_agent_line.ptr, "AIM/", 4) == 0))) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR over HTTP found\n"); + NDPI_LOG_INFO(ndpi_struct, "found OSCAR over HTTP\n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); return; } @@ -670,8 +673,8 @@ static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct for (i = 0; i < (packet->referer_line.len - 22); i++) { if (packet->referer_line.ptr[i] == 'a') { if (memcmp(&packet->referer_line.ptr[i + 1], "im/gromit/aim_express", 21) == 0) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, - "OSCAR over HTTP found : aim/gromit/aim_express\n"); + NDPI_LOG_INFO(ndpi_struct, + "found OSCAR over HTTP : aim/gromit/aim_express\n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); return; } @@ -682,12 +685,12 @@ static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct } if (memcmp(packet->payload, "CONNECT ", 8) == 0) { if (memcmp(packet->payload, "CONNECT login.icq.com:443 HTTP/1.", 33) == 0) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR ICQ-HTTP FOUND\n"); + NDPI_LOG_INFO(ndpi_struct, "found OSCAR ICQ-HTTP\n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); return; } if (memcmp(packet->payload, "CONNECT login.oscar.aol.com:5190 HTTP/1.", 40) == 0) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR AIM-HTTP FOUND\n"); + NDPI_LOG_INFO(ndpi_struct, "found OSCAR AIM-HTTP\n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); return; } @@ -697,33 +700,33 @@ static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct if (packet->payload_packet_len > 43 && memcmp(packet->payload, "GET http://http.proxy.icq.com/hello HTTP/1.", 43) == 0) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR ICQ-HTTP PROXY FOUND\n"); + NDPI_LOG_INFO(ndpi_struct, "found OSCAR ICQ-HTTP PROXY\n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); return; } if (packet->payload_packet_len > 46 && memcmp(packet->payload, "GET http://aimhttp.oscar.aol.com/hello HTTP/1.", 46) == 0) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR AIM-HTTP PROXY FOUND\n"); + NDPI_LOG_INFO(ndpi_struct, "found OSCAR AIM-HTTP PROXY\n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); return; } if (packet->payload_packet_len > 5 && get_u_int32_t(packet->payload, 0) == htonl(0x05010003)) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "Maybe OSCAR Picturetransfer\n"); + NDPI_LOG_DBG2(ndpi_struct, "Maybe OSCAR Picturetransfer\n"); return; } if (packet->payload_packet_len == 10 && get_u_int32_t(packet->payload, 0) == htonl(0x05000001) && get_u_int32_t(packet->payload, 4) == 0) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "Maybe OSCAR Picturetransfer\n"); + NDPI_LOG_DBG2(ndpi_struct, "Maybe OSCAR Picturetransfer\n"); return; } if (packet->payload_packet_len >= 70 && memcmp(&packet->payload[packet->payload_packet_len - 26], "\x67\x00\x65\x00\x74\x00\x43\x00\x61\x00\x74\x00\x61\x00\x6c\x00\x6f\x00\x67", 19) == 0) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR PICTURE TRANSFER\n"); + NDPI_LOG_INFO(ndpi_struct, "found OSCAR PICTURE TRANSFER\n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); return; } @@ -751,7 +754,7 @@ static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct == 0) )))) { // FILE TRANSFER PATTERN:: OFT3 or OFT2 - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR FILE TRANSFER\n"); + NDPI_LOG_INFO(ndpi_struct, "found OSCAR FILE TRANSFER\n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); return; } @@ -759,7 +762,7 @@ static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct if (memcmp(packet->payload, "ODC2", 4) == 0 && memcmp(&packet->payload[6], "\x00\x01\x00\x06", 4) == 0) { //PICTURE TRANSFER PATTERN EXMAPLE:: //4f 44 43 32 00 4c 00 01 00 06 00 00 00 00 00 00 ODC2.L.......... - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR PICTURE TRANSFER\n"); + NDPI_LOG_INFO(ndpi_struct, "found OSCAR PICTURE TRANSFER\n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); return; } @@ -770,7 +773,7 @@ static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct && packet->payload[packet->payload_packet_len - 12] == 'L' && (memcmp(&packet->payload[packet->payload_packet_len - 6], "DEST", 4) == 0) && (memcmp(&packet->payload[packet->payload_packet_len - 2], "\x00\x00", 2) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR PICTURE TRANSFER\n"); + NDPI_LOG_INFO(ndpi_struct, "found OSCAR PICTURE TRANSFER\n"); ndpi_int_oscar_add_connection(ndpi_struct, flow); if (ntohs(packet->tcp->dest) == 443 || ntohs(packet->tcp->source) == 443) { flow->oscar_ssl_voice_stage = 1; @@ -787,7 +790,7 @@ static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_OSCAR) { - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_OSCAR); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } } @@ -795,8 +798,8 @@ static void ndpi_search_oscar_tcp_connect(struct ndpi_detection_module_struct void ndpi_search_oscar(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; + NDPI_LOG_DBG(ndpi_struct, "search OSCAR\n"); if (packet->tcp != NULL) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR :: TCP\n"); ndpi_search_oscar_tcp_connect(ndpi_struct, flow); } } diff --git a/src/lib/protocols/pando.c b/src/lib/protocols/pando.c index b906e7ed9..e5f292550 100644 --- a/src/lib/protocols/pando.c +++ b/src/lib/protocols/pando.c @@ -23,9 +23,14 @@ * */ -#include "ndpi_api.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_PANDO + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_PANDO + +#include "ndpi_api.h" + static void ndpi_int_pando_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_PANDO, NDPI_PROTOCOL_UNKNOWN); } @@ -35,7 +40,7 @@ static void ndpi_check_pando_tcp(struct ndpi_detection_module_struct *ndpi_struc u_int32_t payload_len = packet->payload_packet_len; if (ndpi_match_strprefix(packet->payload, payload_len, "\x0ePan")) { - NDPI_LOG(NDPI_PROTOCOL_PANDO, ndpi_struct, NDPI_LOG_DEBUG, "Found PANDO.\n"); + NDPI_LOG_INFO(ndpi_struct, "Found PANDO\n"); ndpi_int_pando_add_connection(ndpi_struct, flow); } } @@ -45,11 +50,11 @@ static void ndpi_check_pando_udp(struct ndpi_detection_module_struct *ndpi_struc u_int32_t payload_len = packet->payload_packet_len; /* Check if we so far detected the protocol in the request or not. */ + NDPI_LOG_DBG2(ndpi_struct, "PANDO stage %u: \n", flow->pando_stage); if (flow->pando_stage == 0) { - NDPI_LOG(NDPI_PROTOCOL_PANDO, ndpi_struct, NDPI_LOG_DEBUG, "PANDO stage 0: \n"); if ((payload_len >= 4) && (packet->payload[0] == 0x00) && (packet->payload[1] == 0x00) && (packet->payload[2] == 0x00) && (packet->payload[3] == 0x09)) { - NDPI_LOG(NDPI_PROTOCOL_PANDO, ndpi_struct, NDPI_LOG_DEBUG, "Possible PANDO request detected, we will look further for the response...\n"); + NDPI_LOG_DBG2(ndpi_struct, "Possible PANDO request detected, we will look further for the response..\n"); /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ flow->pando_stage = packet->packet_direction + 1; // packet_direction 0: stage 1, packet_direction 1: stage 2 @@ -57,7 +62,7 @@ static void ndpi_check_pando_udp(struct ndpi_detection_module_struct *ndpi_struc } if (ndpi_match_strprefix(packet->payload, payload_len, "UDPA")) { - NDPI_LOG(NDPI_PROTOCOL_PANDO, ndpi_struct, NDPI_LOG_DEBUG, "Possible PANDO request detected, we will look further for the response...\n"); + NDPI_LOG_DBG2(ndpi_struct, "Possible PANDO request detected, we will look further for the response..\n"); /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ flow->pando_stage = packet->packet_direction + 3; // packet_direction 0: stage 3, packet_direction 1: stage 4 @@ -65,7 +70,7 @@ static void ndpi_check_pando_udp(struct ndpi_detection_module_struct *ndpi_struc } if (ndpi_match_strprefix(packet->payload, payload_len, "UDPR") || ndpi_match_strprefix(packet->payload, payload_len, "UDPE")) { - NDPI_LOG(NDPI_PROTOCOL_PANDO, ndpi_struct, NDPI_LOG_DEBUG, "Possible PANDO request detected, we will look further for the response...\n"); + NDPI_LOG_DBG2(ndpi_struct, "Possible PANDO request detected, we will look further for the response..\n"); /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ flow->pando_stage = packet->packet_direction + 5; // packet_direction 0: stage 5, packet_direction 1: stage 6 @@ -73,7 +78,6 @@ static void ndpi_check_pando_udp(struct ndpi_detection_module_struct *ndpi_struc } } else if ((flow->pando_stage == 1) || (flow->pando_stage == 2)) { - NDPI_LOG(NDPI_PROTOCOL_PANDO, ndpi_struct, NDPI_LOG_DEBUG, "PANDO stage %u: \n", flow->pando_stage); /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */ if ((flow->pando_stage - packet->packet_direction) == 1) { @@ -82,15 +86,14 @@ static void ndpi_check_pando_udp(struct ndpi_detection_module_struct *ndpi_struc /* This is a packet in another direction. Check if we find the proper response. */ if ((payload_len == 0) || ((payload_len >= 4) && (packet->payload[0] == 0x00) && (packet->payload[1] == 0x00) && (packet->payload[2] == 0x00) && (packet->payload[3] == 0x09))) { - NDPI_LOG(NDPI_PROTOCOL_PANDO, ndpi_struct, NDPI_LOG_DEBUG, "Found PANDO.\n"); + NDPI_LOG_INFO(ndpi_struct, "found PANDO\n"); ndpi_int_pando_add_connection(ndpi_struct, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_PANDO, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to PANDO, resetting the stage to 0...\n"); + NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to PANDO, resetting the stage to 0..\n"); flow->pando_stage = 0; } } else if ((flow->pando_stage == 3) || (flow->pando_stage == 4)) { - NDPI_LOG(NDPI_PROTOCOL_PANDO, ndpi_struct, NDPI_LOG_DEBUG, "PANDO stage %u: \n", flow->pando_stage); /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */ if ((flow->pando_stage - packet->packet_direction) == 3) { @@ -99,15 +102,14 @@ static void ndpi_check_pando_udp(struct ndpi_detection_module_struct *ndpi_struc /* This is a packet in another direction. Check if we find the proper response. */ if ((payload_len == 0) || (ndpi_match_strprefix(packet->payload, payload_len, "UDPR") || ndpi_match_strprefix(packet->payload, payload_len, "UDPE"))) { - NDPI_LOG(NDPI_PROTOCOL_PANDO, ndpi_struct, NDPI_LOG_DEBUG, "Found PANDO.\n"); + NDPI_LOG_INFO(ndpi_struct, "found PANDO\n"); ndpi_int_pando_add_connection(ndpi_struct, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_PANDO, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to PANDO, resetting the stage to 0...\n"); + NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to PANDO, resetting the stage to 0..\n"); flow->pando_stage = 0; } } else if ((flow->pando_stage == 5) || (flow->pando_stage == 6)) { - NDPI_LOG(NDPI_PROTOCOL_PANDO, ndpi_struct, NDPI_LOG_DEBUG, "PANDO stage %u: \n", flow->pando_stage); /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */ if ((flow->pando_stage - packet->packet_direction) == 5) { @@ -116,10 +118,10 @@ static void ndpi_check_pando_udp(struct ndpi_detection_module_struct *ndpi_struc /* This is a packet in another direction. Check if we find the proper response. */ if (ndpi_match_strprefix(packet->payload, payload_len, "UDPA")) { - NDPI_LOG(NDPI_PROTOCOL_PANDO, ndpi_struct, NDPI_LOG_DEBUG, "Found PANDO.\n"); + NDPI_LOG_INFO(ndpi_struct, "found PANDO\n"); ndpi_int_pando_add_connection(ndpi_struct, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_PANDO, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to PANDO, resetting the stage to 0...\n"); + NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to PANDO, resetting the stage to 0\n") flow->pando_stage = 0; } } @@ -128,10 +130,10 @@ static void ndpi_check_pando_udp(struct ndpi_detection_module_struct *ndpi_struc void ndpi_search_pando(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; + NDPI_LOG_DBG(ndpi_struct, "search PANDO\n"); /* Break after 20 packets. */ if (flow->packet_counter > 20) { - NDPI_LOG(NDPI_PROTOCOL_PANDO, ndpi_struct, NDPI_LOG_TRACE, "PANDO excluded.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_PANDO); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } @@ -144,7 +146,6 @@ void ndpi_search_pando(struct ndpi_detection_module_struct *ndpi_struct, struct return; } - NDPI_LOG(NDPI_PROTOCOL_PANDO, ndpi_struct, NDPI_LOG_TRACE, "PANDO detection...\n"); ndpi_check_pando_tcp(ndpi_struct, flow); if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_PANDO) { diff --git a/src/lib/protocols/pcanywhere.c b/src/lib/protocols/pcanywhere.c index b1e11e0a2..56b68b567 100644 --- a/src/lib/protocols/pcanywhere.c +++ b/src/lib/protocols/pcanywhere.c @@ -23,9 +23,15 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" + #ifdef NDPI_PROTOCOL_PCANYWHERE +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_PCANYWHERE + +#include "ndpi_api.h" + + static void ndpi_int_pcanywhere_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -37,19 +43,15 @@ void ndpi_search_pcanywhere(struct ndpi_detection_module_struct { struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; - if (packet->udp != NULL && packet->udp->dest == htons(5632) && packet->payload_packet_len == 2 && (memcmp(packet->payload, "NQ", 2) == 0 || memcmp(packet->payload, "ST", 2) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_PCANYWHERE, ndpi_struct, NDPI_LOG_DEBUG, - "PC Anywhere name or status query detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "PC Anywhere name or status query detected\n"); ndpi_int_pcanywhere_add_connection(ndpi_struct, flow); return; } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_PCANYWHERE); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/postgres.c b/src/lib/protocols/postgres.c index f1dc352a7..e23d316e4 100644 --- a/src/lib/protocols/postgres.c +++ b/src/lib/protocols/postgres.c @@ -23,9 +23,14 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" + #ifdef NDPI_PROTOCOL_POSTGRES +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_POSTGRES + +#include "ndpi_api.h" + static void ndpi_int_postgres_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -37,10 +42,6 @@ void ndpi_search_postgres_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - -// struct ndpi_id_struct *src=ndpi_struct->src; -// struct ndpi_id_struct *dst=ndpi_struct->dst; - u_int16_t size; if (flow->l4.tcp.postgres_stage == 0) { @@ -65,13 +66,13 @@ void ndpi_search_postgres_tcp(struct ndpi_detection_module_struct if (flow->l4.tcp.postgres_stage == 2 - packet->packet_direction) { //SSL accepted if (packet->payload_packet_len == 1 && packet->payload[0] == 'S') { - NDPI_LOG(NDPI_PROTOCOL_POSTGRES, ndpi_struct, NDPI_LOG_DEBUG, "PostgreSQL detected, SSL accepted.\n"); + NDPI_LOG_INFO(ndpi_struct, "PostgreSQL detected, SSL accepted\n"); ndpi_int_postgres_add_connection(ndpi_struct, flow); return; } //SSL denied if (packet->payload_packet_len == 1 && packet->payload[0] == 'N') { - NDPI_LOG(NDPI_PROTOCOL_POSTGRES, ndpi_struct, NDPI_LOG_DEBUG, "PostgreSQL detected, SSL denied.\n"); + NDPI_LOG_INFO(ndpi_struct, "PostgreSQL detected, SSL denied\n"); ndpi_int_postgres_add_connection(ndpi_struct, flow); return; } @@ -81,40 +82,40 @@ void ndpi_search_postgres_tcp(struct ndpi_detection_module_struct if (packet->payload_packet_len > 8 && ntohl(get_u_int32_t(packet->payload, 5)) < 10 && ntohl(get_u_int32_t(packet->payload, 1)) == packet->payload_packet_len - 1 && packet->payload[0] == 0x52) { - NDPI_LOG(NDPI_PROTOCOL_POSTGRES, ndpi_struct, NDPI_LOG_DEBUG, "PostgreSQL detected, no SSL.\n"); + NDPI_LOG_INFO(ndpi_struct, "PostgreSQL detected, no SSL\n"); ndpi_int_postgres_add_connection(ndpi_struct, flow); return; } if (flow->l4.tcp.postgres_stage == 6 && ntohl(get_u_int32_t(packet->payload, 1)) == packet->payload_packet_len - 1 && packet->payload[0] == 'p') { - NDPI_LOG(NDPI_PROTOCOL_POSTGRES, ndpi_struct, NDPI_LOG_DEBUG, "found postgres asymmetrically.\n"); + NDPI_LOG_INFO(ndpi_struct, "found postgres asymmetrically\n"); ndpi_int_postgres_add_connection(ndpi_struct, flow); return; } if (flow->l4.tcp.postgres_stage == 5 && packet->payload[0] == 'R') { if (ntohl(get_u_int32_t(packet->payload, 1)) == packet->payload_packet_len - 1) { - NDPI_LOG(NDPI_PROTOCOL_POSTGRES, ndpi_struct, NDPI_LOG_DEBUG, "found postgres asymmetrically.\n"); + NDPI_LOG_INFO(ndpi_struct, "found postgres asymmetrically\n"); ndpi_int_postgres_add_connection(ndpi_struct, flow); return; } size = (u_int16_t)ntohl(get_u_int32_t(packet->payload, 1)) + 1; if (packet->payload[size - 1] == 'S') { if ((size + get_u_int32_t(packet->payload, (size + 1))) == packet->payload_packet_len) { - NDPI_LOG(NDPI_PROTOCOL_POSTGRES, ndpi_struct, NDPI_LOG_DEBUG, "found postgres asymmetrically.\n"); + NDPI_LOG_INFO(ndpi_struct, "found postgres asymmetrically\n"); ndpi_int_postgres_add_connection(ndpi_struct, flow); return; } } size += get_u_int32_t(packet->payload, (size + 1)) + 1; if (packet->payload[size - 1] == 'S') { - NDPI_LOG(NDPI_PROTOCOL_POSTGRES, ndpi_struct, NDPI_LOG_DEBUG, "found postgres asymmetrically.\n"); + NDPI_LOG_INFO(ndpi_struct, "found postgres asymmetrically\n"); ndpi_int_postgres_add_connection(ndpi_struct, flow); return; } } } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_POSTGRES); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/pplive.c b/src/lib/protocols/pplive.c index 2e4747159..6f874d7b6 100644 --- a/src/lib/protocols/pplive.c +++ b/src/lib/protocols/pplive.c @@ -24,9 +24,14 @@ * */ -#include "ndpi_api.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_PPLIVE + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_PPLIVE + +#include "ndpi_api.h" + static void ndpi_int_pplive_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_PPLIVE, NDPI_PROTOCOL_UNKNOWN); } @@ -37,10 +42,10 @@ static void ndpi_check_pplive_udp1(struct ndpi_detection_module_struct *ndpi_str /* Check if we so far detected the protocol in the request or not. */ if (flow->pplive_stage1 == 0) { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "PPLIVE stage 0: \n"); + NDPI_LOG_DBG2(ndpi_struct, "PPLIVE stage 0: \n"); if (ndpi_match_strprefix(packet->payload, payload_len, "\xe9\x03\x41\x01")) { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "Possible PPLIVE request detected, we will look further for the response...\n"); + NDPI_LOG_DBG2(ndpi_struct, "Possible PPLIVE request detected, we will look further for the response..\n"); /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ flow->pplive_stage1 = packet->packet_direction + 1; // packet_direction 0: stage 1, packet_direction 1: stage 2 @@ -48,7 +53,7 @@ static void ndpi_check_pplive_udp1(struct ndpi_detection_module_struct *ndpi_str } if (ndpi_match_strprefix(packet->payload, payload_len, "\xe9\x03\x42\x01")) { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "Possible PPLIVE request detected, we will look further for the response...\n"); + NDPI_LOG_DBG2(ndpi_struct, "Possible PPLIVE request detected, we will look further for the response..\n"); /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ flow->pplive_stage1 = packet->packet_direction + 3; // packet_direction 0: stage 3, packet_direction 1: stage 4 @@ -56,7 +61,7 @@ static void ndpi_check_pplive_udp1(struct ndpi_detection_module_struct *ndpi_str } if (ndpi_match_strprefix(packet->payload, payload_len, "\x1c\x1c\x32\x01")) { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "Possible PPLIVE request detected, we will look further for the response...\n"); + NDPI_LOG_DBG2(ndpi_struct, "Possible PPLIVE request detected, we will look further for the response..\n"); /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ flow->pplive_stage1 = packet->packet_direction + 5; // packet_direction 0: stage 5, packet_direction 1: stage 6 @@ -64,7 +69,7 @@ static void ndpi_check_pplive_udp1(struct ndpi_detection_module_struct *ndpi_str } } else if ((flow->pplive_stage1 == 1) || (flow->pplive_stage1 == 2)) { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "PPLIVE stage %u: \n", flow->pplive_stage1); + NDPI_LOG_DBG2(ndpi_struct, "PPLIVE stage %u: \n", flow->pplive_stage1); /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */ if ((flow->pplive_stage1 - packet->packet_direction) == 1) { @@ -73,15 +78,15 @@ static void ndpi_check_pplive_udp1(struct ndpi_detection_module_struct *ndpi_str /* This is a packet in another direction. Check if we find the proper response. */ if (ndpi_match_strprefix(packet->payload, payload_len, "\xe9\x03\x42\x01") || ndpi_match_strprefix(packet->payload, payload_len, "\xe9\x03\x41\x01")) { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "Found PPLIVE.\n"); + NDPI_LOG_DBG2(ndpi_struct, "Found PPLIVE\n"); ndpi_int_pplive_add_connection(ndpi_struct, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to PPLIVE, resetting the stage to 0...\n"); + NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to PPLIVE, resetting the stage to 0..\n"); flow->pplive_stage1 = 0; } } else if ((flow->pplive_stage1 == 3) || (flow->pplive_stage1 == 4)) { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "PPLIVE stage %u: \n", flow->pplive_stage1); + NDPI_LOG_DBG2(ndpi_struct, "PPLIVE stage %u: \n", flow->pplive_stage1); /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */ if ((flow->pplive_stage1 - packet->packet_direction) == 3) { @@ -90,14 +95,14 @@ static void ndpi_check_pplive_udp1(struct ndpi_detection_module_struct *ndpi_str /* This is a packet in another direction. Check if we find the proper response. */ if (ndpi_match_strprefix(packet->payload, payload_len, "\xe9\x03\x41\x01")) { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "Found PPLIVE.\n"); + NDPI_LOG_INFO(ndpi_struct, "found PPLIVE\n"); ndpi_int_pplive_add_connection(ndpi_struct, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to PPLIVE, resetting the stage to 0...\n"); + NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to PPLIVE, resetting the stage to 0..\n"); flow->pplive_stage1 = 0; } } else if ((flow->pplive_stage1 == 5) || (flow->pplive_stage1 == 6)) { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "PPLIVE stage %u: \n", flow->pplive_stage1); + NDPI_LOG_DBG2(ndpi_struct, "PPLIVE stage %u: \n", flow->pplive_stage1); /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */ if ((flow->pplive_stage1 - packet->packet_direction) == 5) { @@ -106,10 +111,10 @@ static void ndpi_check_pplive_udp1(struct ndpi_detection_module_struct *ndpi_str /* This is a packet in another direction. Check if we find the proper response. */ if (ndpi_match_strprefix(packet->payload, payload_len, "\x1c\x1c\x32\x01")) { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "Found PPLIVE.\n"); + NDPI_LOG_INFO(ndpi_struct, "Found PPLIVE\n"); ndpi_int_pplive_add_connection(ndpi_struct, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to PPLIVE, resetting the stage to 0...\n"); + NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to PPLIVE, resetting the stage to 0..\n"); flow->pplive_stage1 = 0; } } @@ -121,19 +126,17 @@ static void ndpi_check_pplive_udp2(struct ndpi_detection_module_struct *ndpi_str u_int32_t payload_len = packet->payload_packet_len; /* Check if we so far detected the protocol in the request or not. */ + NDPI_LOG_DBG2(ndpi_struct, "PPLIVE stage %u: \n", flow->pplive_stage2); if (flow->pplive_stage2 == 0) { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "PPLIVE stage 0: \n"); if ((payload_len == 57) && ndpi_match_strprefix(packet->payload, payload_len, "\xe9\x03\x41\x01")) { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "Possible PPLIVE request detected, we will look further for the response...\n"); + NDPI_LOG_DBG2(ndpi_struct, "Possible PPLIVE request detected, we will look further for the response..\n"); /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ flow->pplive_stage2 = packet->packet_direction + 1; // packet_direction 0: stage 1, packet_direction 1: stage 2 } } else { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "PPLIVE stage %u: \n", flow->pplive_stage2); - /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */ if ((flow->pplive_stage2 - packet->packet_direction) == 1) { return; @@ -141,10 +144,10 @@ static void ndpi_check_pplive_udp2(struct ndpi_detection_module_struct *ndpi_str /* This is a packet in another direction. Check if we find the proper response. */ if (payload_len == 0) { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "Found PPLIVE.\n"); + NDPI_LOG_INFO(ndpi_struct, "found PPLIVE\n"); ndpi_int_pplive_add_connection(ndpi_struct, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to PPLIVE, resetting the stage to 0...\n"); + NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to PPLIVE, resetting the stage to 0..\n"); flow->pplive_stage2 = 0; } @@ -156,11 +159,11 @@ static void ndpi_check_pplive_udp3(struct ndpi_detection_module_struct *ndpi_str u_int32_t payload_len = packet->payload_packet_len; /* Check if we so far detected the protocol in the request or not. */ + NDPI_LOG_DBG(ndpi_struct, "PPLIVE stage %u: \n", flow->pplive_stage3); if (flow->pplive_stage3 == 0) { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "PPLIVE stage 0: \n"); if ((payload_len == 94) && (packet->udp->dest == htons(5041) || packet->udp->source == htons(5041) || packet->udp->dest == htons(8303) || packet->udp->source == htons(8303))) { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "Possible PPLIVE request detected, we will look further for the response...\n"); + NDPI_LOG_DBG2(ndpi_struct, "Possible PPLIVE request detected, we will look further for the response..\n"); /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ flow->pplive_stage3 = packet->packet_direction + 1; // packet_direction 0: stage 1, packet_direction 1: stage 2 @@ -168,7 +171,6 @@ static void ndpi_check_pplive_udp3(struct ndpi_detection_module_struct *ndpi_str } } else { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "PPLIVE stage %u: \n", flow->pplive_stage3); /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */ if ((flow->pplive_stage3 - packet->packet_direction) == 1) { @@ -177,10 +179,10 @@ static void ndpi_check_pplive_udp3(struct ndpi_detection_module_struct *ndpi_str /* This is a packet in another direction. Check if we find the proper response. */ if ((payload_len == 0) || (payload_len == 49) ||(payload_len == 94)) { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "Found PPLIVE.\n"); + NDPI_LOG_INFO(ndpi_struct, "found PPLIVE\n"); ndpi_int_pplive_add_connection(ndpi_struct, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to PPLIVE, resetting the stage to 0...\n"); + NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to PPLIVE, resetting the stage to 0..\n"); flow->pplive_stage3 = 0; } } @@ -190,10 +192,11 @@ static void ndpi_check_pplive_udp3(struct ndpi_detection_module_struct *ndpi_str void ndpi_search_pplive(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; + NDPI_LOG_DBG(ndpi_struct, "search PPLIVE\n"); + /* Break after 20 packets. */ if (flow->packet_counter > 20) { - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "Exclude PPLIVE.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_PPLIVE); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } @@ -201,7 +204,6 @@ void ndpi_search_pplive(struct ndpi_detection_module_struct *ndpi_struct, struct return; } - NDPI_LOG(NDPI_PROTOCOL_PPLIVE, ndpi_struct, NDPI_LOG_DEBUG, "PPLIVE detection...\n"); ndpi_check_pplive_udp1(ndpi_struct, flow); if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_PPLIVE) { diff --git a/src/lib/protocols/ppstream.c b/src/lib/protocols/ppstream.c index 04259def9..08d2f8ade 100644 --- a/src/lib/protocols/ppstream.c +++ b/src/lib/protocols/ppstream.c @@ -20,10 +20,15 @@ * along with nDPI. If not, see . * */ -#include "ndpi_protocols.h" + +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_PPSTREAM +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_PPSTREAM + +#include "ndpi_api.h" + #define PPS_PORT 17788 @@ -31,6 +36,7 @@ static void ndpi_int_ppstream_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found PPStream over UDP\n"); } @@ -39,6 +45,7 @@ void ndpi_search_ppstream(struct ndpi_detection_module_struct { struct ndpi_packet_struct *packet = &flow->packet; + NDPI_LOG_DBG(ndpi_struct, "search PPStream\n"); /** PPS over TCP is detected inside HTTP dissector */ @@ -66,8 +73,6 @@ void ndpi_search_ppstream(struct ndpi_detection_module_struct /* increase count pkt ppstream over udp */ flow->l4.udp.ppstream_stage++; - NDPI_LOG(NDPI_PROTOCOL_PPSTREAM, ndpi_struct, NDPI_LOG_DEBUG, - "found PPStream over UDP.\n"); ndpi_int_ppstream_add_connection(ndpi_struct, flow); return; } @@ -91,8 +96,6 @@ void ndpi_search_ppstream(struct ndpi_detection_module_struct /* increase count pkt ppstream over udp */ flow->l4.udp.ppstream_stage++; - NDPI_LOG(NDPI_PROTOCOL_PPSTREAM, ndpi_struct, NDPI_LOG_DEBUG, - "found PPStream over UDP.\n"); ndpi_int_ppstream_add_connection(ndpi_struct, flow); return; } @@ -106,8 +109,6 @@ void ndpi_search_ppstream(struct ndpi_detection_module_struct /* increase count pkt ppstream over udp */ flow->l4.udp.ppstream_stage++; - NDPI_LOG(NDPI_PROTOCOL_PPSTREAM, ndpi_struct, NDPI_LOG_DEBUG, - "found PPStream over UDP.\n"); ndpi_int_ppstream_add_connection(ndpi_struct, flow); return; } @@ -131,8 +132,6 @@ void ndpi_search_ppstream(struct ndpi_detection_module_struct /* increase count pkt ppstream over udp */ flow->l4.udp.ppstream_stage++; - NDPI_LOG(NDPI_PROTOCOL_PPSTREAM, ndpi_struct, NDPI_LOG_DEBUG, - "found PPStream over UDP.\n"); ndpi_int_ppstream_add_connection(ndpi_struct, flow); return; } @@ -152,8 +151,6 @@ void ndpi_search_ppstream(struct ndpi_detection_module_struct /* increase count pkt ppstream over udp */ flow->l4.udp.ppstream_stage++; - NDPI_LOG(NDPI_PROTOCOL_PPSTREAM, ndpi_struct, NDPI_LOG_DEBUG, - "found PPStream over UDP.\n"); ndpi_int_ppstream_add_connection(ndpi_struct, flow); return; } @@ -172,8 +169,6 @@ void ndpi_search_ppstream(struct ndpi_detection_module_struct /* increase count pkt ppstream over udp */ flow->l4.udp.ppstream_stage++; - NDPI_LOG(NDPI_PROTOCOL_PPSTREAM, ndpi_struct, NDPI_LOG_DEBUG, - "found PPStream over UDP.\n"); ndpi_int_ppstream_add_connection(ndpi_struct, flow); return; } @@ -194,8 +189,6 @@ void ndpi_search_ppstream(struct ndpi_detection_module_struct /* increase count pkt ppstream over udp */ flow->l4.udp.ppstream_stage++; - NDPI_LOG(NDPI_PROTOCOL_PPSTREAM, ndpi_struct, NDPI_LOG_DEBUG, - "found PPStream over UDP.\n"); ndpi_int_ppstream_add_connection(ndpi_struct, flow); return; } @@ -210,8 +203,6 @@ void ndpi_search_ppstream(struct ndpi_detection_module_struct /* increase count pkt ppstream over udp */ flow->l4.udp.ppstream_stage++; - NDPI_LOG(NDPI_PROTOCOL_PPSTREAM, ndpi_struct, NDPI_LOG_DEBUG, - "found PPStream over UDP.\n"); ndpi_int_ppstream_add_connection(ndpi_struct, flow); return; } @@ -223,16 +214,13 @@ void ndpi_search_ppstream(struct ndpi_detection_module_struct /* increase count pkt ppstream over udp */ flow->l4.udp.ppstream_stage++; - NDPI_LOG(NDPI_PROTOCOL_PPSTREAM, ndpi_struct, NDPI_LOG_DEBUG, - "found PPStream over udp.\n"); ndpi_int_ppstream_add_connection(ndpi_struct, flow); return; } } } - /* EXCLUDE PPS */ - NDPI_LOG(NDPI_PROTOCOL_PPSTREAM, ndpi_struct, NDPI_LOG_DEBUG, "exclude PPStream.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_PPSTREAM); + + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } diff --git a/src/lib/protocols/pptp.c b/src/lib/protocols/pptp.c index 393604cbb..9bacdeded 100644 --- a/src/lib/protocols/pptp.c +++ b/src/lib/protocols/pptp.c @@ -22,12 +22,13 @@ * */ +#include "ndpi_protocol_ids.h" +#ifdef NDPI_PROTOCOL_PPTP -/* include files */ +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_PPTP -#include "ndpi_protocols.h" -#ifdef NDPI_PROTOCOL_PPTP +#include "ndpi_api.h" static void ndpi_int_pptp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -40,9 +41,7 @@ void ndpi_search_pptp(struct ndpi_detection_module_struct { struct ndpi_packet_struct *packet = &flow->packet; - - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; + NDPI_LOG_DBG(ndpi_struct, "search pptp\n"); if (packet->payload_packet_len >= 10 && get_u_int16_t(packet->payload, 0) == htons(packet->payload_packet_len) && get_u_int16_t(packet->payload, 2) == htons(0x0001) /* message type: control message */ @@ -50,13 +49,12 @@ void ndpi_search_pptp(struct ndpi_detection_module_struct &&(get_u_int16_t(packet->payload, 8) == htons(0x0001) /* control type: start-control-connection-request */ )) { - NDPI_LOG(NDPI_PROTOCOL_PPTP, ndpi_struct, NDPI_LOG_DEBUG, "found pptp.\n"); + NDPI_LOG_INFO(ndpi_struct, "found pptp\n"); ndpi_int_pptp_add_connection(ndpi_struct, flow); return; } - NDPI_LOG(NDPI_PROTOCOL_PPTP, ndpi_struct, NDPI_LOG_DEBUG, "exclude pptp.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_PPTP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/qq.c b/src/lib/protocols/qq.c index 0507efa36..7eae869ac 100644 --- a/src/lib/protocols/qq.c +++ b/src/lib/protocols/qq.c @@ -22,10 +22,14 @@ * */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_QQ + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_QQ #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_QQ static void ndpi_int_qq_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow/* , */ @@ -243,7 +247,7 @@ static void ndpi_search_qq_udp(struct ndpi_detection_module_struct *ndpi_struct, u_int16_t no_of_patterns = 12, index = 0; - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "search qq udp.\n"); + NDPI_LOG_DBG(ndpi_struct, "search qq udp\n"); if (flow->qq_stage <= 3) { @@ -273,8 +277,7 @@ static void ndpi_search_qq_udp(struct ndpi_detection_module_struct *ndpi_struct, } */ flow->qq_stage++; if (flow->qq_stage == 3) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, - "found qq udp pattern 030001 or 000e35 four times.\n"); + NDPI_LOG_INFO(ndpi_struct, "found qq udp pattern 030001 or 000e35 four times\n"); ndpi_int_qq_add_connection(ndpi_struct, flow); return; } @@ -287,8 +290,7 @@ static void ndpi_search_qq_udp(struct ndpi_detection_module_struct *ndpi_struct, flow->qq_stage++; // maybe we can test here packet->payload[4] == packet->payload_packet_len if (flow->qq_stage == 3) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, - "found qq udp pattern 02 ... 03 four times.\n"); + NDPI_LOG_INFO(ndpi_struct, "found qq udp pattern 02 ... 03 four times\n"); /* if (packet->payload[0] == 0x04) { ndpi_int_qq_add_connection(ndpi_struct, flow, NDPI_REAL_PROTOCOL); @@ -309,11 +311,11 @@ static void ndpi_search_qq_udp(struct ndpi_detection_module_struct *ndpi_struct, /* if (flow->qq_stage == 3 && flow->packet_direction_counter[0] > 0 && flow->packet_direction_counter[1] > 0) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "found qq udp pattern four times.\n"); + NDPI_LOG_DBG(ndpi_struct, "found qq udp pattern four times\n"); ndpi_int_qq_add_connection(ndpi_struct, flow, NDPI_REAL_PROTOCOL); return; } else */ if (flow->qq_stage == 3) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "found qq udp pattern four times.\n"); + NDPI_LOG_INFO(ndpi_struct, "found qq udp pattern four times\n"); ndpi_int_qq_add_connection(ndpi_struct, flow); return; } @@ -332,7 +334,7 @@ static void ndpi_search_qq_udp(struct ndpi_detection_module_struct *ndpi_struct, && packet->payload[packet->payload_packet_len - 1] == 0x03) { flow->qq_stage++; if (flow->qq_stage == 3) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_INFO(ndpi_struct, "found qq udp pattern 04 1159 ... 03 four times.\n"); ndpi_int_qq_add_connection(ndpi_struct, flow); return; @@ -345,7 +347,7 @@ static void ndpi_search_qq_udp(struct ndpi_detection_module_struct *ndpi_struct, || packet->payload[packet->payload_packet_len - 1] == 0x03)) { flow->qq_stage++; if (flow->qq_stage == 3) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_INFO(ndpi_struct, "found qq udp pattern 02/06 0100 ... 03/00 four times.\n"); ndpi_int_qq_add_connection(ndpi_struct, flow); return; @@ -357,7 +359,7 @@ static void ndpi_search_qq_udp(struct ndpi_detection_module_struct *ndpi_struct, && ntohs(get_u_int16_t(packet->payload, 1)) == 0x1131 && packet->payload[packet->payload_packet_len - 1] == 0x03) { flow->qq_stage++; if (flow->qq_stage == 3) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_INFO(ndpi_struct, "found qq udp pattern 02 1131 ... 03 four times.\n"); ndpi_int_qq_add_connection(ndpi_struct, flow); return; @@ -370,7 +372,7 @@ static void ndpi_search_qq_udp(struct ndpi_detection_module_struct *ndpi_struct, get_u_int16_t(packet->payload, 4) == htons(0x0b0b)) { flow->qq_stage++; if (flow->qq_stage == 3) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_INFO(ndpi_struct, "found qq udp pattern 0203[packet_length_0b0b] three times.\n"); ndpi_int_qq_add_connection(ndpi_struct, flow); return; @@ -384,7 +386,7 @@ static void ndpi_search_qq_udp(struct ndpi_detection_module_struct *ndpi_struct, && ntohs(get_u_int16_t(packet->payload, 2)) == packet->payload_packet_len) { flow->qq_stage++; if (flow->qq_stage == 3) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_INFO(ndpi_struct, "found qq udp pattern 02 02 four times.\n"); ndpi_int_qq_add_connection(ndpi_struct, flow); return; @@ -398,18 +400,18 @@ static void ndpi_search_qq_udp(struct ndpi_detection_module_struct *ndpi_struct, if (ndpi_is_valid_qq_packet(packet)) { flow->qq_stage++; if (flow->qq_stage == 3) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "found qq over udp.\n"); + NDPI_LOG_INFO(ndpi_struct, "found qq over udp\n"); ndpi_int_qq_add_connection(ndpi_struct, flow); return; } - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "found qq packet stage %d\n", flow->qq_stage); + NDPI_LOG_DBG2(ndpi_struct, "found qq packet stage %d\n", flow->qq_stage); return; } if (ndpi_is_valid_qq_ft_packet(packet)) { flow->qq_stage++; if (flow->qq_stage == 3) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "found qq ft over udp.\n"); + NDPI_LOG_INFO(ndpi_struct, "found qq ft over udp\n"); ndpi_int_qq_add_connection(ndpi_struct, flow); return; } @@ -420,8 +422,7 @@ static void ndpi_search_qq_udp(struct ndpi_detection_module_struct *ndpi_struct, return; } - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "QQ excluded\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_QQ); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } @@ -434,22 +435,15 @@ __forceinline static void ndpi_search_qq_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; - - - u_int16_t i = 0; - // u_int16_t a = 0; - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "search qq tcp.\n"); + NDPI_LOG_DBG(ndpi_struct, "search qq tcp\n"); if (packet->payload_packet_len == 39 && get_u_int32_t(packet->payload, 0) == htonl(0x27000000) && get_u_int16_t(packet->payload, 4) == htons(0x0014) && get_u_int32_t(packet->payload, 11) != 0 && get_u_int16_t(packet->payload, packet->payload_packet_len - 2) == htons(0x0000)) { if (flow->qq_stage == 4) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "found qq over tcp - maybe ft/audio/video.\n"); + NDPI_LOG_INFO(ndpi_struct, "found qq over tcp - maybe ft/audio/video\n"); ndpi_int_qq_add_connection(ndpi_struct, flow); return; } @@ -496,7 +490,7 @@ void ndpi_search_qq_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ) { flow->qq_stage++; if (flow->qq_stage == 3) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "found qq over tcp.\n"); + NDPI_LOG_INFO(ndpi_struct, "found qq over tcp\n"); ndpi_int_qq_add_connection(ndpi_struct, flow); return; } @@ -506,7 +500,7 @@ void ndpi_search_qq_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct if (ndpi_is_valid_qq_packet(packet)) { flow->qq_stage++; if (flow->qq_stage == 3) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "found qq over tcp.\n"); + NDPI_LOG_INFO(ndpi_struct, "found qq over tcp\n"); ndpi_int_qq_add_connection(ndpi_struct, flow); return; } @@ -516,7 +510,7 @@ void ndpi_search_qq_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct if (ndpi_is_valid_qq_ft_packet(packet)) { flow->qq_stage++; if (flow->qq_stage == 3) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "found qq ft over tcp.\n"); + NDPI_LOG_INFO(ndpi_struct, "found qq ft over tcp\n"); ndpi_int_qq_add_connection(ndpi_struct, flow); return; } @@ -537,7 +531,7 @@ void ndpi_search_qq_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct && get_u_int16_t(packet->payload, 3) == htons(0x0f5f)))) { flow->qq_stage++; if (flow->qq_stage == 3) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "found qq udp pattern 02 ... 03 four times.\n"); + NDPI_LOG_INFO(ndpi_struct, "found qq udp pattern 02 ... 03 four times\n"); ndpi_int_qq_add_connection(ndpi_struct, flow); return; } @@ -561,7 +555,7 @@ void ndpi_search_qq_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct && packet->payload[packet->payload_packet_len - 1] == 0x03) { flow->qq_stage++; if (flow->qq_stage == 3) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_INFO(ndpi_struct, "found qq udp pattern 04 1159 ... 03 four times.\n"); ndpi_int_qq_add_connection(ndpi_struct, flow); return; @@ -573,9 +567,9 @@ void ndpi_search_qq_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct if (packet->payload_packet_len > 100 && ((memcmp(packet->payload, "GET", 3) == 0) || (memcmp(packet->payload, "POST", 4) == 0))) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "found GET or POST.\n"); + NDPI_LOG_DBG2(ndpi_struct, "found GET or POST\n"); if (memcmp(packet->payload, "GET /qqfile/qq", 14) == 0) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "found qq over tcp GET /qqfile/qq.\n"); + NDPI_LOG_INFO(ndpi_struct, "found qq over tcp GET /qqfile/qq\n"); ndpi_int_qq_add_connection(ndpi_struct, flow); return; } @@ -583,21 +577,21 @@ void ndpi_search_qq_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct if (packet->user_agent_line.ptr != NULL && (packet->user_agent_line.len > 7 && memcmp(packet->user_agent_line.ptr, "QQClient", 8) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "found qq over tcp GET...QQClient\n"); + NDPI_LOG_INFO(ndpi_struct, "found qq over tcp GET...QQClient\n"); ndpi_int_qq_add_connection(ndpi_struct, flow); return; } for (i = 0; i < packet->parsed_lines; i++) { if (packet->line[i].len > 3 && memcmp(packet->line[i].ptr, "QQ: ", 4) == 0) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "found qq over tcp GET...QQ: \n"); + NDPI_LOG_INFO(ndpi_struct, "found qq over tcp GET...QQ: \n"); ndpi_int_qq_add_connection(ndpi_struct, flow); return; } } if (packet->host_line.ptr != NULL) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "host line ptr\n"); + NDPI_LOG_DBG2(ndpi_struct, "host line ptr\n"); if (packet->host_line.len > 11 && memcmp(&packet->host_line.ptr[0], "www.qq.co.za", 12) == 0) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "found qq over tcp Host: www.qq.co.za\n"); + NDPI_LOG_INFO(ndpi_struct, "found qq over tcp Host: www.qq.co.za\n"); ndpi_int_qq_add_connection(ndpi_struct, flow); return; } @@ -610,7 +604,7 @@ void ndpi_search_qq_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct break; } if (i == 81) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "found qq Mail.\n"); + NDPI_LOG_INFO(ndpi_struct, "found qq Mail\n"); ndpi_int_qq_add_connection(ndpi_struct, flow); return; } @@ -619,18 +613,18 @@ void ndpi_search_qq_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct if (flow->qq_stage == 0 && packet->payload_packet_len == 182 && get_u_int32_t(packet->payload, 0) == htonl(0x000000b2) && get_u_int32_t(packet->payload, 4) == htonl(0x01020000) && get_u_int32_t(packet->payload, 8) == htonl(0x04015151) && get_u_int32_t(packet->payload, 12) == htonl(0x4d61696c)) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "found qq Mail.\n"); + NDPI_LOG_INFO(ndpi_struct, "found qq Mail\n"); ndpi_int_qq_add_connection(ndpi_struct, flow); return; } if (packet->payload_packet_len == 204 && flow->qq_stage == 0 && get_u_int32_t(packet->payload, 200) == htonl(0xfbffffff)) { for (i = 0; i < 200; i++) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "i = %u\n", i); + NDPI_LOG_DBG2(ndpi_struct, "i = %u\n", i); if (packet->payload[i] != 0) { break; } if (i == 199) { - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "found qq chat or file transfer\n"); + NDPI_LOG_INFO(ndpi_struct, "found qq chat or file transfer\n"); ndpi_int_qq_add_connection(ndpi_struct, flow); return; } @@ -641,7 +635,7 @@ void ndpi_search_qq_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct #endif /* NDPI_PROTOCOL_HTTP */ NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_QQ); - NDPI_LOG(NDPI_PROTOCOL_QQ, ndpi_struct, NDPI_LOG_DEBUG, "QQ tcp excluded; len %u\n", + NDPI_LOG_DBG(ndpi_struct, "QQ tcp excluded; len %u\n", packet->payload_packet_len); #ifdef NDPI_PROTOCOL_HTTP diff --git a/src/lib/protocols/quake.c b/src/lib/protocols/quake.c index b119ec765..6f00c4296 100644 --- a/src/lib/protocols/quake.c +++ b/src/lib/protocols/quake.c @@ -22,10 +22,14 @@ * */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_QUAKE + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_QUAKE #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_QUAKE static void ndpi_int_quake_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -36,10 +40,9 @@ static void ndpi_int_quake_add_connection(struct ndpi_detection_module_struct void ndpi_search_quake(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - -// struct ndpi_id_struct *src=ndpi_struct->src; -// struct ndpi_id_struct *dst=ndpi_struct->dst; + NDPI_LOG_DBG(ndpi_struct, "search Quake\n"); + if ((packet->payload_packet_len == 14 && get_u_int16_t(packet->payload, 0) == 0xffff && memcmp(&packet->payload[2], "getInfo", 7) == 0) || (packet->payload_packet_len == 17 @@ -47,7 +50,7 @@ void ndpi_search_quake(struct ndpi_detection_module_struct *ndpi_struct, struct || (packet->payload_packet_len > 20 && packet->payload_packet_len < 30 && get_u_int16_t(packet->payload, 0) == 0xffff && memcmp(&packet->payload[2], "getServers", 10) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_QUAKE, ndpi_struct, NDPI_LOG_DEBUG, "Quake IV detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found Quake IV\n"); ndpi_int_quake_add_connection(ndpi_struct, flow); return; } @@ -55,20 +58,20 @@ void ndpi_search_quake(struct ndpi_detection_module_struct *ndpi_struct, struct /* Quake III/Quake Live */ if (packet->payload_packet_len == 15 && get_u_int32_t(packet->payload, 0) == 0xffffffff && memcmp(&packet->payload[4], "getinfo", NDPI_STATICSTRING_LEN("getinfo")) == 0) { - NDPI_LOG(NDPI_PROTOCOL_QUAKE, ndpi_struct, NDPI_LOG_DEBUG, "Quake III Arena/Quake Live detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found Quake III Arena/Quake Live\n"); ndpi_int_quake_add_connection(ndpi_struct, flow); return; } if (packet->payload_packet_len == 16 && get_u_int32_t(packet->payload, 0) == 0xffffffff && memcmp(&packet->payload[4], "getchallenge", NDPI_STATICSTRING_LEN("getchallenge")) == 0) { - NDPI_LOG(NDPI_PROTOCOL_QUAKE, ndpi_struct, NDPI_LOG_DEBUG, "Quake III Arena/Quake Live detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found Quake III Arena/Quake Live\n"); ndpi_int_quake_add_connection(ndpi_struct, flow); return; } if (packet->payload_packet_len > 20 && packet->payload_packet_len < 30 && get_u_int32_t(packet->payload, 0) == 0xffffffff && memcmp(&packet->payload[4], "getservers", NDPI_STATICSTRING_LEN("getservers")) == 0) { - NDPI_LOG(NDPI_PROTOCOL_QUAKE, ndpi_struct, NDPI_LOG_DEBUG, "Quake III Arena/Quake Live detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found Quake III Arena/Quake Live\n"); ndpi_int_quake_add_connection(ndpi_struct, flow); return; } @@ -84,8 +87,7 @@ void ndpi_search_quake(struct ndpi_detection_module_struct *ndpi_struct, struct Quake Wars ????? */ - NDPI_LOG(NDPI_PROTOCOL_QUAKE, ndpi_struct, NDPI_LOG_DEBUG, "Quake excluded.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_QUAKE); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c index 5a7fc70ab..24a2b8f12 100644 --- a/src/lib/protocols/quic.c +++ b/src/lib/protocols/quic.c @@ -22,10 +22,14 @@ * */ -#include "ndpi_api.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_QUIC +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_QUIC + +#include "ndpi_api.h" + static int quic_ports(u_int16_t sport, u_int16_t dport) { if ((sport == 443 || dport == 443 || sport == 80 || dport == 80) && @@ -68,6 +72,8 @@ void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct, u_int seq_len = quic_len((packet->payload[0] & 0x30) >> 4); u_int quic_hlen = 1 /* flags */ + version_len + seq_len + cid_len; + NDPI_LOG_DBG(ndpi_struct, "search QUIC\n"); + if(packet->udp != NULL && (udp_len > (quic_hlen+4 /* QXXX */)) && ((packet->payload[0] & 0xC2) == 0x00) @@ -78,7 +84,7 @@ void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct, if((version_len > 0) && (packet->payload[1+cid_len] != 'Q')) goto no_quic; - NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "found QUIC.\n"); + NDPI_LOG_INFO(ndpi_struct, "found QUIC\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_QUIC, NDPI_PROTOCOL_UNKNOWN); if(packet->payload[quic_hlen+12] != 0xA0) @@ -126,8 +132,7 @@ void ndpi_search_quic(struct ndpi_detection_module_struct *ndpi_struct, } no_quic: - NDPI_LOG(NDPI_PROTOCOL_QUIC, ndpi_struct, NDPI_LOG_DEBUG, "exclude QUIC.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_QUIC); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } /* ***************************************************************** */ diff --git a/src/lib/protocols/radius.c b/src/lib/protocols/radius.c index 308049522..e0eb2657b 100644 --- a/src/lib/protocols/radius.c +++ b/src/lib/protocols/radius.c @@ -18,10 +18,14 @@ * */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_RADIUS + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_RADIUS #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_RADIUS struct radius_header { u_int8_t code; @@ -42,13 +46,12 @@ static void ndpi_check_radius(struct ndpi_detection_module_struct *ndpi_struct, && (h->code > 0) && (h->code <= 5) && (ntohs(h->len) == payload_len)) { - NDPI_LOG(NDPI_PROTOCOL_RADIUS, ndpi_struct, NDPI_LOG_DEBUG, "Found radius.\n"); + NDPI_LOG_INFO(ndpi_struct, "Found radius\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RADIUS, NDPI_PROTOCOL_UNKNOWN); return; } - - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RADIUS); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } } @@ -57,7 +60,7 @@ void ndpi_search_radius(struct ndpi_detection_module_struct *ndpi_struct, struct { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_RADIUS, ndpi_struct, NDPI_LOG_DEBUG, "radius detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search radius\n"); /* skip marked packets */ if(packet->detected_protocol_stack[0] != NDPI_PROTOCOL_RADIUS) diff --git a/src/lib/protocols/rdp.c b/src/lib/protocols/rdp.c index ee3dd3ca6..9ce692893 100644 --- a/src/lib/protocols/rdp.c +++ b/src/lib/protocols/rdp.c @@ -23,9 +23,14 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" + #ifdef NDPI_PROTOCOL_RDP +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_RDP + +#include "ndpi_api.h" + static void ndpi_int_rdp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -36,8 +41,7 @@ void ndpi_search_rdp(struct ndpi_detection_module_struct *ndpi_struct, struct nd { struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; + NDPI_LOG_DBG(ndpi_struct, "search RDP\n"); if (packet->payload_packet_len > 10 && get_u_int8_t(packet->payload, 0) > 0 @@ -45,12 +49,12 @@ void ndpi_search_rdp(struct ndpi_detection_module_struct *ndpi_struct, struct nd && get_u_int8_t(packet->payload, 4) == packet->payload_packet_len - 5 && get_u_int8_t(packet->payload, 5) == 0xe0 && get_u_int16_t(packet->payload, 6) == 0 && get_u_int16_t(packet->payload, 8) == 0 && get_u_int8_t(packet->payload, 10) == 0) { - NDPI_LOG(NDPI_PROTOCOL_RDP, ndpi_struct, NDPI_LOG_DEBUG, "RDP detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found RDP\n"); ndpi_int_rdp_add_connection(ndpi_struct, flow); return; } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RDP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/redis_net.c b/src/lib/protocols/redis_net.c index 4a9eeec46..4b51908fd 100644 --- a/src/lib/protocols/redis_net.c +++ b/src/lib/protocols/redis_net.c @@ -18,10 +18,14 @@ * */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_REDIS + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_REDIS #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_REDIS static void ndpi_int_redis_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_REDIS, NDPI_PROTOCOL_UNKNOWN); @@ -36,8 +40,7 @@ static void ndpi_check_redis(struct ndpi_detection_module_struct *ndpi_struct, s /* Break after 20 packets. */ if(flow->packet_counter > 20) { - NDPI_LOG(NDPI_PROTOCOL_REDIS, ndpi_struct, NDPI_LOG_DEBUG, "Exclude Redis.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_REDIS); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } @@ -66,11 +69,10 @@ static void ndpi_check_redis(struct ndpi_detection_module_struct *ndpi_struct, s && ((flow->redis_d2s_first_char == '+') || (flow->redis_d2s_first_char == ':'))) || ((flow->redis_d2s_first_char == '*') && ((flow->redis_s2d_first_char == '+') || (flow->redis_s2d_first_char == ':')))) { - NDPI_LOG(NDPI_PROTOCOL_REDIS, ndpi_struct, NDPI_LOG_DEBUG, "Found Redis.\n"); + NDPI_LOG_INFO(ndpi_struct, "Found Redis\n"); ndpi_int_redis_add_connection(ndpi_struct, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_REDIS, ndpi_struct, NDPI_LOG_DEBUG, "Exclude Redis.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_REDIS); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } else return; /* Too early */ @@ -79,7 +81,7 @@ static void ndpi_check_redis(struct ndpi_detection_module_struct *ndpi_struct, s void ndpi_search_redis(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_REDIS, ndpi_struct, NDPI_LOG_DEBUG, "Redis detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search Redis\n"); /* skip marked packets */ if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_REDIS) { diff --git a/src/lib/protocols/rsync.c b/src/lib/protocols/rsync.c index 2b85da72b..157b2e0e0 100644 --- a/src/lib/protocols/rsync.c +++ b/src/lib/protocols/rsync.c @@ -19,10 +19,14 @@ * */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_RSYNC + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_RSYNC #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_RSYNC static void ndpi_int_rsync_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -33,10 +37,10 @@ void ndpi_search_rsync(struct ndpi_detection_module_struct *ndpi_struct, struct { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_RSYNC, ndpi_struct, NDPI_LOG_DEBUG, "search for RSYNC.\n"); + NDPI_LOG_DBG(ndpi_struct, "search RSYNC\n"); if(packet->tcp) { - NDPI_LOG(NDPI_PROTOCOL_RSYNC, ndpi_struct, NDPI_LOG_DEBUG, "calculating RSYNC over tcp.\n"); + NDPI_LOG_DBG2(ndpi_struct, "calculating RSYNC over tcp\n"); /* * Should match: memcmp(packet->payload, "@RSYNCD: 28", 14) == 0) */ @@ -45,12 +49,11 @@ void ndpi_search_rsync(struct ndpi_detection_module_struct *ndpi_struct, struct packet->payload[3] == 0x59 && packet->payload[4] == 0x4e && packet->payload[5] == 0x43 && packet->payload[6] == 0x44 && packet->payload[7] == 0x3a ) { - NDPI_LOG(NDPI_PROTOCOL_RSYNC, ndpi_struct, NDPI_LOG_DEBUG, "found rsync.\n"); + NDPI_LOG_INFO(ndpi_struct, "found rsync\n"); ndpi_int_rsync_add_connection(ndpi_struct, flow); } } else { - NDPI_LOG(NDPI_PROTOCOL_RSYNC, ndpi_struct, NDPI_LOG_DEBUG, "exclude RSYNC.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RSYNC); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } diff --git a/src/lib/protocols/rtcp.c b/src/lib/protocols/rtcp.c index cc6265220..b924b476d 100644 --- a/src/lib/protocols/rtcp.c +++ b/src/lib/protocols/rtcp.c @@ -4,11 +4,14 @@ * Copyright (C) 2013 Remy Mudingay * */ +#include "ndpi_protocol_ids.h" +#ifdef NDPI_PROTOCOL_RTCP + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_RTCP #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_RTCP static void ndpi_int_rtcp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -20,18 +23,18 @@ void ndpi_search_rtcp(struct ndpi_detection_module_struct *ndpi_struct, struct n struct ndpi_packet_struct *packet = &flow->packet; u_int16_t dport = 0, sport = 0; - NDPI_LOG(NDPI_PROTOCOL_RTCP, ndpi_struct, NDPI_LOG_DEBUG, "search for RTCP.\n"); + NDPI_LOG_DBG(ndpi_struct, "search RTCP\n"); if(packet->tcp != NULL) { sport = ntohs(packet->tcp->source), dport = ntohs(packet->tcp->dest); - NDPI_LOG(NDPI_PROTOCOL_RTCP, ndpi_struct, NDPI_LOG_DEBUG, "calculating dport over tcp.\n"); + NDPI_LOG_DBG2(ndpi_struct, "calculating dport over tcp\n"); if(packet->payload_packet_len > 13 && (sport == 554 || dport == 554) && packet->payload[0] == 0x00 && packet->payload[1] == 0x00 && packet->payload[2] == 0x01 && packet->payload[3] == 0x01 && packet->payload[4] == 0x08 && packet->payload[5] == 0x0a && packet->payload[6] == 0x00 && packet->payload[7] == 0x01) { - NDPI_LOG(NDPI_PROTOCOL_RTCP, ndpi_struct, NDPI_LOG_DEBUG, "found rtcp.\n"); + NDPI_LOG_INFO(ndpi_struct, "found rtcp\n"); ndpi_int_rtcp_add_connection(ndpi_struct, flow); } } else if(packet->udp != NULL) { @@ -48,20 +51,19 @@ void ndpi_search_rtcp(struct ndpi_detection_module_struct *ndpi_struct, struct n offset += rtcp_section_len; } - NDPI_LOG(NDPI_PROTOCOL_RTCP, ndpi_struct, NDPI_LOG_DEBUG, "calculating dport over udp.\n"); + NDPI_LOG_DBG2(ndpi_struct, "calculating dport over udp\n"); /* TODO changed a pair of length condition to the && from ||. Is it correct? */ if(((packet->payload_packet_len >= 28 && packet->payload_packet_len <= 1200) && ((packet->payload[0] == 0x80) && ((packet->payload[1] == 0xc8) || (packet->payload[1] == 0xc9)) && (packet->payload[2] == 0x00))) || (packet->payload_packet_len >= 3 && ((packet->payload[0] == 0x81) && ((packet->payload[1] == 0xc8) || (packet->payload[1] == 0xc9)) && (packet->payload[2] == 0x00)))) { - NDPI_LOG(NDPI_PROTOCOL_RTCP, ndpi_struct, NDPI_LOG_DEBUG, "found rtcp.\n"); + NDPI_LOG_INFO(ndpi_struct, "found rtcp\n"); ndpi_int_rtcp_add_connection(ndpi_struct, flow); } } else { exclude_rtcp: - NDPI_LOG(NDPI_PROTOCOL_RTCP, ndpi_struct, NDPI_LOG_DEBUG, "exclude RTCP.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RTCP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } diff --git a/src/lib/protocols/rtmp.c b/src/lib/protocols/rtmp.c index b6d7db2f1..52492a290 100644 --- a/src/lib/protocols/rtmp.c +++ b/src/lib/protocols/rtmp.c @@ -23,10 +23,14 @@ * */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_RTMP + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_RTMP #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_RTMP static void ndpi_int_rtmp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RTMP, NDPI_PROTOCOL_UNKNOWN); @@ -39,24 +43,23 @@ static void ndpi_check_rtmp(struct ndpi_detection_module_struct *ndpi_struct, st /* Break after 20 packets. */ if (flow->packet_counter > 20) { - NDPI_LOG(NDPI_PROTOCOL_RTMP, ndpi_struct, NDPI_LOG_DEBUG, "Exclude RTMP.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RTMP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } /* Check if we so far detected the protocol in the request or not. */ if (flow->rtmp_stage == 0) { - NDPI_LOG(NDPI_PROTOCOL_RTMP, ndpi_struct, NDPI_LOG_DEBUG, "RTMP stage 0: \n"); + NDPI_LOG_DBG2(ndpi_struct, "RTMP stage 0: \n"); if ((payload_len >= 4) && ((packet->payload[0] == 0x03) || (packet->payload[0] == 0x06))) { - NDPI_LOG(NDPI_PROTOCOL_RTMP, ndpi_struct, NDPI_LOG_DEBUG, "Possible RTMP request detected, we will look further for the response...\n"); + NDPI_LOG_DBG2(ndpi_struct, "Possible RTMP request detected, we will look further for the response\n"); /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ flow->rtmp_stage = packet->packet_direction + 1; } } else { - NDPI_LOG(NDPI_PROTOCOL_RTMP, ndpi_struct, NDPI_LOG_DEBUG, "RTMP stage %u: \n", flow->rtmp_stage); + NDPI_LOG_DBG2(ndpi_struct, "RTMP stage %u: \n", flow->rtmp_stage); /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */ if ((flow->rtmp_stage - packet->packet_direction) == 1) { @@ -65,10 +68,10 @@ static void ndpi_check_rtmp(struct ndpi_detection_module_struct *ndpi_struct, st /* This is a packet in another direction. Check if we find the proper response. */ if ((payload_len >= 4) && ((packet->payload[0] == 0x03) || (packet->payload[0] == 0x06) || (packet->payload[0] == 0x08) || (packet->payload[0] == 0x09) || (packet->payload[0] == 0x0a))) { - NDPI_LOG(NDPI_PROTOCOL_RTMP, ndpi_struct, NDPI_LOG_DEBUG, "Found RTMP.\n"); + NDPI_LOG_INFO(ndpi_struct, "found RTMP\n"); ndpi_int_rtmp_add_connection(ndpi_struct, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_RTMP, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to RTMP, resetting the stage to 0...\n"); + NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to RTMP, resetting the stage to 0\n"); flow->rtmp_stage = 0; } @@ -79,7 +82,7 @@ void ndpi_search_rtmp(struct ndpi_detection_module_struct *ndpi_struct, struct n { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_RTMP, ndpi_struct, NDPI_LOG_DEBUG, "RTMP detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search RTMP\n"); /* skip marked packets */ if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_RTMP) { diff --git a/src/lib/protocols/rtp.c b/src/lib/protocols/rtp.c index 80848f5ba..3acf71b61 100644 --- a/src/lib/protocols/rtp.c +++ b/src/lib/protocols/rtp.c @@ -22,10 +22,14 @@ * */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_RTP + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_RTP #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_RTP /* http://www.myskypelab.com/2014/05/microsoft-lync-wireshark-plugin.html */ @@ -73,6 +77,7 @@ static void ndpi_rtp_search(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, const u_int8_t * payload, const u_int16_t payload_len) { + NDPI_LOG_DBG(ndpi_struct, "search RTP\n"); if (payload_len < 2) return; //struct ndpi_packet_struct *packet = &flow->packet; @@ -89,24 +94,25 @@ static void ndpi_rtp_search(struct ndpi_detection_module_struct *ndpi_struct, ) && (*ssid != 0) ) { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "Found RTP.\n"); + NDPI_LOG_INFO(ndpi_struct, "Found RTP\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RTP, NDPI_PROTOCOL_UNKNOWN); return; } else if((payload_len >= 12) && (((payload[0] & 0xFF) == 0x80) || ((payload[0] & 0xFF) == 0xA0)) /* RTP magic byte[1] */ && (payloadType = isValidMSRTPType(payload[1] & 0xFF))) { if(payloadType == 1 /* RTP */) { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "Found Skype for Business (former MS Lync)\n"); + NDPI_LOG_INFO(ndpi_struct, "Found Skype for Business (former MS Lync)\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_UNKNOWN); + return; } else /* RTCP */ { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "Found MS RTCP\n"); + NDPI_LOG_INFO(ndpi_struct, "Found MS RTCP\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RTCP, NDPI_PROTOCOL_UNKNOWN); + return; } } /* No luck this time */ - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "exclude rtp.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RTP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } void ndpi_search_rtp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -155,7 +161,7 @@ void init_seq(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow u_int8_t direction, u_int16_t seq, u_int8_t include_current_packet) { flow->rtp_seqnum[direction] = seq; - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "rtp_seqnum[%u] = %u\n", direction, seq); + NDPI_LOG_DBG(ndpi_struct, "rtp_seqnum[%u] = %u\n", direction, seq); } /* returns difference between old and new highest sequence number */ @@ -173,11 +179,11 @@ u_int16_t update_seq(struct ndpi_detection_module_struct *ndpi_struct, struct nd if (delta < RTP_MAX_OUT_OF_ORDER) { /* in order, with permissible gap */ flow->rtp_seqnum[direction] = seq; - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "rtp_seqnum[%u] = %u (increased by %u)\n", + NDPI_LOG_DBG(ndpi_struct, "rtp_seqnum[%u] = %u (increased by %u)\n", direction, seq, delta); return delta; } else { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "retransmission (dir %u, seqnum %u)\n", + NDPI_LOG_DBG(ndpi_struct, "retransmission (dir %u, seqnum %u)\n", direction, seq); return 0; } @@ -192,55 +198,54 @@ static void ndpi_rtp_search(struct ndpi_detection_module_struct *ndpi_struct, u_int8_t stage; u_int16_t seqnum = ntohs(get_u_int16_t(payload, 2)); - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "search rtp.\n"); + NDPI_LOG_DBG(ndpi_struct, "search rtp\n"); if (payload_len == 4 && get_u_int32_t(packet->payload, 0) == 0 && flow->packet_counter < 8) { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "need next packet, maybe ClearSea out calls.\n"); + NDPI_LOG_DBG(ndpi_struct, "need next packet, maybe ClearSea out calls\n"); return; } if (payload_len == 5 && memcmp(payload, "hello", 5) == 0) { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG(ndpi_struct, "need next packet, initial hello packet of SIP out calls.\n"); return; } if (payload_len == 1 && payload[0] == 0) { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG(ndpi_struct, "need next packet, payload_packet_len == 1 && payload[0] == 0.\n"); return; } if (payload_len == 3 && memcmp(payload, "png", 3) == 0) { /* weird packet found in Ninja GlobalIP trace */ - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "skipping packet with len = 3 and png payload.\n"); + NDPI_LOG_DBG(ndpi_struct, "skipping packet with len = 3 and png payload\n"); return; } if (payload_len < 12) { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "minimal packet size for rtp packets: 12.\n"); + NDPI_LOG_DBG(ndpi_struct, "minimal packet size for rtp packets: 12\n"); goto exclude_rtp; } if (payload_len == 12 && get_u_int32_t(payload, 0) == 0 && get_u_int32_t(payload, 4) == 0 && get_u_int32_t(payload, 8) == 0) { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "skipping packet with len = 12 and only 0-bytes.\n"); + NDPI_LOG_DBG(ndpi_struct, "skipping packet with len = 12 and only 0-bytes\n"); return; } if ((payload[0] & 0xc0) == 0xc0 || (payload[0] & 0xc0) == 0x40 || (payload[0] & 0xc0) == 0x00) { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "version = 3 || 1 || 0, maybe first rtp packet.\n"); + NDPI_LOG_DBG(ndpi_struct, "version = 3 || 1 || 0, maybe first rtp packet\n"); return; } if ((payload[0] & 0xc0) != 0x80) { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, - NDPI_LOG_DEBUG, "rtp version must be 2, first two bits of a packets must be 10.\n"); + NDPI_LOG_DBG(ndpi_struct, "rtp version must be 2, first two bits of a packets must be 10\n"); goto exclude_rtp; } /* rtp_payload_type are the last seven bits of the second byte */ if (flow->rtp_payload_type[packet->packet_direction] != (payload[1] & 0x7F)) { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "payload_type has changed, reset stages.\n"); + NDPI_LOG_DBG(ndpi_struct, "payload_type has changed, reset stages\n"); packet->packet_direction == 0 ? (flow->rtp_stage1 = 0) : (flow->rtp_stage2 = 0); } /* first bit of first byte is not part of payload_type */ @@ -249,51 +254,48 @@ static void ndpi_rtp_search(struct ndpi_detection_module_struct *ndpi_struct, stage = (packet->packet_direction == 0 ? flow->rtp_stage1 : flow->rtp_stage2); if (stage > 0) { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, - NDPI_LOG_DEBUG, "stage = %u.\n", packet->packet_direction == 0 ? flow->rtp_stage1 : flow->rtp_stage2); + NDPI_LOG_DBG(ndpi_struct, "stage = %u\n", packet->packet_direction == 0 ? flow->rtp_stage1 : flow->rtp_stage2); if (flow->rtp_ssid[packet->packet_direction] != get_u_int32_t(payload, 8)) { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "ssid has changed, goto exclude rtp.\n"); + NDPI_LOG_DBG(ndpi_struct, "ssid has changed, goto exclude rtp\n"); goto exclude_rtp; } if (seqnum == flow->rtp_seqnum[packet->packet_direction]) { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "maybe \"retransmission\", need next packet.\n"); + NDPI_LOG_DBG(ndpi_struct, "maybe \"retransmission\", need next packet\n"); return; } else if ((u_int16_t) (seqnum - flow->rtp_seqnum[packet->packet_direction]) < RTP_MAX_OUT_OF_ORDER) { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG(ndpi_struct, "new packet has larger sequence number (within valid range)\n"); update_seq(ndpi_struct, flow, packet->packet_direction, seqnum); } else if ((u_int16_t) (flow->rtp_seqnum[packet->packet_direction] - seqnum) < RTP_MAX_OUT_OF_ORDER) { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG(ndpi_struct, "new packet has smaller sequence number (within valid range)\n"); init_seq(ndpi_struct, flow, packet->packet_direction, seqnum, 1); } else { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG(ndpi_struct, "sequence number diff is too big, goto exclude rtp.\n"); goto exclude_rtp; } } else { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, - NDPI_LOG_DEBUG, "rtp_ssid[%u] = %u.\n", packet->packet_direction, + NDPI_LOG_DBG(ndpi_struct, "rtp_ssid[%u] = %u\n", packet->packet_direction, flow->rtp_ssid[packet->packet_direction]); flow->rtp_ssid[packet->packet_direction] = get_u_int32_t(payload, 8); if (flow->packet_counter < 3) { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "packet_counter < 3, need next packet.\n"); + NDPI_LOG_DBG(ndpi_struct, "packet_counter < 3, need next packet\n"); } init_seq(ndpi_struct, flow, packet->packet_direction, seqnum, 1); } if (seqnum <= 3) { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, - NDPI_LOG_DEBUG, "sequence_number = %u, too small, need next packet, return.\n", seqnum); + NDPI_LOG_DBG(ndpi_struct, "sequence_number = %u, too small, need next packet, return\n", seqnum); return; } if (stage == 3) { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "add connection I.\n"); + NDPI_LOG_DBG(ndpi_struct, "add connection I\n"); ndpi_int_rtp_add_connection(ndpi_struct, flow); } else { packet->packet_direction == 0 ? flow->rtp_stage1++ : flow->rtp_stage2++; - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "stage[%u]++; need next packet.\n", + NDPI_LOG_DBG(ndpi_struct, "stage[%u]++; need next packet\n", packet->packet_direction); } return; @@ -302,12 +304,11 @@ static void ndpi_rtp_search(struct ndpi_detection_module_struct *ndpi_struct, #ifdef NDPI_PROTOCOL_STUN if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_STUN || /* packet->real_protocol_read_only == NDPI_PROTOCOL_STUN */) { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "STUN: is detected, need next packet.\n"); + NDPI_LOG_DBG(ndpi_struct, "STUN: is detected, need next packet\n"); return; } #endif /* NDPI_PROTOCOL_STUN */ - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "exclude rtp.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RTP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } @@ -325,7 +326,7 @@ void ndpi_search_rtp(struct ndpi_detection_module_struct *ndpi_struct, struct nd packet->payload[0] == 0x90 && packet->payload[1] >= 0x01 && packet->payload[1] <= 0x07) { if (flow->packet_counter == 2) flow->l4.tcp.rtp_special_packets_seen = 1; - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG(ndpi_struct, "skipping STUN-like, special yahoo packets with payload[0] == 0x90.\n"); return; } @@ -366,14 +367,12 @@ void ndpi_search_rtp(struct ndpi_detection_module_struct *ndpi_struct, struct nd } if (NDPI_FLOW_PROTOCOL_EXCLUDED(ndpi_struct, flow, NDPI_PROTOCOL_STUN)) { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "exclude rtp.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RTP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "STUN not yet excluded, need next packet.\n"); + NDPI_LOG_DBG(ndpi_struct, "STUN not yet excluded, need next packet\n"); } #else - NDPI_LOG(NDPI_PROTOCOL_RTP, ndpi_struct, NDPI_LOG_DEBUG, "exclude rtp.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RTP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); #endif } } diff --git a/src/lib/protocols/rtsp.c b/src/lib/protocols/rtsp.c index 0f4a71e52..e20c53065 100644 --- a/src/lib/protocols/rtsp.c +++ b/src/lib/protocols/rtsp.c @@ -22,19 +22,20 @@ * */ - -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_RTSP -#ifndef NDPI_PROTOCOL_RTP -#error RTSP requires RTP detection to work correctly -#endif -#ifndef NDPI_PROTOCOL_RTSP -#error RTSP requires RTSP detection to work correctly -#endif -#ifndef NDPI_PROTOCOL_RDP -#error RTSP requires RDP detection to work correctly -#endif + #ifndef NDPI_PROTOCOL_RTP + #error RTSP requires RTP detection to work correctly + #endif + #ifndef NDPI_PROTOCOL_RDP + #error RTSP requires RDP detection to work correctly + #endif + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_RTSP + +#include "ndpi_api.h" + static void ndpi_int_rtsp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow/* , */ @@ -52,7 +53,7 @@ void ndpi_search_rtsp_tcp_udp(struct ndpi_detection_module_struct struct ndpi_id_struct *src = flow->src; struct ndpi_id_struct *dst = flow->dst; - NDPI_LOG(NDPI_PROTOCOL_RTSP, ndpi_struct, NDPI_LOG_TRACE, "RTSP detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search RTSP\n"); if (flow->rtsprdt_stage == 0 #ifdef NDPI_PROTOCOL_RTCP @@ -60,13 +61,13 @@ void ndpi_search_rtsp_tcp_udp(struct ndpi_detection_module_struct #endif ) { flow->rtsprdt_stage = 1 + packet->packet_direction; - NDPI_LOG(NDPI_PROTOCOL_RTSP, ndpi_struct, NDPI_LOG_DEBUG, "maybe handshake 1; need next packet, return.\n"); + NDPI_LOG_DBG2(ndpi_struct, "maybe handshake 1; need next packet, return\n"); return; } if (flow->packet_counter < 3 && flow->rtsprdt_stage == 1 + packet->packet_direction) { - NDPI_LOG(NDPI_PROTOCOL_RTSP, ndpi_struct, NDPI_LOG_DEBUG, "maybe handshake 2; need next packet.\n"); + NDPI_LOG_DBG2(ndpi_struct, "maybe handshake 2; need next packet\n"); return; } @@ -80,20 +81,20 @@ void ndpi_search_rtsp_tcp_udp(struct ndpi_detection_module_struct // RTSP Server Message if((memcmp(packet->payload, "RTSP/1.0 ", 9) == 0) || (strstr(buf, "rtsp://") != NULL)) { - NDPI_LOG(NDPI_PROTOCOL_RTSP, ndpi_struct, NDPI_LOG_TRACE, "found RTSP/1.0 .\n"); + NDPI_LOG_DBG2(ndpi_struct, "found RTSP/1.0 \n"); if (dst != NULL) { - NDPI_LOG(NDPI_PROTOCOL_RTSP, ndpi_struct, NDPI_LOG_TRACE, "found dst.\n"); + NDPI_LOG_DBG2(ndpi_struct, "found dst\n"); ndpi_packet_src_ip_get(packet, &dst->rtsp_ip_address); dst->rtsp_timer = packet->tick_timestamp; dst->rtsp_ts_set = 1; } if (src != NULL) { - NDPI_LOG(NDPI_PROTOCOL_RTSP, ndpi_struct, NDPI_LOG_TRACE, "found src.\n"); + NDPI_LOG_DBG2(ndpi_struct, "found src\n"); ndpi_packet_dst_ip_get(packet, &src->rtsp_ip_address); src->rtsp_timer = packet->tick_timestamp; src->rtsp_ts_set = 1; } - NDPI_LOG(NDPI_PROTOCOL_RTSP, ndpi_struct, NDPI_LOG_TRACE, "RTSP detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found RTSP\n"); flow->rtsp_control_flow = 1; ndpi_int_rtsp_add_connection(ndpi_struct, flow); return; @@ -105,14 +106,13 @@ void ndpi_search_rtsp_tcp_udp(struct ndpi_detection_module_struct || (NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RTCP) == 0) #endif )) { - NDPI_LOG(NDPI_PROTOCOL_RTSP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "maybe RTSP RTP, RTSP RTCP, RDT; need next packet.\n"); return; } - NDPI_LOG(NDPI_PROTOCOL_RTSP, ndpi_struct, NDPI_LOG_DEBUG, "didn't find handshake, exclude.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RTSP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } diff --git a/src/lib/protocols/rx.c b/src/lib/protocols/rx.c index b206ff5aa..c61f0a9ad 100644 --- a/src/lib/protocols/rx.c +++ b/src/lib/protocols/rx.c @@ -22,11 +22,15 @@ * along with nDPI. If not, see . * */ +#include "ndpi_protocol_ids.h" -#include "ndpi_api.h" #ifdef NDPI_PROTOCOL_RX +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_RX + +#include "ndpi_api.h" + /* See http://web.mit.edu/kolya/afs/rx/rx-spec for protocol description. */ /* The should be no need for explicit packing, but just in case... */ @@ -79,13 +83,12 @@ void ndpi_check_rx(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_packet_struct *packet = &flow->packet; u_int32_t payload_len = packet->payload_packet_len; - NDPI_LOG(NDPI_PROTOCOL_RX, ndpi_struct, NDPI_LOG_DEBUG, "RX: pck: %d, dir[0]: %d, dir[1]: %d\n", + NDPI_LOG_DBG2(ndpi_struct, "RX: pck: %d, dir[0]: %d, dir[1]: %d\n", flow->packet_counter, flow->packet_direction_counter[0], flow->packet_direction_counter[1]); /* Check that packet is long enough */ if (payload_len < sizeof(struct ndpi_rx_header)) { - NDPI_LOG(NDPI_PROTOCOL_RX, ndpi_struct, NDPI_LOG_DEBUG, "excluding RX\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RX); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } @@ -108,8 +111,7 @@ void ndpi_check_rx(struct ndpi_detection_module_struct *ndpi_struct, /* TYPE field */ if((header->type < DATA) || (header->type > VERSION)) { - NDPI_LOG(NDPI_PROTOCOL_RX, ndpi_struct, NDPI_LOG_DEBUG, "excluding RX\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RX); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } @@ -157,13 +159,11 @@ void ndpi_check_rx(struct ndpi_detection_module_struct *ndpi_struct, case VERSION: goto security; default: - NDPI_LOG(NDPI_PROTOCOL_RX, ndpi_struct, NDPI_LOG_DEBUG, "excluding RX\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RX); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } // switch } else { // FLAG - NDPI_LOG(NDPI_PROTOCOL_RX, ndpi_struct, NDPI_LOG_DEBUG, "excluding RX\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RX); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } @@ -171,8 +171,7 @@ void ndpi_check_rx(struct ndpi_detection_module_struct *ndpi_struct, /* SECURITY field */ if(header->security > 3) { - NDPI_LOG(NDPI_PROTOCOL_RX, ndpi_struct, NDPI_LOG_DEBUG, "excluding RX\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RX); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } @@ -184,21 +183,20 @@ void ndpi_check_rx(struct ndpi_detection_module_struct *ndpi_struct, if (flow->l4.udp.rx_conn_epoch == header->conn_epoch && flow->l4.udp.rx_conn_id == header->conn_id) { - NDPI_LOG(NDPI_PROTOCOL_RX, ndpi_struct, NDPI_LOG_DEBUG, "found RX\n"); + NDPI_LOG_INFO(ndpi_struct, "found RX\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RX, NDPI_PROTOCOL_UNKNOWN); } /* https://www.central.org/frameless/numbers/rxservice.html. */ else { - NDPI_LOG(NDPI_PROTOCOL_RX, ndpi_struct, NDPI_LOG_DEBUG, "excluding RX\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RX); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } } else { flow->l4.udp.rx_conn_epoch = header->conn_epoch; flow->l4.udp.rx_conn_id = header->conn_id; { - NDPI_LOG(NDPI_PROTOCOL_RX, ndpi_struct, NDPI_LOG_DEBUG, "found RX\n"); + NDPI_LOG_INFO(ndpi_struct, "found RX\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RX, NDPI_PROTOCOL_UNKNOWN); } } @@ -209,7 +207,7 @@ void ndpi_search_rx(struct ndpi_detection_module_struct *ndpi_struct, { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_RX, ndpi_struct, NDPI_LOG_DEBUG, "entering RX search\n"); + NDPI_LOG_DBG(ndpi_struct, "search RX\n"); if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_RX) { ndpi_check_rx(ndpi_struct, flow); } diff --git a/src/lib/protocols/sflow.c b/src/lib/protocols/sflow.c index 45ccb650a..75b631abc 100644 --- a/src/lib/protocols/sflow.c +++ b/src/lib/protocols/sflow.c @@ -18,35 +18,35 @@ * */ - -#include "ndpi_api.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_SFLOW -static void ndpi_check_sflow(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SFLOW + +#include "ndpi_api.h" + +void ndpi_search_sflow(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; // const u_int8_t *packet_payload = packet->payload; u_int32_t payload_len = packet->payload_packet_len; + NDPI_LOG_DBG(ndpi_struct, "search sflow\n"); + if((packet->udp != NULL) && (payload_len >= 24) /* Version */ && (packet->payload[0] == 0) && (packet->payload[1] == 0) && (packet->payload[2] == 0) && ((packet->payload[3] == 2) || (packet->payload[3] == 5))) { - NDPI_LOG(NDPI_PROTOCOL_SFLOW, ndpi_struct, NDPI_LOG_DEBUG, "Found sflow.\n"); + NDPI_LOG_INFO(ndpi_struct, "found sflow\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SFLOW, NDPI_PROTOCOL_UNKNOWN); return; } -} -void ndpi_search_sflow(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) -{ - NDPI_LOG(NDPI_PROTOCOL_SFLOW, ndpi_struct, NDPI_LOG_DEBUG, "sflow detection...\n"); - ndpi_check_sflow(ndpi_struct, flow); +// FIXME NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } - void init_sflow_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { ndpi_set_bitmask_protocol_detection("sFlow", ndpi_struct, detection_bitmask, *id, diff --git a/src/lib/protocols/shoutcast.c b/src/lib/protocols/shoutcast.c index 9ef6c37e8..2115c574f 100644 --- a/src/lib/protocols/shoutcast.c +++ b/src/lib/protocols/shoutcast.c @@ -22,11 +22,14 @@ * */ - -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_SHOUTCAST +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SHOUTCAST + +#include "ndpi_api.h" + static void ndpi_int_shoutcast_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -39,13 +42,13 @@ void ndpi_search_shoutcast_tcp(struct ndpi_detection_module_struct struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_SHOUTCAST, ndpi_struct, NDPI_LOG_DEBUG, "search shoutcast.\n"); + NDPI_LOG_DBG(ndpi_struct, "search shoutcast\n"); if (flow->packet_counter == 1) { /* this case in paul_upload_oddcast_002.pcap */ if (packet->payload_packet_len >= 6 && packet->payload_packet_len < 80 && memcmp(packet->payload, "123456", 6) == 0) { - NDPI_LOG(NDPI_PROTOCOL_SHOUTCAST, ndpi_struct, NDPI_LOG_DEBUG, "Shoutcast stage 1, \"123456\".\n"); + NDPI_LOG_DBG2(ndpi_struct, "Shoutcast stage 1, \"123456\"\n"); return; } if (flow->packet_counter < 3 @@ -53,11 +56,11 @@ void ndpi_search_shoutcast_tcp(struct ndpi_detection_module_struct && packet->detected_protocol_stack[0] == NDPI_PROTOCOL_HTTP #endif ) { - NDPI_LOG(NDPI_PROTOCOL_SHOUTCAST, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "http detected, need next packet for shoutcast detection.\n"); if (packet->payload_packet_len > 4 && get_u_int32_t(packet->payload, packet->payload_packet_len - 4) != htonl(0x0d0a0d0a)) { - NDPI_LOG(NDPI_PROTOCOL_SHOUTCAST, ndpi_struct, NDPI_LOG_DEBUG, "segmented packet found.\n"); + NDPI_LOG_DBG2(ndpi_struct, "segmented packet found\n"); flow->l4.tcp.shoutcast_stage = 1 + packet->packet_direction; } return; @@ -70,7 +73,7 @@ void ndpi_search_shoutcast_tcp(struct ndpi_detection_module_struct } /* evtl. für asym detection noch User-Agent:Winamp dazunehmen. */ if (packet->payload_packet_len > 11 && memcmp(packet->payload, "ICY 200 OK\x0d\x0a", 12) == 0) { - NDPI_LOG(NDPI_PROTOCOL_SHOUTCAST, ndpi_struct, NDPI_LOG_DEBUG, "found shoutcast by ICY 200 OK.\n"); + NDPI_LOG_INFO(ndpi_struct, "found shoutcast by ICY 200 OK\n"); ndpi_int_shoutcast_add_connection(ndpi_struct, flow); return; } @@ -81,19 +84,19 @@ void ndpi_search_shoutcast_tcp(struct ndpi_detection_module_struct if (flow->packet_counter == 2) { if (packet->payload_packet_len == 2 && memcmp(packet->payload, "\x0d\x0a", 2) == 0) { - NDPI_LOG(NDPI_PROTOCOL_SHOUTCAST, ndpi_struct, NDPI_LOG_DEBUG, "Shoutcast stage 1 continuation.\n"); + NDPI_LOG_DBG2(ndpi_struct, "Shoutcast stage 1 continuation\n"); return; } else if (packet->payload_packet_len > 3 && memcmp(&packet->payload[0], "OK2", 3) == 0) { - NDPI_LOG(NDPI_PROTOCOL_SHOUTCAST, ndpi_struct, NDPI_LOG_DEBUG, "Shoutcast stage 2, OK2 found.\n"); + NDPI_LOG_DBG2(ndpi_struct, "Shoutcast stage 2, OK2 found\n"); return; } else goto exclude_shoutcast; } else if (flow->packet_counter == 3 || flow->packet_counter == 4) { if (packet->payload_packet_len > 3 && memcmp(&packet->payload[0], "OK2", 3) == 0) { - NDPI_LOG(NDPI_PROTOCOL_SHOUTCAST, ndpi_struct, NDPI_LOG_DEBUG, "Shoutcast stage 2, OK2 found.\n"); + NDPI_LOG_DBG2(ndpi_struct, "Shoutcast stage 2, OK2 found\n"); return; } else if (packet->payload_packet_len > 4 && memcmp(&packet->payload[0], "icy-", 4) == 0) { - NDPI_LOG(NDPI_PROTOCOL_SHOUTCAST, ndpi_struct, NDPI_LOG_DEBUG, "Shoutcast detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found Shoutcast\n"); ndpi_int_shoutcast_add_connection(ndpi_struct, flow); return; } else @@ -101,8 +104,7 @@ void ndpi_search_shoutcast_tcp(struct ndpi_detection_module_struct } exclude_shoutcast: - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SHOUTCAST); - NDPI_LOG(NDPI_PROTOCOL_SHOUTCAST, ndpi_struct, NDPI_LOG_DEBUG, "Shoutcast excluded.\n"); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/sip.c b/src/lib/protocols/sip.c index 94386d61e..44d2a12fe 100644 --- a/src/lib/protocols/sip.c +++ b/src/lib/protocols/sip.c @@ -22,10 +22,14 @@ * */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_SIP + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SIP #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_SIP static void ndpi_int_sip_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int8_t due_to_correlation) { @@ -41,18 +45,14 @@ void ndpi_search_sip_handshake(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; const u_int8_t *packet_payload = packet->payload; u_int32_t payload_len = packet->payload_packet_len; - if (payload_len > 4) { /* search for STUN Turn ChannelData Prefix */ u_int16_t message_len = ntohs(get_u_int16_t(packet->payload, 2)); if (payload_len - 4 == message_len) { - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "found STUN TURN ChannelData prefix.\n"); + NDPI_LOG_DBG2(ndpi_struct, "found STUN TURN ChannelData prefix\n"); payload_len -= 4; packet_payload += 4; } @@ -68,7 +68,7 @@ void ndpi_search_sip_handshake(struct ndpi_detection_module_struct if ((memcmp(packet_payload, "NOTIFY ", 7) == 0 || memcmp(packet_payload, "notify ", 7) == 0) && (memcmp(&packet_payload[7], "SIP:", 4) == 0 || memcmp(&packet_payload[7], "sip:", 4) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "found sip NOTIFY.\n"); + NDPI_LOG_INFO(ndpi_struct, "found sip NOTIFY\n"); ndpi_int_sip_add_connection(ndpi_struct, flow, 0); return; } @@ -76,14 +76,14 @@ void ndpi_search_sip_handshake(struct ndpi_detection_module_struct if ((memcmp(packet_payload, "REGISTER ", 9) == 0 || memcmp(packet_payload, "register ", 9) == 0) && (memcmp(&packet_payload[9], "SIP:", 4) == 0 || memcmp(&packet_payload[9], "sip:", 4) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "found sip REGISTER.\n"); + NDPI_LOG_INFO(ndpi_struct, "found sip REGISTER\n"); ndpi_int_sip_add_connection(ndpi_struct, flow, 0); return; } if ((memcmp(packet_payload, "INVITE ", 7) == 0 || memcmp(packet_payload, "invite ", 7) == 0) && (memcmp(&packet_payload[7], "SIP:", 4) == 0 || memcmp(&packet_payload[7], "sip:", 4) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "found sip INVITE.\n"); + NDPI_LOG_INFO(ndpi_struct, "found sip INVITE\n"); ndpi_int_sip_add_connection(ndpi_struct, flow, 0); return; } @@ -95,34 +95,34 @@ void ndpi_search_sip_handshake(struct ndpi_detection_module_struct /* if (memcmp(packet_payload, "SIP/2.0 200 OK", 14) == 0 || memcmp(packet_payload, "sip/2.0 200 OK", 14) == 0) { - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "found sip SIP/2.0 0K.\n"); + NDPI_LOG_INFO(ndpi_struct, "found sip SIP/2.0 0K\n"); ndpi_int_sip_add_connection(ndpi_struct, flow, 0); return; } */ if (memcmp(packet_payload, "SIP/2.0 ", 8) == 0 || memcmp(packet_payload, "sip/2.0 ", 8) == 0) { - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "found sip SIP/2.0 *.\n"); + NDPI_LOG_INFO(ndpi_struct, "found sip SIP/2.0 *\n"); ndpi_int_sip_add_connection(ndpi_struct, flow, 0); return; } if ((memcmp(packet_payload, "BYE ", 4) == 0 || memcmp(packet_payload, "bye ", 4) == 0) && (memcmp(&packet_payload[4], "SIP:", 4) == 0 || memcmp(&packet_payload[4], "sip:", 4) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "found sip BYE.\n"); + NDPI_LOG_INFO(ndpi_struct, "found sip BYE\n"); ndpi_int_sip_add_connection(ndpi_struct, flow, 0); return; } if ((memcmp(packet_payload, "ACK ", 4) == 0 || memcmp(packet_payload, "ack ", 4) == 0) && (memcmp(&packet_payload[4], "SIP:", 4) == 0 || memcmp(&packet_payload[4], "sip:", 4) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "found sip ACK.\n"); + NDPI_LOG_INFO(ndpi_struct, "found sip ACK\n"); ndpi_int_sip_add_connection(ndpi_struct, flow, 0); return; } if ((memcmp(packet_payload, "CANCEL ", 7) == 0 || memcmp(packet_payload, "cancel ", 7) == 0) && (memcmp(&packet_payload[4], "SIP:", 4) == 0 || memcmp(&packet_payload[4], "sip:", 4) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "found sip CANCEL.\n"); + NDPI_LOG_INFO(ndpi_struct, "found sip CANCEL\n"); ndpi_int_sip_add_connection(ndpi_struct, flow, 0); return; } @@ -132,7 +132,7 @@ void ndpi_search_sip_handshake(struct ndpi_detection_module_struct || memcmp(packet_payload, "options ", 8) == 0) && (memcmp(&packet_payload[8], "SIP:", 4) == 0 || memcmp(&packet_payload[8], "sip:", 4) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "found sip OPTIONS.\n"); + NDPI_LOG_INFO(ndpi_struct, "found sip OPTIONS\n"); ndpi_int_sip_add_connection(ndpi_struct, flow, 0); return; } @@ -141,19 +141,19 @@ void ndpi_search_sip_handshake(struct ndpi_detection_module_struct /* add bitmask for tcp only, some stupid udp programs * send a very few (< 10 ) packets before invite (mostly a 0x0a0x0d, but just search the first 3 payload_packets here */ if (packet->udp != NULL && flow->packet_counter < 20) { - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "need next packet.\n"); + NDPI_LOG_DBG2(ndpi_struct, "need next packet\n"); return; } #ifdef NDPI_PROTOCOL_STUN /* for STUN flows we need some more packets */ if (packet->udp != NULL && flow->detected_protocol_stack[0] == NDPI_PROTOCOL_STUN && flow->packet_counter < 40) { - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "need next STUN packet.\n"); + NDPI_LOG_DBG2(ndpi_struct, "need next STUN packet\n"); return; } #endif if (payload_len == 4 && get_u_int32_t(packet_payload, 0) == 0) { - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "maybe sip. need next packet.\n"); + NDPI_LOG_DBG2(ndpi_struct, "maybe sip. need next packet\n"); return; } #ifdef NDPI_PROTOCOL_YAHOO @@ -161,27 +161,21 @@ void ndpi_search_sip_handshake(struct ndpi_detection_module_struct && packet_payload[3] == payload_len - 20 && get_u_int32_t(packet_payload, 4) == 0 && get_u_int32_t(packet_payload, 8) == 0) { flow->sip_yahoo_voice = 1; - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "maybe sip yahoo. need next packet.\n"); + NDPI_LOG_DBG2(ndpi_struct, "maybe sip yahoo. need next packet\n"); } if (flow->sip_yahoo_voice && flow->packet_counter < 10) { return; } #endif - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "exclude sip.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SIP); - return; - + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } void ndpi_search_sip(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_flow_struct *flow = ndpi_struct->flow; - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; - NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "sip detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search sip\n"); /* skip marked packets */ if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_SIP) { diff --git a/src/lib/protocols/skinny.c b/src/lib/protocols/skinny.c index a31d8cc86..0acebf271 100644 --- a/src/lib/protocols/skinny.c +++ b/src/lib/protocols/skinny.c @@ -17,12 +17,15 @@ * If not, see . * */ +#include "ndpi_protocol_ids.h" +#ifdef NDPI_PROTOCOL_SKINNY + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SKINNY #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_SKINNY static void ndpi_int_skinny_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -38,26 +41,25 @@ void ndpi_search_skinny(struct ndpi_detection_module_struct *ndpi_struct, struct const char keypadmsg_8_bytes[8] = { 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; const char selectmsg_8_bytes[8] = { 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; - NDPI_LOG(NDPI_PROTOCOL_SKINNY, ndpi_struct, NDPI_LOG_DEBUG, "search for SKINNY.\n"); + NDPI_LOG_DBG(ndpi_struct, "search for SKINNY\n"); if(packet->tcp != NULL) { sport = ntohs(packet->tcp->source), dport = ntohs(packet->tcp->dest); - NDPI_LOG(NDPI_PROTOCOL_SKINNY, ndpi_struct, NDPI_LOG_DEBUG, "calculating SKINNY over tcp.\n"); + NDPI_LOG_DBG2(ndpi_struct, "calculating SKINNY over tcp\n"); if (dport == 2000 && ((packet->payload_packet_len == 24 && memcmp(&packet->payload[0], keypadmsg_8_bytes, 8) == 0) || ((packet->payload_packet_len == 64) && memcmp(&packet->payload[0], pattern_8_bytes, 8) == 0))) { - NDPI_LOG(NDPI_PROTOCOL_SKINNY, ndpi_struct, NDPI_LOG_DEBUG, "found skinny.\n"); + NDPI_LOG_INFO(ndpi_struct, "found skinny\n"); ndpi_int_skinny_add_connection(ndpi_struct, flow); } else if (sport == 2000 && ((packet->payload_packet_len == 28 && memcmp(&packet->payload[0], selectmsg_8_bytes, 8) == 0 ) || (packet->payload_packet_len == 44 && memcmp(&packet->payload[0], pattern_9_bytes, 9) == 0))) { - NDPI_LOG(NDPI_PROTOCOL_SKINNY, ndpi_struct, NDPI_LOG_DEBUG, "found skinny.\n"); + NDPI_LOG_INFO(ndpi_struct, "found skinny\n"); ndpi_int_skinny_add_connection(ndpi_struct, flow); } } else { - NDPI_LOG(NDPI_PROTOCOL_SKINNY, ndpi_struct, NDPI_LOG_DEBUG, "exclude SKINNY.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SKINNY); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } diff --git a/src/lib/protocols/skype.c b/src/lib/protocols/skype.c index 19de3c437..ea571961f 100644 --- a/src/lib/protocols/skype.c +++ b/src/lib/protocols/skype.c @@ -17,10 +17,15 @@ * along with nDPI. If not, see . * */ -#include "ndpi_api.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_SKYPE +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SKYPE + +#include "ndpi_api.h" + + static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; @@ -44,13 +49,13 @@ static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, s ((payload_len >= 16) && (packet->payload[0] != 0x30) /* Avoid invalid SNMP detection */ && (packet->payload[2] == 0x02))) { - NDPI_LOG(NDPI_PROTOCOL_SKYPE, ndpi_struct, NDPI_LOG_DEBUG, "Found skype.\n"); + NDPI_LOG_INFO(ndpi_struct, "found skype\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_UNKNOWN); } } return; } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SKYPE); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; // TCP check @@ -69,15 +74,16 @@ static void ndpi_check_skype(struct ndpi_detection_module_struct *ndpi_struct, s // printf("[SKYPE] payload_len=%u\n", payload_len); /* printf("[SKYPE] %u/%u\n", ntohs(packet->tcp->source), ntohs(packet->tcp->dest)); */ - NDPI_LOG(NDPI_PROTOCOL_SKYPE, ndpi_struct, NDPI_LOG_DEBUG, "Found skype.\n"); + NDPI_LOG_INFO(ndpi_struct, "found skype\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_UNKNOWN); } else { // printf("NO [SKYPE] payload_len=%u\n", payload_len); } /* printf("[SKYPE] [id: %u][len: %d]\n", flow->l4.tcp.skype_packet_id, payload_len); */ - } else - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SKYPE); + } else { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + } return; } @@ -87,7 +93,7 @@ void ndpi_search_skype(struct ndpi_detection_module_struct *ndpi_struct, struct { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_SKYPE, ndpi_struct, NDPI_LOG_DEBUG, "skype detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search skype\n"); /* skip marked packets */ if(packet->detected_protocol_stack[0] != NDPI_PROTOCOL_SKYPE) diff --git a/src/lib/protocols/smb.c b/src/lib/protocols/smb.c index 051aee635..6ac7e282a 100644 --- a/src/lib/protocols/smb.c +++ b/src/lib/protocols/smb.c @@ -20,33 +20,37 @@ * along with nDPI. If not, see . * */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_SMB +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SMB + +#include "ndpi_api.h" + void ndpi_search_smb_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; + NDPI_LOG_DBG(ndpi_struct, "search SMB\n"); + /* Check connection over TCP */ if(packet->tcp) { - NDPI_LOG(NDPI_PROTOCOL_SMB, ndpi_struct, NDPI_LOG_DEBUG, "search SMB.\n"); if(packet->tcp->dest == htons(445) && packet->payload_packet_len > (32 + 4 + 4) && (packet->payload_packet_len - 4) == ntohl(get_u_int32_t(packet->payload, 0)) && get_u_int32_t(packet->payload, 4) == htonl(0xff534d42)) { - NDPI_LOG(NDPI_PROTOCOL_SMB, ndpi_struct, NDPI_LOG_DEBUG, "found SMB.\n"); + NDPI_LOG_INFO(ndpi_struct, "found SMB\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SMB, NDPI_PROTOCOL_UNKNOWN); return; } } - NDPI_LOG(NDPI_PROTOCOL_SMB, ndpi_struct, NDPI_LOG_DEBUG, "exclude SMB.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SMB); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/smpp.c b/src/lib/protocols/smpp.c index 3185cbf44..1bd2a870b 100644 --- a/src/lib/protocols/smpp.c +++ b/src/lib/protocols/smpp.c @@ -20,10 +20,14 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_SMPP +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SMPP + +#include "ndpi_api.h" + static void ndpi_int_smpp_add_connection(struct ndpi_detection_module_struct* ndpi_struct, struct ndpi_flow_struct* flow) @@ -39,28 +43,24 @@ static u_int8_t ndpi_check_overflow(u_int32_t current_length, u_int32_t total_l void ndpi_search_smpp_tcp(struct ndpi_detection_module_struct* ndpi_struct, struct ndpi_flow_struct* flow) { - NDPI_LOG(NDPI_PROTOCOL_SMPP, ndpi_struct, NDPI_LOG_DEBUG, "SMPP protocol detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search SMPP\n"); if (flow->packet.detected_protocol_stack[0] != NDPI_PROTOCOL_SMPP){ struct ndpi_packet_struct* packet = &flow->packet; // min SMPP packet length = 16 bytes if (packet->payload_packet_len < 16) { - NDPI_LOG(NDPI_PROTOCOL_SMPP, ndpi_struct, NDPI_LOG_DEBUG, "SMPP excluded\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SMPP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } // get PDU length u_int32_t pdu_l = ntohl(get_u_int32_t(packet->payload, 0)); - NDPI_LOG(NDPI_PROTOCOL_SMPP, - ndpi_struct, - NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "calculated PDU Length: %d, received PDU Length: %d\n", pdu_l, packet->payload_packet_len); // if PDU size was invalid, try the following TCP segments, 3 attempts max if(flow->packet_counter > 3) { - NDPI_LOG(NDPI_PROTOCOL_SMPP, ndpi_struct, NDPI_LOG_DEBUG, "SMPP excluded\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SMPP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } // verify PDU length @@ -81,9 +81,7 @@ void ndpi_search_smpp_tcp(struct ndpi_detection_module_struct* ndpi_struct, ++pdu_c; } - NDPI_LOG(NDPI_PROTOCOL_SMPP, - ndpi_struct, - NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "multiple PDUs included, calculated total PDU Length: %d, PDU count: %d, TCP payload length: %d\n", total_pdu_l, pdu_c, packet->payload_packet_len); @@ -98,8 +96,7 @@ void ndpi_search_smpp_tcp(struct ndpi_detection_module_struct* ndpi_struct, u_int32_t pdu_type = ntohl(get_u_int32_t(packet->payload, 4)); // first byte of PDU type is either 0x00 of 0x80 if(!(packet->payload[4] == 0x00 || packet->payload[4] == 0x80)) { - NDPI_LOG(NDPI_PROTOCOL_SMPP, ndpi_struct, NDPI_LOG_DEBUG, "SMPP excluded\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SMPP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } // remove 0x80, get request type pdu @@ -110,9 +107,7 @@ void ndpi_search_smpp_tcp(struct ndpi_detection_module_struct* ndpi_struct, pdu_req == 0x00000021 || pdu_req == 0x00000102 || pdu_req == 0x00000103)){ - NDPI_LOG(NDPI_PROTOCOL_SMPP, - ndpi_struct, - NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "PDU type: %x, Request PDU type = %x\n", pdu_type, pdu_req); @@ -300,15 +295,13 @@ void ndpi_search_smpp_tcp(struct ndpi_detection_module_struct* ndpi_struct, // if extra checks passed, set as identified if(extra_passed) { - NDPI_LOG(NDPI_PROTOCOL_SMPP, ndpi_struct, NDPI_LOG_DEBUG, "SMPP identified...\n"); + NDPI_LOG_INFO(ndpi_struct, "found SMPP\n"); ndpi_int_smpp_add_connection(ndpi_struct, flow); return; } } - // exclude - NDPI_LOG(NDPI_PROTOCOL_SMPP, ndpi_struct, NDPI_LOG_DEBUG, "SMPP excluded\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SMPP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } diff --git a/src/lib/protocols/snmp.c b/src/lib/protocols/snmp.c index 71de7589b..6a2f2624f 100644 --- a/src/lib/protocols/snmp.c +++ b/src/lib/protocols/snmp.c @@ -22,10 +22,14 @@ * */ +#include "ndpi_protocol_ids.h" -#include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_SNMP +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SNMP + +#include "ndpi_api.h" + static void ndpi_int_snmp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -35,10 +39,9 @@ static void ndpi_int_snmp_add_connection(struct ndpi_detection_module_struct void ndpi_search_snmp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; + NDPI_LOG_DBG(ndpi_struct, "search SNMP\n"); + if (packet->payload_packet_len > 32 && packet->payload[0] == 0x30) { int offset; u_int16_t u16; @@ -52,7 +55,7 @@ void ndpi_search_snmp(struct ndpi_detection_module_struct *ndpi_struct, struct n break; default: if (packet->payload[1] > 0x82) { - NDPI_LOG(NDPI_PROTOCOL_SNMP, ndpi_struct, NDPI_LOG_DEBUG, "SNMP excluded, second byte is > 0x82\n"); + NDPI_LOG_DBG2(ndpi_struct, "SNMP excluded, second byte is > 0x82\n"); goto excl; } offset = 2; @@ -61,22 +64,22 @@ void ndpi_search_snmp(struct ndpi_detection_module_struct *ndpi_struct, struct n u16 = ntohs(get_u_int16_t(packet->payload, offset)); if((u16 != 0x0201) && (u16 != 0x0204)) { - NDPI_LOG(NDPI_PROTOCOL_SNMP, ndpi_struct, NDPI_LOG_DEBUG, "SNMP excluded, 0x0201/0x0204 pattern not found\n"); + NDPI_LOG_DBG2(ndpi_struct, "SNMP excluded, 0x0201/0x0204 pattern not found\n"); goto excl; } if (packet->payload[offset + 2] >= 0x04) { - NDPI_LOG(NDPI_PROTOCOL_SNMP, ndpi_struct, NDPI_LOG_DEBUG, "SNMP excluded, version > 3\n"); + NDPI_LOG_DBG2(ndpi_struct, "SNMP excluded, version > 3\n"); goto excl; } if (flow->l4.udp.snmp_stage == 0) { if (packet->udp->dest == htons(161) || packet->udp->dest == htons(162)) { - NDPI_LOG(NDPI_PROTOCOL_SNMP, ndpi_struct, NDPI_LOG_DEBUG, "SNMP detected due to port.\n"); + NDPI_LOG_INFO(ndpi_struct, "found SNMP by port\n"); ndpi_int_snmp_add_connection(ndpi_struct, flow); return; } - NDPI_LOG(NDPI_PROTOCOL_SNMP, ndpi_struct, NDPI_LOG_DEBUG, "SNMP stage 0.\n"); + NDPI_LOG_DBG2(ndpi_struct, "SNMP stage 0\n"); if (packet->payload[offset + 2] == 3) { flow->l4.udp.snmp_msg_id = ntohs(get_u_int32_t(packet->payload, offset + 8)); } else if (packet->payload[offset + 2] == 0) { @@ -89,41 +92,39 @@ void ndpi_search_snmp(struct ndpi_detection_module_struct *ndpi_struct, struct n } else if (flow->l4.udp.snmp_stage == 1 + packet->packet_direction) { if (packet->payload[offset + 2] == 0) { if (flow->l4.udp.snmp_msg_id != get_u_int8_t(packet->payload, offset + 15) - 1) { - NDPI_LOG(NDPI_PROTOCOL_SNMP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "SNMP v1 excluded, message ID doesn't match\n"); goto excl; } } } else if (flow->l4.udp.snmp_stage == 2 - packet->packet_direction) { - NDPI_LOG(NDPI_PROTOCOL_SNMP, ndpi_struct, NDPI_LOG_DEBUG, "SNMP stage 1-2.\n"); + NDPI_LOG_DBG2(ndpi_struct, "SNMP stage 1-2\n"); if (packet->payload[offset + 2] == 3) { if (flow->l4.udp.snmp_msg_id != ntohs(get_u_int32_t(packet->payload, offset + 8))) { - NDPI_LOG(NDPI_PROTOCOL_SNMP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "SNMP v3 excluded, message ID doesn't match\n"); goto excl; } } else if (packet->payload[offset + 2] == 0) { if (flow->l4.udp.snmp_msg_id != get_u_int8_t(packet->payload, offset + 15)) { - NDPI_LOG(NDPI_PROTOCOL_SNMP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "SNMP v1 excluded, message ID doesn't match\n"); goto excl; } } else { if (flow->l4.udp.snmp_msg_id != ntohs(get_u_int16_t(packet->payload, offset + 15))) { - NDPI_LOG(NDPI_PROTOCOL_SNMP, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "SNMP v2 excluded, message ID doesn't match\n"); goto excl; } } - NDPI_LOG(NDPI_PROTOCOL_SNMP, ndpi_struct, NDPI_LOG_DEBUG, "SNMP detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found SNMP\n"); ndpi_int_snmp_add_connection(ndpi_struct, flow); return; } - } else { - NDPI_LOG(NDPI_PROTOCOL_SNMP, ndpi_struct, NDPI_LOG_DEBUG, "SNMP excluded.\n"); } excl: - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SNMP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/socks45.c b/src/lib/protocols/socks45.c index 67cfab8b4..32c83934a 100644 --- a/src/lib/protocols/socks45.c +++ b/src/lib/protocols/socks45.c @@ -23,11 +23,14 @@ * along with nDPI. If not, see . * */ +#include "ndpi_protocol_ids.h" +#ifdef NDPI_PROTOCOL_SOCKS + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SOCKS #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_SOCKS static void ndpi_int_socks_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SOCKS, NDPI_PROTOCOL_UNKNOWN); @@ -40,25 +43,24 @@ static void ndpi_check_socks4(struct ndpi_detection_module_struct *ndpi_struct, /* Break after 20 packets. */ if(flow->packet_counter > 20) { - NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "Exclude SOCKS4.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOCKS); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } /* Check if we so far detected the protocol in the request or not. */ if(flow->socks4_stage == 0) { - NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "SOCKS4 stage 0: \n"); + NDPI_LOG_DBG2(ndpi_struct, "SOCKS4 stage 0: \n"); if(payload_len >= 9 && packet->payload[0] == 0x04 && (packet->payload[1] == 0x01 || packet->payload[1] == 0x02) && packet->payload[payload_len - 1] == 0x00) { - NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "Possible SOCKS4 request detected, we will look further for the response...\n"); + NDPI_LOG_DBG2(ndpi_struct, "Possible SOCKS4 request detected, we will look further for the response\n"); /* TODO: check port and ip address is valid */ /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ flow->socks4_stage = packet->packet_direction + 1; } } else { - NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "SOCKS4 stage %u: \n", flow->socks4_stage); + NDPI_LOG_DBG2(ndpi_struct, "SOCKS4 stage %u: \n", flow->socks4_stage); /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */ if((flow->socks4_stage - packet->packet_direction) == 1) { @@ -66,10 +68,10 @@ static void ndpi_check_socks4(struct ndpi_detection_module_struct *ndpi_struct, } /* This is a packet in another direction. Check if we find the proper response. */ if(payload_len == 8 && packet->payload[0] == 0x00 && packet->payload[1] >= 0x5a && packet->payload[1] <= 0x5d) { - NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "Found SOCKS4.\n"); + NDPI_LOG_INFO(ndpi_struct, "found SOCKS4\n"); ndpi_int_socks_add_connection(ndpi_struct, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to SOCKS4, resetting the stage to 0...\n"); + NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to SOCKS4, resetting the stage to 0\n"); flow->socks4_stage = 0; } } @@ -82,24 +84,23 @@ static void ndpi_check_socks5(struct ndpi_detection_module_struct *ndpi_struct, /* Break after 20 packets. */ if(flow->packet_counter > 20) { - NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "Exclude SOCKS5.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOCKS); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } /* Check if we so far detected the protocol in the request or not. */ if(flow->socks5_stage == 0) { - NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "SOCKS5 stage 0: \n"); + NDPI_LOG_DBG2(ndpi_struct, "SOCKS5 stage 0: \n"); if((payload_len == 3) && (packet->payload[0] == 0x05) && (packet->payload[1] == 0x01) && (packet->payload[2] == 0x00)) { - NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "Possible SOCKS5 request detected, we will look further for the response...\n"); + NDPI_LOG_DBG2(ndpi_struct, "Possible SOCKS5 request detected, we will look further for the response\n"); /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ flow->socks5_stage = packet->packet_direction + 1; } } else { - NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "SOCKS5 stage %u: \n", flow->socks5_stage); + NDPI_LOG_DBG2(ndpi_struct, "SOCKS5 stage %u: \n", flow->socks5_stage); /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */ if((flow->socks5_stage - packet->packet_direction) == 1) { @@ -108,10 +109,10 @@ static void ndpi_check_socks5(struct ndpi_detection_module_struct *ndpi_struct, /* This is a packet in another direction. Check if we find the proper response. */ if((payload_len == 0) || ((payload_len == 2) && (packet->payload[0] == 0x05) && (packet->payload[1] == 0x00))) { - NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "Found SOCKS5.\n"); + NDPI_LOG_INFO(ndpi_struct, "found SOCKS5\n"); ndpi_int_socks_add_connection(ndpi_struct, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to SOCKS5, resetting the stage to 0...\n"); + NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to SOCKS5, resetting the stage to 0\n"); flow->socks5_stage = 0; } @@ -122,7 +123,7 @@ void ndpi_search_socks(struct ndpi_detection_module_struct *ndpi_struct, struct { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_SOCKS, ndpi_struct, NDPI_LOG_DEBUG, "SOCKS detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search SOCKS\n"); /* skip marked packets */ if(packet->detected_protocol_stack[0] != NDPI_PROTOCOL_SOCKS) { diff --git a/src/lib/protocols/socrates.c b/src/lib/protocols/socrates.c index 58a9b01ba..2dfad068d 100644 --- a/src/lib/protocols/socrates.c +++ b/src/lib/protocols/socrates.c @@ -23,9 +23,13 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" + #ifdef NDPI_PROTOCOL_SOCRATES +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SOCRATES + +#include "ndpi_api.h" static void ndpi_socrates_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -38,20 +42,16 @@ void ndpi_search_socrates(struct ndpi_detection_module_struct { struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; - - + NDPI_LOG_DBG(ndpi_struct, "search socrates\n"); - NDPI_LOG(NDPI_PROTOCOL_SOCRATES, ndpi_struct, NDPI_LOG_DEBUG, "search socrates.\n"); if (packet->udp != NULL) { if (packet->payload_packet_len > 9 && packet->payload[0] == 0xfe && packet->payload[packet->payload_packet_len - 1] == 0x05) { - NDPI_LOG(NDPI_PROTOCOL_SOCRATES, ndpi_struct, NDPI_LOG_DEBUG, "found fe.\n"); + NDPI_LOG_DBG2(ndpi_struct, "found fe\n"); - NDPI_LOG(NDPI_PROTOCOL_SOCRATES, ndpi_struct, NDPI_LOG_DEBUG, "len match.\n"); + NDPI_LOG_DBG2(ndpi_struct, "len match\n"); if (memcmp(&packet->payload[2], "socrates", 8) == 0) { - NDPI_LOG(NDPI_PROTOCOL_SOCRATES, ndpi_struct, NDPI_LOG_DEBUG, "found socrates udp.\n"); + NDPI_LOG_INFO(ndpi_struct, "found socrates udp\n"); ndpi_socrates_add_connection(ndpi_struct, flow); } @@ -59,19 +59,18 @@ void ndpi_search_socrates(struct ndpi_detection_module_struct } else if (packet->tcp != NULL) { if (packet->payload_packet_len > 13 && packet->payload[0] == 0xfe && packet->payload[packet->payload_packet_len - 1] == 0x05) { - NDPI_LOG(NDPI_PROTOCOL_SOCRATES, ndpi_struct, NDPI_LOG_DEBUG, "found fe.\n"); + NDPI_LOG_DBG2(ndpi_struct, "found fe\n"); if (packet->payload_packet_len == ntohl(get_u_int32_t(packet->payload, 2))) { - NDPI_LOG(NDPI_PROTOCOL_SOCRATES, ndpi_struct, NDPI_LOG_DEBUG, "len match.\n"); + NDPI_LOG_DBG2(ndpi_struct, "len match\n"); if (memcmp(&packet->payload[6], "socrates", 8) == 0) { - NDPI_LOG(NDPI_PROTOCOL_SOCRATES, ndpi_struct, NDPI_LOG_DEBUG, "found socrates tcp.\n"); + NDPI_LOG_INFO(ndpi_struct, "found socrates tcp\n"); ndpi_socrates_add_connection(ndpi_struct, flow); } } } } - NDPI_LOG(NDPI_PROTOCOL_SOCRATES, ndpi_struct, NDPI_LOG_DEBUG, "exclude socrates.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOCRATES); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/someip.c b/src/lib/protocols/someip.c index 93dfa50ae..604022714 100644 --- a/src/lib/protocols/someip.c +++ b/src/lib/protocols/someip.c @@ -21,9 +21,14 @@ * */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" + #ifdef NDPI_PROTOCOL_SOMEIP +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SOMEIP + +#include "ndpi_api.h" + enum SOMEIP_MESSAGE_TYPES { SOMEIP_REQUEST = 0x00, SOMEIP_REQUEST_NO_RETURN = 0x01, @@ -81,7 +86,7 @@ static void ndpi_int_someip_add_connection (struct ndpi_detection_module_struct struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct,flow,NDPI_PROTOCOL_SOMEIP,NDPI_PROTOCOL_UNKNOWN); - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found.\n"); + NDPI_LOG_INFO(ndpi_struct, "found SOME/IP\n"); } /** @@ -101,7 +106,8 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, //####Maybe check carrier protocols?#### - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP search called...\n"); + NDPI_LOG_DBG(ndpi_struct, "search SOME/IP\n"); + if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_UNKNOWN) { return; } @@ -110,23 +116,28 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, u_int32_t message_id = ntohl(*((u_int32_t *)&packet->payload[0])); u_int32_t request_id = ntohl(*((u_int32_t *)&packet->payload[8])); - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "====>>>> SOME/IP Message ID: %08x [len: %u]\n", + NDPI_LOG_DBG2(ndpi_struct, "====>>>> SOME/IP Message ID: %08x [len: %u]\n", message_id, packet->payload_packet_len); - + if (packet->payload_packet_len < 16) { + NDPI_LOG_DBG(ndpi_struct, "Excluding SOME/IP .. mandatory header not found\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); + return; + } + //####Maximum packet size in SOMEIP depends on the carrier protocol, and I'm not certain how well enforced it is, so let's leave that for round 2#### // we extract the remaining length u_int32_t someip_len = ntohl(*((u_int32_t *)&packet->payload[4])); if (packet->payload_packet_len != (someip_len + 8)) { - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. Length field invalid!\n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding SOME/IP .. Length field invalid!\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); return; } u_int8_t protocol_version = (u_int8_t) (packet->payload[12]); - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP protocol version: [%d]\n",protocol_version); + NDPI_LOG_DBG2(ndpi_struct,"====>>>> SOME/IP protocol version: [%d]\n",protocol_version); if (protocol_version != LEGAL_PROTOCOL_VERSION){ - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. invalid protocol version!\n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding SOME/IP .. invalid protocol version!\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); return; } @@ -134,20 +145,20 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, u_int8_t interface_version = (packet->payload[13]); u_int8_t message_type = (u_int8_t) (packet->payload[14]); - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP message type: [%d]\n",message_type); + NDPI_LOG_DBG2(ndpi_struct,"====>>>> SOME/IP message type: [%d]\n",message_type); if ((message_type != SOMEIP_REQUEST) && (message_type != SOMEIP_REQUEST_NO_RETURN) && (message_type != SOMEIP_NOTIFICATION) && (message_type != SOMEIP_REQUEST_ACK) && (message_type != SOMEIP_REQUEST_NO_RETURN_ACK) && (message_type != SOMEIP_NOTIFICATION_ACK) && (message_type != SOMEIP_RESPONSE) && (message_type != SOMEIP_ERROR) && (message_type != SOMEIP_RESPONSE_ACK) && (message_type != SOMEIP_ERROR_ACK)) { - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. invalid message type!\n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding SOME/IP .. invalid message type!\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); return; } u_int8_t return_code = (u_int8_t) (packet->payload[15]); - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG,"====>>>> SOME/IP return code: [%d]\n", return_code); + NDPI_LOG_DBG2(ndpi_struct,"====>>>> SOME/IP return code: [%d]\n", return_code); if ((return_code >= E_RETURN_CODE_LEGAL_THRESHOLD)) { - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP .. invalid return code!\n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding SOME/IP .. invalid return code!\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); return; } @@ -155,12 +166,12 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, if (message_id == MSG_MAGIC_COOKIE){ if ((someip_len == MC_LENGTH) && (request_id == MC_REQUEST_ID) && (interface_version == MC_INTERFACE_VERSION) && (message_type == SOMEIP_REQUEST_NO_RETURN) && (return_code == E_OK)){ - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found Magic Cookie\n",message_type); + NDPI_LOG_DBG2(ndpi_struct, "found SOME/IP Magic Cookie 0x%x\n",message_type); ndpi_int_someip_add_connection(ndpi_struct, flow); return; } else{ - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP, invalid header for Magic Cookie\n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding SOME/IP, invalid header for Magic Cookie\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); return; } @@ -169,19 +180,19 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, if (message_id == MSG_MAGIC_COOKIE_ACK){ if ((someip_len == MC_LENGTH) && (request_id == MC_REQUEST_ID) && (interface_version == MC_INTERFACE_VERSION) && (message_type == SOMEIP_REQUEST_NO_RETURN) && (return_code == E_OK)){ - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found Magic Cookie ACK\n",message_type); + NDPI_LOG_DBG2(ndpi_struct, "found SOME/IP Magic Cookie ACK 0x%x\n",message_type); ndpi_int_someip_add_connection(ndpi_struct, flow); return; } else{ - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Excluding SOME/IP, invalid header for Magic Cookie ACK\n"); + NDPI_LOG_DBG(ndpi_struct, "Excluding SOME/IP, invalid header for Magic Cookie ACK\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); return; } } if (message_id == MSG_SD){ - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP-SD currently not supported\n", message_type); + NDPI_LOG_DBG2(ndpi_struct, "SOME/IP-SD currently not supported\n", message_type); } //Filtering by port. @@ -189,22 +200,18 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, //This is is PURELY for demo purposes and the rest of the check must be filled in later on! if (packet->l4_protocol == IPPROTO_UDP){ if ((packet->udp->dest == ntohs(PORT_DEFAULT_CLIENT)) || (packet->udp->dest == ntohs(PORT_DEFAULT_SERVER)) || (packet->udp->dest == ntohs(PORT_DEFAULT_SD))) { - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found\n",message_type); ndpi_int_someip_add_connection(ndpi_struct, flow); return; } } if (packet->l4_protocol == IPPROTO_TCP){ if ((packet->tcp->dest == ntohs(PORT_DEFAULT_CLIENT)) || (packet->tcp->dest == ntohs(PORT_DEFAULT_SERVER))) { - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP found\n",message_type); ndpi_int_someip_add_connection(ndpi_struct, flow); return; } } - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "Reached the end without confirming SOME/IP ...\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOMEIP); - return; + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } /** * Entry point for the ndpi library @@ -212,7 +219,6 @@ void ndpi_search_someip (struct ndpi_detection_module_struct *ndpi_struct, void init_someip_dissector (struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { - NDPI_LOG(NDPI_PROTOCOL_SOMEIP, ndpi_struct, NDPI_LOG_DEBUG, "SOME/IP dissector init...\n"); ndpi_set_bitmask_protocol_detection ("SOME/IP", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_SOMEIP, ndpi_search_someip, diff --git a/src/lib/protocols/sopcast.c b/src/lib/protocols/sopcast.c index 63590fec7..db507ecc7 100644 --- a/src/lib/protocols/sopcast.c +++ b/src/lib/protocols/sopcast.c @@ -22,11 +22,14 @@ * */ - -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_SOPCAST +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SOPCAST + +#include "ndpi_api.h" + static void ndpi_int_sopcast_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -102,15 +105,13 @@ static void ndpi_search_sopcast_tcp(struct ndpi_detection_module_struct if (flow->packet_counter == 1 && packet->payload_packet_len == 54 && get_u_int16_t(packet->payload, 0) == ntohs(0x0036)) { if (ndpi_int_is_sopcast_tcp(packet->payload, packet->payload_packet_len)) { - NDPI_LOG(NDPI_PROTOCOL_SOPCAST, ndpi_struct, NDPI_LOG_DEBUG, "found sopcast TCP \n"); + NDPI_LOG_INFO(ndpi_struct, "found sopcast TCP \n"); ndpi_int_sopcast_add_connection(ndpi_struct, flow); return; } } - NDPI_LOG(NDPI_PROTOCOL_SOPCAST, ndpi_struct, NDPI_LOG_DEBUG, "exclude sopcast TCP. \n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOPCAST); - + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } @@ -119,19 +120,14 @@ static void ndpi_search_sopcast_udp(struct ndpi_detection_module_struct { struct ndpi_packet_struct *packet = &flow->packet; - - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; - - NDPI_LOG(NDPI_PROTOCOL_SOPCAST, ndpi_struct, NDPI_LOG_DEBUG, "search sopcast. \n"); - + NDPI_LOG_DBG(ndpi_struct, "search sopcast. \n"); if (packet->payload_packet_len == 52 && packet->payload[0] == 0xff && packet->payload[1] == 0xff && packet->payload[2] == 0x01 && packet->payload[8] == 0x02 && packet->payload[9] == 0xff && packet->payload[10] == 0x00 && packet->payload[11] == 0x2c && packet->payload[12] == 0x00 && packet->payload[13] == 0x00 && packet->payload[14] == 0x00) { - NDPI_LOG(NDPI_PROTOCOL_SOPCAST, ndpi_struct, NDPI_LOG_DEBUG, "found sopcast with if I. \n"); + NDPI_LOG_INFO(ndpi_struct, "found sopcast with if I. \n"); ndpi_int_sopcast_add_connection(ndpi_struct, flow); return; } @@ -140,7 +136,7 @@ static void ndpi_search_sopcast_udp(struct ndpi_detection_module_struct && packet->payload[8] == 0x01 && packet->payload[9] == 0xff && packet->payload[10] == 0x00 && packet->payload[11] == 0x14 && packet->payload[12] == 0x00 && packet->payload[13] == 0x00) { - NDPI_LOG(NDPI_PROTOCOL_SOPCAST, ndpi_struct, NDPI_LOG_DEBUG, "found sopcast with if II. \n"); + NDPI_LOG_INFO(ndpi_struct, "found sopcast with if II. \n"); ndpi_int_sopcast_add_connection(ndpi_struct, flow); return; } @@ -150,7 +146,7 @@ static void ndpi_search_sopcast_udp(struct ndpi_detection_module_struct && packet->payload[8] == 0x03 && packet->payload[9] == 0xff && packet->payload[10] == 0x00 && packet->payload[11] == 0x34 && packet->payload[12] == 0x00 && packet->payload[13] == 0x00 && packet->payload[14] == 0x00) { - NDPI_LOG(NDPI_PROTOCOL_SOPCAST, ndpi_struct, NDPI_LOG_DEBUG, "found sopcast with if III. \n"); + NDPI_LOG_INFO(ndpi_struct, "found sopcast with if III. \n"); ndpi_int_sopcast_add_connection(ndpi_struct, flow); return; } @@ -160,7 +156,7 @@ static void ndpi_search_sopcast_udp(struct ndpi_detection_module_struct && packet->payload[8] == 0x06 && packet->payload[9] == 0x01 && packet->payload[10] == 0x00 && packet->payload[11] == 0x22 && packet->payload[12] == 0x00 && packet->payload[13] == 0x00) { - NDPI_LOG(NDPI_PROTOCOL_SOPCAST, ndpi_struct, NDPI_LOG_DEBUG, "found sopcast with if IV. \n"); + NDPI_LOG_INFO(ndpi_struct, "found sopcast with if IV. \n"); ndpi_int_sopcast_add_connection(ndpi_struct, flow); return; } @@ -170,7 +166,7 @@ static void ndpi_search_sopcast_udp(struct ndpi_detection_module_struct && packet->payload[8] == 0x01 && packet->payload[9] == 0x01 && packet->payload[10] == 0x00 && packet->payload[11] == 0x14 && packet->payload[12] == 0x00 && packet->payload[13] == 0x00) { - NDPI_LOG(NDPI_PROTOCOL_SOPCAST, ndpi_struct, NDPI_LOG_DEBUG, "found sopcast with if V. \n"); + NDPI_LOG_INFO(ndpi_struct, "found sopcast with if V. \n"); ndpi_int_sopcast_add_connection(ndpi_struct, flow); return; } @@ -181,7 +177,7 @@ static void ndpi_search_sopcast_udp(struct ndpi_detection_module_struct && packet->payload[8] == 0x06 && packet->payload[9] == 0x01 && packet->payload[10] == 0x01 && packet->payload[11] == 0x16 && packet->payload[12] == 0x00 && packet->payload[13] == 0x00) { - NDPI_LOG(NDPI_PROTOCOL_SOPCAST, ndpi_struct, NDPI_LOG_DEBUG, "found sopcast with if VI. \n"); + NDPI_LOG_INFO(ndpi_struct, "found sopcast with if VI. \n"); ndpi_int_sopcast_add_connection(ndpi_struct, flow); return; } @@ -191,14 +187,14 @@ static void ndpi_search_sopcast_udp(struct ndpi_detection_module_struct && packet->payload[10] == 0x00 && packet->payload[11] == 0x44 && packet->payload[16] == 0x01 && packet->payload[15] == 0x01 && packet->payload[12] == 0x00 && packet->payload[13] == 0x00 && packet->payload[14] == 0x00) { - NDPI_LOG(NDPI_PROTOCOL_SOPCAST, ndpi_struct, NDPI_LOG_DEBUG, "found sopcast with if VII. \n"); + NDPI_LOG_INFO(ndpi_struct, "found sopcast with if VII. \n"); ndpi_int_sopcast_add_connection(ndpi_struct, flow); return; } /* Attention please: no asymmetric detection necessary. This detection works asymmetrically as well. */ - NDPI_LOG(NDPI_PROTOCOL_SOPCAST, ndpi_struct, NDPI_LOG_DEBUG, "exclude sopcast. \n"); + NDPI_LOG_DBG(ndpi_struct, "exclude sopcast. \n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOPCAST); } diff --git a/src/lib/protocols/soulseek.c b/src/lib/protocols/soulseek.c index c7acc3bdc..8f4bbb32c 100644 --- a/src/lib/protocols/soulseek.c +++ b/src/lib/protocols/soulseek.c @@ -20,10 +20,21 @@ * along with nDPI. If not, see . * */ -#include "ndpi_protocols.h" + +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_SOULSEEK +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SOULSEEK + +#include "ndpi_api.h" + +#define SOULSEEK_DETECT \ + if(src != NULL) \ + src->soulseek_last_safe_access_time = packet->tick_timestamp; \ + if(dst != NULL) \ + dst->soulseek_last_safe_access_time = packet->tick_timestamp; \ + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SOULSEEK, NDPI_PROTOCOL_UNKNOWN) void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -36,14 +47,14 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, if(packet->tcp) { if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_SOULSEEK) { - NDPI_LOG(NDPI_PROTOCOL_SOULSEEK, ndpi_struct, NDPI_LOG_DEBUG, "packet marked as Soulseek\n"); + NDPI_LOG_DBG2(ndpi_struct, "packet marked as Soulseek\n"); if(src != NULL) - NDPI_LOG(NDPI_PROTOCOL_SOULSEEK, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, " SRC bitmask: %u, packet tick %llu , last safe access timestamp: %llu\n", NDPI_COMPARE_PROTOCOL_TO_BITMASK(src->detected_protocol_bitmask, NDPI_PROTOCOL_SOULSEEK) != 0 ? 1 : 0, (u_int64_t) packet->tick_timestamp, (u_int64_t) src->soulseek_last_safe_access_time); if(dst != NULL) - NDPI_LOG(NDPI_PROTOCOL_SOULSEEK, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, " DST bitmask: %u, packet tick %llu , last safe ts: %llu\n", NDPI_COMPARE_PROTOCOL_TO_BITMASK(dst->detected_protocol_bitmask, NDPI_PROTOCOL_SOULSEEK) != 0 ? 1 : 0, (u_int64_t) packet->tick_timestamp, (u_int64_t) dst->soulseek_last_safe_access_time); @@ -65,13 +76,13 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, } if(src != NULL && ((u_int32_t)(packet->tick_timestamp - src->soulseek_last_safe_access_time) < ndpi_struct->soulseek_connection_ip_tick_timeout)) { - NDPI_LOG(NDPI_PROTOCOL_SOULSEEK, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "Soulseek: SRC update last safe access time and SKIP_FOR_TIME \n"); src->soulseek_last_safe_access_time = packet->tick_timestamp; } if(dst != NULL && ((u_int32_t)(packet->tick_timestamp - dst->soulseek_last_safe_access_time) < ndpi_struct->soulseek_connection_ip_tick_timeout)) { - NDPI_LOG(NDPI_PROTOCOL_SOULSEEK, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "Soulseek: DST update last safe access time and SKIP_FOR_TIME \n"); dst->soulseek_last_safe_access_time = packet->tick_timestamp; } @@ -81,7 +92,7 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, if(dst != NULL && dst->soulseek_listen_port != 0 && dst->soulseek_listen_port == ntohs(packet->tcp->dest) && ((u_int32_t)(packet->tick_timestamp - dst->soulseek_last_safe_access_time) < ndpi_struct->soulseek_connection_ip_tick_timeout)) { - NDPI_LOG(NDPI_PROTOCOL_SOULSEEK, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "Soulseek: Plain detection on Port : %u packet_tick_timestamp: %u soulseek_last_safe_access_time: %u soulseek_connection_ip_ticktimeout: %u\n", dst->soulseek_listen_port, packet->tick_timestamp, dst->soulseek_last_safe_access_time, ndpi_struct->soulseek_connection_ip_tick_timeout); @@ -89,6 +100,7 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, if(src != NULL) src->soulseek_last_safe_access_time = packet->tick_timestamp; + NDPI_LOG_INFO(ndpi_struct, "found Soulseek\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SOULSEEK, NDPI_PROTOCOL_UNKNOWN); return; } @@ -121,14 +133,8 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, index += get_l32(packet->payload, index + 4) + 8; // enf of "hash value" if(index == get_l32(packet->payload, 0)) { - NDPI_LOG(NDPI_PROTOCOL_SOULSEEK, ndpi_struct, NDPI_LOG_DEBUG, "Soulseek Login Detected\n"); - - if(src != NULL) - src->soulseek_last_safe_access_time = packet->tick_timestamp; - if(dst != NULL) - dst->soulseek_last_safe_access_time = packet->tick_timestamp; - - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SOULSEEK, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found soulseek Login Detected\n"); + SOULSEEK_DETECT; return; } } @@ -142,7 +148,7 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, if(msgcode == 0x7d) { flow->l4.tcp.soulseek_stage = 1 + packet->packet_direction; - NDPI_LOG(NDPI_PROTOCOL_SOULSEEK, ndpi_struct, NDPI_LOG_DEBUG, "Soulseek Messages Search\n"); + NDPI_LOG_DBG2(ndpi_struct, "Soulseek Messages Search\n"); return; } else if(msgcode == 0x02 && packet->payload_packet_len == 12) { const u_int32_t soulseek_listen_port = get_l32(packet->payload, 8); @@ -152,7 +158,7 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, if(packet->tcp != NULL && src->soulseek_listen_port == 0) { src->soulseek_listen_port = soulseek_listen_port; - NDPI_LOG(NDPI_PROTOCOL_SOULSEEK, ndpi_struct, NDPI_LOG_DEBUG, "\n Listen Port Saved : %u", src->soulseek_listen_port); + NDPI_LOG_DBG2(ndpi_struct, "\n Listen Port Saved : %u", src->soulseek_listen_port); if(dst != NULL) dst->soulseek_last_safe_access_time = packet->tick_timestamp; @@ -171,25 +177,17 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, && namelen <= packet->payload_packet_len && (4 + 1 + 4 + namelen + 4 + 1 + 4) == packet->payload_packet_len && (type == 'F' || type == 'P' || type == 'D')) { - NDPI_LOG(NDPI_PROTOCOL_SOULSEEK, ndpi_struct, NDPI_LOG_DEBUG, "soulseek detected\n"); - - if(src != NULL) - src->soulseek_last_safe_access_time = packet->tick_timestamp; - - if(dst != NULL) - dst->soulseek_last_safe_access_time = packet->tick_timestamp; - - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SOULSEEK, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found soulseek\n"); + SOULSEEK_DETECT; return; } - NDPI_LOG(NDPI_PROTOCOL_SOULSEEK, ndpi_struct, NDPI_LOG_DEBUG, "1\n"); } - NDPI_LOG(NDPI_PROTOCOL_SOULSEEK, ndpi_struct, NDPI_LOG_DEBUG, "3\n"); + NDPI_LOG_DBG2(ndpi_struct, "3\n"); //Peer Message : Pierce Firewall if(packet->payload_packet_len == 9 && get_l32(packet->payload, 0) == 5 && packet->payload[4] <= 0x10 && get_u_int32_t(packet->payload, 5) != 0x00000000) { flow->l4.tcp.soulseek_stage = 1 + packet->packet_direction; - NDPI_LOG(NDPI_PROTOCOL_SOULSEEK, ndpi_struct, NDPI_LOG_TRACE, "Soulseek Size 9 Pierce Firewall\n"); + NDPI_LOG_DBG2(ndpi_struct, "Soulseek Size 9 Pierce Firewall\n"); return; } } @@ -202,14 +200,8 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, const u_int32_t typelen = get_l32(packet->payload, 4 + 1 + 4 + usrlen); const u_int8_t type = packet->payload[4 + 1 + 4 + usrlen + 4]; if(typelen == 1 && (type == 'F' || type == 'P' || type == 'D')) { - NDPI_LOG(NDPI_PROTOCOL_SOULSEEK, ndpi_struct, NDPI_LOG_DEBUG, "soulseek detected Pattern command(D|P|F).\n"); - - if(src != NULL) - src->soulseek_last_safe_access_time = packet->tick_timestamp; - if(dst != NULL) - dst->soulseek_last_safe_access_time = packet->tick_timestamp; - - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SOULSEEK, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found soulseek Pattern command(D|P|F)\n"); + SOULSEEK_DETECT; return; } } @@ -219,14 +211,8 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, if(packet->payload_packet_len > 8) { if((packet->payload[0] || packet->payload[1]) && get_l32(packet->payload, 4) == 9) { /* 9 is search result */ - NDPI_LOG(NDPI_PROTOCOL_SOULSEEK, ndpi_struct, NDPI_LOG_DEBUG, "soulseek detected Second Pkt\n"); - - if(src != NULL) - src->soulseek_last_safe_access_time = packet->tick_timestamp; - if(dst != NULL) - dst->soulseek_last_safe_access_time = packet->tick_timestamp; - - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SOULSEEK, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found soulseek Second Pkt\n"); + SOULSEEK_DETECT; return; } if(get_l32(packet->payload, 0) == packet->payload_packet_len - 4) { @@ -235,14 +221,8 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, { const u_int32_t usrlen = get_l32(packet->payload, 8); if(usrlen <= packet->payload_packet_len && 4 + 4 + 4 + usrlen == packet->payload_packet_len) { - NDPI_LOG(NDPI_PROTOCOL_SOULSEEK, ndpi_struct, NDPI_LOG_DEBUG, "Soulseek Request Get Peer Address Detected\n"); - - if(src != NULL) - src->soulseek_last_safe_access_time = packet->tick_timestamp; - if(dst != NULL) - dst->soulseek_last_safe_access_time = packet->tick_timestamp; - - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SOULSEEK, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found soulseek Request Get Peer Address Detected\n"); + SOULSEEK_DETECT; return; } } @@ -250,27 +230,15 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, } if(packet->payload_packet_len == 8 && get_l32(packet->payload, 4) == 0x00000004) { - NDPI_LOG(NDPI_PROTOCOL_SOULSEEK, ndpi_struct, NDPI_LOG_DEBUG, "soulseek detected\n"); - - if(src != NULL) - src->soulseek_last_safe_access_time = packet->tick_timestamp; - if(dst != NULL) - dst->soulseek_last_safe_access_time = packet->tick_timestamp; - - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SOULSEEK, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found soulseek\n"); + SOULSEEK_DETECT; return; } if(packet->payload_packet_len == 4 && get_u_int16_t(packet->payload, 2) == 0x00 && get_u_int16_t(packet->payload, 0) != 0x00) { - NDPI_LOG(NDPI_PROTOCOL_SOULSEEK, ndpi_struct, NDPI_LOG_DEBUG, "soulseek detected\n"); - - if(src != NULL) - src->soulseek_last_safe_access_time = packet->tick_timestamp; - if(dst != NULL) - dst->soulseek_last_safe_access_time = packet->tick_timestamp; - - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SOULSEEK, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found soulseek\n"); + SOULSEEK_DETECT; return; } else if(packet->payload_packet_len == 4) { flow->l4.tcp.soulseek_stage = 3; @@ -279,33 +247,21 @@ void ndpi_search_soulseek_tcp(struct ndpi_detection_module_struct *ndpi_struct, } else if(flow->l4.tcp.soulseek_stage == 1 + packet->packet_direction) { if(packet->payload_packet_len > 8) { if(packet->payload[4] == 0x03 && get_l32(packet->payload, 5) == 0x00000031) { - NDPI_LOG(NDPI_PROTOCOL_SOULSEEK, ndpi_struct, NDPI_LOG_DEBUG, "soulseek detected Second Pkt with SIGNATURE :: 0x0331000000 \n"); - - if(src != NULL) - src->soulseek_last_safe_access_time = packet->tick_timestamp; - if(dst != NULL) - dst->soulseek_last_safe_access_time = packet->tick_timestamp; - - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SOULSEEK, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found soulseek Second Pkt with SIGNATURE :: 0x0331000000 \n"); + SOULSEEK_DETECT; return; } } } if(flow->l4.tcp.soulseek_stage == 3 && packet->payload_packet_len == 8 && !get_u_int32_t(packet->payload, 4)) { - NDPI_LOG(NDPI_PROTOCOL_SOULSEEK, ndpi_struct, NDPI_LOG_DEBUG, "soulseek detected bcz of 8B pkt\n"); - - if(src != NULL) - src->soulseek_last_safe_access_time = packet->tick_timestamp; - if(dst != NULL) - dst->soulseek_last_safe_access_time = packet->tick_timestamp; - - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SOULSEEK, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found soulseek bcz of 8B pkt\n"); + SOULSEEK_DETECT; return; } if(flow->l4.tcp.soulseek_stage && flow->packet_counter < 11) { } else { - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SOULSEEK); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } } diff --git a/src/lib/protocols/spotify.c b/src/lib/protocols/spotify.c index e7dac5d66..cd3ed1355 100644 --- a/src/lib/protocols/spotify.c +++ b/src/lib/protocols/spotify.c @@ -21,10 +21,15 @@ * */ +#include "ndpi_protocol_ids.h" -#include "ndpi_api.h" #ifdef NDPI_PROTOCOL_SPOTIFY + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SPOTIFY + +#include "ndpi_api.h" + static void ndpi_int_spotify_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, u_int8_t due_to_correlation) { @@ -46,7 +51,7 @@ static void ndpi_check_spotify(struct ndpi_detection_module_struct *ndpi_struct, && (packet->udp->dest == spotify_port)) { if(payload_len > 2) { if(memcmp(packet->payload, "SpotUdp", 7) == 0) { - NDPI_LOG(NDPI_PROTOCOL_SPOTIFY, ndpi_struct, NDPI_LOG_DEBUG, "Found spotify udp dissector.\n"); + NDPI_LOG_INFO(ndpi_struct, "found spotify udp dissector\n"); ndpi_int_spotify_add_connection(ndpi_struct, flow, 0); return; } @@ -58,7 +63,7 @@ static void ndpi_check_spotify(struct ndpi_detection_module_struct *ndpi_struct, packet->payload[2] == 0x00 && packet->payload[3] == 0x00&& packet->payload[6] == 0x52 && packet->payload[7] == 0x0e && packet->payload[8] == 0x50 ) { - NDPI_LOG(NDPI_PROTOCOL_SPOTIFY, ndpi_struct, NDPI_LOG_DEBUG, "Found spotify tcp dissector.\n"); + NDPI_LOG_INFO(ndpi_struct, "found spotify tcp dissector\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_UNKNOWN); } @@ -97,7 +102,7 @@ static void ndpi_check_spotify(struct ndpi_detection_module_struct *ndpi_struct, || ((ntohl(packet->iph->saddr) & 0xFFFFFC00 /* 255.255.252.0 */) == 0xC284A200 /* 194.132.162.0 */) || ((ntohl(packet->iph->daddr) & 0xFFFFFC00 /* 255.255.252.0 */) == 0xC284A200 /* 194.132.162.0 */) ) { - NDPI_LOG(NDPI_PROTOCOL_SPOTIFY, ndpi_struct, NDPI_LOG_DEBUG, "Found spotify via ip range.\n"); + NDPI_LOG_INFO(ndpi_struct, "found spotify via ip range\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_UNKNOWN); return; } @@ -105,15 +110,14 @@ static void ndpi_check_spotify(struct ndpi_detection_module_struct *ndpi_struct, } } - NDPI_LOG(NDPI_PROTOCOL_SPOTIFY, ndpi_struct, NDPI_LOG_DEBUG, "exclude spotify.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SPOTIFY); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } void ndpi_search_spotify(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_SPOTIFY, ndpi_struct, NDPI_LOG_DEBUG, "spotify detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search spotify\n"); /* skip marked packets */ if (packet->detected_protocol_stack[0] != NDPI_PROTOCOL_SPOTIFY) { diff --git a/src/lib/protocols/ssdp.c b/src/lib/protocols/ssdp.c index 1f6b80023..ce681d9b6 100644 --- a/src/lib/protocols/ssdp.c +++ b/src/lib/protocols/ssdp.c @@ -22,10 +22,14 @@ * */ +#include "ndpi_protocol_ids.h" -#include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_SSDP +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SSDP + +#include "ndpi_api.h" + static void ndpi_int_ssdp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -38,10 +42,7 @@ void ndpi_search_ssdp(struct ndpi_detection_module_struct *ndpi_struct, struct n { struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; - - NDPI_LOG(NDPI_PROTOCOL_SSDP, ndpi_struct, NDPI_LOG_DEBUG, "search ssdp.\n"); + NDPI_LOG_DBG(ndpi_struct, "search ssdp\n"); if (packet->udp != NULL) { if (packet->payload_packet_len > 100) { @@ -49,22 +50,21 @@ void ndpi_search_ssdp(struct ndpi_detection_module_struct *ndpi_struct, struct n || memcmp(packet->payload, "NOTIFY * HTTP/1.1", 17) == 0) { - NDPI_LOG(NDPI_PROTOCOL_SSDP, ndpi_struct, NDPI_LOG_DEBUG, "found ssdp.\n"); + NDPI_LOG_INFO(ndpi_struct, "found ssdp\n"); ndpi_int_ssdp_add_connection(ndpi_struct, flow); return; } #define SSDP_HTTP "HTTP/1.1 200 OK\r\n" if(memcmp(packet->payload, SSDP_HTTP, strlen(SSDP_HTTP)) == 0) { - NDPI_LOG(NDPI_PROTOCOL_SSDP, ndpi_struct, NDPI_LOG_DEBUG, "found ssdp.\n"); + NDPI_LOG_INFO(ndpi_struct, "found ssdp\n"); ndpi_int_ssdp_add_connection(ndpi_struct, flow); return; } } } - NDPI_LOG(NDPI_PROTOCOL_SSDP, ndpi_struct, NDPI_LOG_DEBUG, "ssdp excluded.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SSDP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/ssh.c b/src/lib/protocols/ssh.c index cb874010f..bfd1c387e 100644 --- a/src/lib/protocols/ssh.c +++ b/src/lib/protocols/ssh.c @@ -22,10 +22,14 @@ * */ +#include "ndpi_protocol_ids.h" -#include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_SSH +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SSH + +#include "ndpi_api.h" + static void ndpi_int_ssh_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow){ ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SSH, NDPI_PROTOCOL_UNKNOWN); @@ -46,8 +50,6 @@ static void ndpi_ssh_zap_cr(char *str, int len) { void ndpi_search_ssh_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; if (flow->l4.tcp.ssh_stage == 0) { if (packet->payload_packet_len > 7 && packet->payload_packet_len < 100 @@ -56,7 +58,7 @@ void ndpi_search_ssh_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc strncpy(flow->protos.ssh.client_signature, (const char *)packet->payload, len); flow->protos.ssh.client_signature[len] = '\0'; ndpi_ssh_zap_cr(flow->protos.ssh.client_signature, len); - NDPI_LOG(NDPI_PROTOCOL_SSH, ndpi_struct, NDPI_LOG_DEBUG, "ssh stage 0 passed\n"); + NDPI_LOG_DBG2(ndpi_struct, "ssh stage 0 passed\n"); flow->l4.tcp.ssh_stage = 1 + packet->packet_direction; return; } @@ -67,7 +69,7 @@ void ndpi_search_ssh_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc strncpy(flow->protos.ssh.server_signature, (const char *)packet->payload, len); flow->protos.ssh.server_signature[len] = '\0'; ndpi_ssh_zap_cr(flow->protos.ssh.server_signature, len); - NDPI_LOG(NDPI_PROTOCOL_SSH, ndpi_struct, NDPI_LOG_DEBUG, "found ssh\n"); + NDPI_LOG_INFO(ndpi_struct, "found ssh\n"); ndpi_int_ssh_add_connection(ndpi_struct, flow); return; @@ -75,7 +77,7 @@ void ndpi_search_ssh_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc } } - NDPI_LOG(NDPI_PROTOCOL_SSH, ndpi_struct, NDPI_LOG_DEBUG, "excluding ssh at stage %d\n", flow->l4.tcp.ssh_stage); + NDPI_LOG_DBG(ndpi_struct, "excluding ssh at stage %d\n", flow->l4.tcp.ssh_stage); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SSH); } diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c index 5afca5389..e57e891e5 100644 --- a/src/lib/protocols/ssl.c +++ b/src/lib/protocols/ssl.c @@ -21,11 +21,15 @@ * */ +#include "ndpi_protocol_ids.h" -#include "ndpi_api.h" #ifdef NDPI_PROTOCOL_SSL +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SSL + +#include "ndpi_api.h" + /* #define CERTIFICATE_DEBUG 1 */ #define NDPI_MAX_SSL_REQUEST_SIZE 10000 @@ -153,7 +157,7 @@ int getSSLcertificate(struct ndpi_detection_module_struct *ndpi_struct, { static u_int8_t id = 0; - printf("-> [%u] %02X\n", ++id, packet->payload[0] & 0xFF); + NDPI_LOG_DBG2(ndpi_struct,"-> [%u] %02X\n", ++id, packet->payload[0] & 0xFF); } #endif @@ -363,7 +367,7 @@ int sslDetectProtocolFromCertificate(struct ndpi_detection_module_struct *ndpi_s if(rc > 0) { packet->ssl_certificate_detected++; #ifdef CERTIFICATE_DEBUG - printf("***** [SSL] %s\n", certificate); + NDPI_LOG_DBG2(ndpi_struct, "***** [SSL] %s\n", certificate); #endif u_int32_t subproto = ndpi_match_host_subprotocol(ndpi_struct, flow, certificate, strlen(certificate), NDPI_PROTOCOL_SSL); @@ -404,8 +408,6 @@ static void ssl_mark_and_payload_search_for_other_protocols(struct { #if defined(NDPI_PROTOCOL_TOR) || defined(NDPI_PROTOCOL_VPN_X) || defined(NDPI_PROTOCOL_UNENCRYPTED_JABBER) || defined (NDPI_PROTOCOL_OSCAR) || defined (NDPI_PROTOCOL_ITUNES) || defined (NDPI_PROTOCOL_GMAIL) struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_id_struct *src=flow->src; - // struct ndpi_id_struct *dst=flow->dst; u_int32_t a; u_int32_t end; #if defined(NDPI_PROTOCOL_UNENCRYPTED_JABBER) @@ -424,9 +426,9 @@ static void ssl_mark_and_payload_search_for_other_protocols(struct #ifdef NDPI_PROTOCOL_UNENCRYPTED_JABBER if(packet->payload[a] == 't') { if(memcmp(&packet->payload[a], "talk.google.com", 15) == 0) { - NDPI_LOG(NDPI_PROTOCOL_UNENCRYPTED_JABBER, ndpi_struct, NDPI_LOG_DEBUG, "ssl jabber packet match\n"); if(NDPI_COMPARE_PROTOCOL_TO_BITMASK (ndpi_struct->detection_bitmask, NDPI_PROTOCOL_UNENCRYPTED_JABBER) != 0) { + NDPI_LOG_INFO(ndpi_struct, "found ssl jabber unencrypted\n"); ndpi_int_ssl_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_UNENCRYPTED_JABBER); return; } @@ -447,7 +449,7 @@ static void ssl_mark_and_payload_search_for_other_protocols(struct && memcmp(&packet->payload[a], "http://ocsp.web.aol.com/ocsp", 28) == 0) || ((a + 32) < packet->payload_packet_len && memcmp(&packet->payload[a], "http://pki-info.aol.com/AOLMSPKI", 32) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR SERVER SSL DETECTED\n"); + NDPI_LOG_INFO(ndpi_struct, "found OSCAR SERVER SSL DETECTED\n"); if(flow->dst != NULL && packet->payload_packet_len > 75) { memcpy(flow->dst->oscar_ssl_session_id, &packet->payload[44], 32); @@ -464,7 +466,7 @@ static void ssl_mark_and_payload_search_for_other_protocols(struct if((a + 21) < packet->payload_packet_len && (memcmp(&packet->payload[a], "my.screenname.aol.com", 21) == 0 || memcmp(&packet->payload[a], "sns-static.aolcdn.com", 21) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_OSCAR, ndpi_struct, NDPI_LOG_DEBUG, "OSCAR SERVER SSL DETECTED\n"); + NDPI_LOG_DBG(ndpi_struct, "found OSCAR SERVER SSL DETECTED\n"); ndpi_int_ssl_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_OSCAR); return; } @@ -475,14 +477,16 @@ static void ssl_mark_and_payload_search_for_other_protocols(struct no_check_for_ssl_payload: #endif if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) { - NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, "found ssl connection.\n"); + NDPI_LOG_DBG(ndpi_struct, "found ssl connection\n"); sslDetectProtocolFromCertificate(ndpi_struct, flow); if(!packet->ssl_certificate_detected && (!(flow->l4.tcp.ssl_seen_client_cert && flow->l4.tcp.ssl_seen_server_cert))) { /* SSL without certificate (Skype, Ultrasurf?) */ + NDPI_LOG_INFO(ndpi_struct, "found ssl NO_CERT\n"); ndpi_int_ssl_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_SSL_NO_CERT); } else + NDPI_LOG_INFO(ndpi_struct, "found ssl\n"); ndpi_int_ssl_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_SSL); } } @@ -492,10 +496,6 @@ static u_int8_t ndpi_search_sslv3_direction1(struct ndpi_detection_module_struct struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - // - // struct ndpi_id_struct *src=flow->src; - // struct ndpi_id_struct *dst=flow->dst; - if((packet->payload_packet_len >= 5) && (packet->payload[0] == 0x16) @@ -506,13 +506,13 @@ static u_int8_t ndpi_search_sslv3_direction1(struct ndpi_detection_module_struct || (packet->payload[2] == 0x03) )) { u_int32_t temp; - NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, "search sslv3\n"); + NDPI_LOG_DBG2(ndpi_struct, "search sslv3\n"); // SSLv3 Record if(packet->payload_packet_len >= 1300) { return 1; } temp = ntohs(get_u_int16_t(packet->payload, 3)) + 5; - NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, "temp = %u.\n", temp); + NDPI_LOG_DBG2(ndpi_struct, "temp = %u\n", temp); if(packet->payload_packet_len == temp || (temp < packet->payload_packet_len && packet->payload_packet_len > 500)) { return 1; @@ -522,16 +522,16 @@ static u_int8_t ndpi_search_sslv3_direction1(struct ndpi_detection_module_struct /* the server hello may be split into small packets */ u_int32_t cert_start; - NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "maybe SSLv3 server hello split into smaller packets\n"); /* lets hope at least the server hello and the start of the certificate block are in the first packet */ cert_start = ntohs(get_u_int16_t(packet->payload, 7)) + 5 + 4; - NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, "suspected start of certificate: %u\n", + NDPI_LOG_DBG2(ndpi_struct, "suspected start of certificate: %u\n", cert_start); if(cert_start < packet->payload_packet_len && packet->payload[cert_start] == 0x0b) { - NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "found 0x0b at suspected start of certificate block\n"); return 2; } @@ -542,16 +542,16 @@ static u_int8_t ndpi_search_sslv3_direction1(struct ndpi_detection_module_struct * so temp contains only the length for the first ServerHello block */ u_int32_t cert_start; - NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "maybe SSLv3 server hello split into smaller packets but with seperate record for the certificate\n"); /* lets hope at least the server hello record and the start of the certificate record are in the first packet */ cert_start = ntohs(get_u_int16_t(packet->payload, 7)) + 5 + 5 + 4; - NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, "suspected start of certificate: %u\n", + NDPI_LOG_DBG2(ndpi_struct, "suspected start of certificate: %u\n", cert_start); if(cert_start < packet->payload_packet_len && packet->payload[cert_start] == 0x0b) { - NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "found 0x0b at suspected start of certificate block\n"); return 2; } @@ -565,7 +565,7 @@ static u_int8_t ndpi_search_sslv3_direction1(struct ndpi_detection_module_struct return 1; } temp += temp2; - NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, "temp = %u.\n", temp); + NDPI_LOG_DBG2(ndpi_struct, "temp = %u\n", temp); if(packet->payload_packet_len == temp) { return 1; } @@ -576,7 +576,7 @@ static u_int8_t ndpi_search_sslv3_direction1(struct ndpi_detection_module_struct return 1; } temp += temp2; - NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, "temp = %u.\n", temp); + NDPI_LOG_DBG2(ndpi_struct, "temp = %u\n", temp); if(packet->payload_packet_len == temp) { return 1; } @@ -587,7 +587,7 @@ static u_int8_t ndpi_search_sslv3_direction1(struct ndpi_detection_module_struct return 1; } temp += temp2; - NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, "temp = %u.\n", temp); + NDPI_LOG_DBG2(ndpi_struct, "temp = %u\n", temp); if(temp == packet->payload_packet_len) { return 1; } @@ -602,10 +602,6 @@ static u_int8_t ndpi_search_sslv3_direction1(struct ndpi_detection_module_struct void ndpi_search_ssl_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - - // struct ndpi_id_struct *src=flow->src; - // struct ndpi_id_struct *dst=flow->dst; - u_int8_t ret; if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_SSL) { @@ -613,7 +609,7 @@ void ndpi_search_ssl_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc /* this should only happen, when we detected SSL with a packet that had parts of the certificate in subsequent packets * so go on checking for certificate patterns for a couple more packets */ - NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "ssl flow but check another packet for patterns\n"); ssl_mark_and_payload_search_for_other_protocols(ndpi_struct, flow); if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_SSL) { @@ -627,7 +623,7 @@ void ndpi_search_ssl_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc return; } - NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, "search ssl\n"); + NDPI_LOG_DBG(ndpi_struct, "search ssl\n"); { /* Check if this is whatsapp first (this proto runs over port 443) */ @@ -652,12 +648,12 @@ void ndpi_search_ssl_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc } if(packet->payload_packet_len > 40 && flow->l4.tcp.ssl_stage == 0) { - NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, "first ssl packet\n"); + NDPI_LOG_DBG2(ndpi_struct, "first ssl packet\n"); // SSLv2 Record if(packet->payload[2] == 0x01 && packet->payload[3] == 0x03 && (packet->payload[4] == 0x00 || packet->payload[4] == 0x01 || packet->payload[4] == 0x02) && (packet->payload_packet_len - packet->payload[1] == 2)) { - NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, "sslv2 len match\n"); + NDPI_LOG_DBG2(ndpi_struct, "sslv2 len match\n"); flow->l4.tcp.ssl_stage = 1 + packet->packet_direction; return; } @@ -666,7 +662,7 @@ void ndpi_search_ssl_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc && (packet->payload[2] == 0x00 || packet->payload[2] == 0x01 || packet->payload[2] == 0x02) && (packet->payload_packet_len - ntohs(get_u_int16_t(packet->payload, 3)) == 5)) { // SSLv3 Record - NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, "sslv3 len match\n"); + NDPI_LOG_DBG2(ndpi_struct, "sslv3 len match\n"); flow->l4.tcp.ssl_stage = 1 + packet->packet_direction; return; } @@ -679,23 +675,23 @@ void ndpi_search_ssl_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc } if(packet->payload_packet_len > 40 && flow->l4.tcp.ssl_stage == 2 - packet->packet_direction) { - NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, "second ssl packet\n"); + NDPI_LOG_DBG2(ndpi_struct, "second ssl packet\n"); // SSLv2 Record if(packet->payload[2] == 0x01 && packet->payload[3] == 0x03 && (packet->payload[4] == 0x00 || packet->payload[4] == 0x01 || packet->payload[4] == 0x02) && (packet->payload_packet_len - 2) >= packet->payload[1]) { - NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, "sslv2 server len match\n"); + NDPI_LOG_DBG2(ndpi_struct, "sslv2 server len match\n"); ssl_mark_and_payload_search_for_other_protocols(ndpi_struct, flow); return; } ret = ndpi_search_sslv3_direction1(ndpi_struct, flow); if(ret == 1) { - NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, "sslv3 server len match\n"); + NDPI_LOG_DBG2(ndpi_struct, "sslv3 server len match\n"); ssl_mark_and_payload_search_for_other_protocols(ndpi_struct, flow); return; } else if(ret == 2) { - NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "sslv3 server len match with split packet -> check some more packets for SSL patterns\n"); ssl_mark_and_payload_search_for_other_protocols(ndpi_struct, flow); if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_SSL) { @@ -705,13 +701,12 @@ void ndpi_search_ssl_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc } if(packet->payload_packet_len > 40 && flow->packet_direction_counter[packet->packet_direction] < 5) { - NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, "need next packet\n"); + NDPI_LOG_DBG2(ndpi_struct, "need next packet\n"); return; } } - NDPI_LOG(NDPI_PROTOCOL_SSL, ndpi_struct, NDPI_LOG_DEBUG, "exclude ssl\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SSL); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } diff --git a/src/lib/protocols/starcraft.c b/src/lib/protocols/starcraft.c index 760578563..73cdd0b12 100644 --- a/src/lib/protocols/starcraft.c +++ b/src/lib/protocols/starcraft.c @@ -19,11 +19,15 @@ * */ - -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_STARCRAFT +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_STARCRAFT + +#include "ndpi_api.h" + + /* Sender or receiver are one of the known login portals? */ u_int8_t sc2_match_logon_ip(struct ndpi_packet_struct* packet) { @@ -112,7 +116,7 @@ u_int8_t ndpi_check_starcraft_udp(struct ndpi_detection_module_struct* ndpi_stru void ndpi_search_starcraft(struct ndpi_detection_module_struct* ndpi_struct, struct ndpi_flow_struct* flow) { - NDPI_LOG(NDPI_PROTOCOL_STARCRAFT, ndpi_struct, NDPI_LOG_DEBUG, "Starcraft protocol detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search Starcraft\n"); if (flow->packet.detected_protocol_stack[0] != NDPI_PROTOCOL_STARCRAFT) { struct ndpi_packet_struct* packet = &flow->packet; int8_t result = 0; @@ -120,24 +124,22 @@ void ndpi_search_starcraft(struct ndpi_detection_module_struct* ndpi_struct, str if (packet->udp != NULL) { result = ndpi_check_starcraft_udp(ndpi_struct, flow); if (result == 1) { - //printf("Found Starcraft 2 [Game, UDP]\n"); - NDPI_LOG(NDPI_PROTOCOL_STARCRAFT, ndpi_struct, NDPI_LOG_DEBUG, "Found Starcraft 2 [Game, UDP]\n"); + NDPI_LOG_INFO(ndpi_struct, "Found Starcraft 2 [Game, UDP]\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_STARCRAFT, NDPI_PROTOCOL_UNKNOWN); + return; } } else if (packet->tcp != NULL) { result = ndpi_check_starcraft_tcp(ndpi_struct, flow); if (result == 1) { - //printf("Found Starcraft 2 [Client, TCP]\n"); - NDPI_LOG(NDPI_PROTOCOL_STARCRAFT, ndpi_struct, NDPI_LOG_DEBUG, "Found Starcraft 2 [Client, TCP]\n"); + NDPI_LOG_INFO(ndpi_struct, "Found Starcraft 2 [Client, TCP]\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_STARCRAFT, NDPI_PROTOCOL_UNKNOWN); + return; } } - if (result == 1) { - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_STARCRAFT, NDPI_PROTOCOL_UNKNOWN); - } - else if (result == -1) { - NDPI_LOG(NDPI_PROTOCOL_STARCRAFT, ndpi_struct, NDPI_LOG_DEBUG, "Starcraft excluded\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_STARCRAFT); + if (result == -1) { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } } diff --git a/src/lib/protocols/stealthnet.c b/src/lib/protocols/stealthnet.c index 09e6c18d4..8bd75b1a3 100644 --- a/src/lib/protocols/stealthnet.c +++ b/src/lib/protocols/stealthnet.c @@ -22,11 +22,14 @@ * */ - -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_STEALTHNET +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_STEALTHNET + +#include "ndpi_api.h" + static void ndpi_int_stealthnet_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -39,20 +42,16 @@ void ndpi_search_stealthnet(struct ndpi_detection_module_struct { struct ndpi_packet_struct *packet = &flow->packet; - - // struct ndpi_id_struct *src = flow->src; - // struct ndpi_id_struct *dst = flow->dst; - + NDPI_LOG_DBG(ndpi_struct, "search stealthnet\n"); if (packet->payload_packet_len > 40 && memcmp(packet->payload, "LARS REGENSBURGER'S FILE SHARING PROTOCOL", 41) == 0) { - NDPI_LOG(NDPI_PROTOCOL_STEALTHNET, ndpi_struct, NDPI_LOG_DEBUG, "found stealthnet\n"); + NDPI_LOG_INFO(ndpi_struct, "found stealthnet\n"); ndpi_int_stealthnet_add_connection(ndpi_struct, flow); return; } - NDPI_LOG(NDPI_PROTOCOL_STEALTHNET, ndpi_struct, NDPI_LOG_DEBUG, "exclude stealthnet.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_STEALTHNET); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/steam.c b/src/lib/protocols/steam.c index d12a0cb4b..64eaa04fe 100644 --- a/src/lib/protocols/steam.c +++ b/src/lib/protocols/steam.c @@ -23,10 +23,14 @@ * along with nDPI. If not, see . * */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_STEAM + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_STEAM #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_STEAM static void ndpi_int_steam_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_UNKNOWN); } @@ -38,7 +42,7 @@ static void ndpi_check_steam_http(struct ndpi_detection_module_struct *ndpi_stru if (packet->user_agent_line.ptr != NULL && packet->user_agent_line.len >= 23 && memcmp(packet->user_agent_line.ptr, "Valve/Steam HTTP Client", 23) == 0) { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "Found STEAM.\n"); + NDPI_LOG_INFO(ndpi_struct, "found STEAM\n"); ndpi_int_steam_add_connection(ndpi_struct, flow); } } @@ -48,10 +52,10 @@ static void ndpi_check_steam_tcp(struct ndpi_detection_module_struct *ndpi_struc u_int32_t payload_len = packet->payload_packet_len; if (flow->steam_stage == 0) { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "STEAM stage 0: \n"); + NDPI_LOG_DBG2(ndpi_struct, "STEAM stage 0: \n"); if ((payload_len == 1 && packet->payload[0] == 0x01) || ((payload_len == 4 || payload_len == 5) && ndpi_match_strprefix(packet->payload, payload_len, "\x01\x00\x00\x00"))) { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "Possible STEAM request detected, we will look further for the response...\n"); + NDPI_LOG_DBG2(ndpi_struct, "Possible STEAM request detected, we will look further for the response..\n"); /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ flow->steam_stage = packet->packet_direction + 1; // packet_direction 0: stage 1, packet_direction 1: stage 2 @@ -59,14 +63,14 @@ static void ndpi_check_steam_tcp(struct ndpi_detection_module_struct *ndpi_struc } if ((payload_len == 1 && packet->payload[0] == 0x00) || ((payload_len == 4 || payload_len == 5) && ndpi_match_strprefix(packet->payload, payload_len, "\x00\x00\x00"))) { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "Possible STEAM request detected, we will look further for the response...\n"); + NDPI_LOG_DBG2(ndpi_struct, "Possible STEAM request detected, we will look further for the response..\n"); /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ flow->steam_stage = packet->packet_direction + 3; // packet_direction 0: stage 3, packet_direction 1: stage 4 return; } } else if ((flow->steam_stage == 1) || (flow->steam_stage == 2)) { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "STEAM stage %u: \n", flow->steam_stage); + NDPI_LOG_DBG2(ndpi_struct, "STEAM stage %u: \n", flow->steam_stage); /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */ if ((flow->steam_stage - packet->packet_direction) == 1) { @@ -75,14 +79,14 @@ static void ndpi_check_steam_tcp(struct ndpi_detection_module_struct *ndpi_struc /* This is a packet in another direction. Check if we find the proper response. */ if ((payload_len == 1 && packet->payload[0] == 0x00) || ((payload_len == 4 || payload_len == 5) && ndpi_match_strprefix(packet->payload, payload_len, "\x00\x00\x00"))) { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "Found STEAM.\n"); + NDPI_LOG_INFO(ndpi_struct, "found STEAM\n"); ndpi_int_steam_add_connection(ndpi_struct, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to STEAM, resetting the stage to 0...\n"); + NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to STEAM, resetting the stage to 0..\n"); flow->steam_stage = 0; } } else if ((flow->steam_stage == 3) || (flow->steam_stage == 4)) { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "STEAM stage %u: \n", flow->steam_stage); + NDPI_LOG_DBG2(ndpi_struct, "STEAM stage %u: \n", flow->steam_stage); /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */ if ((flow->steam_stage - packet->packet_direction) == 3) { @@ -91,10 +95,10 @@ static void ndpi_check_steam_tcp(struct ndpi_detection_module_struct *ndpi_struc /* This is a packet in another direction. Check if we find the proper response. */ if ((payload_len == 1 && packet->payload[0] == 0x01) || ((payload_len == 4 || payload_len == 5) && ndpi_match_strprefix(packet->payload, payload_len, "\x01\x00\x00\x00"))) { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "Found STEAM.\n"); + NDPI_LOG_INFO(ndpi_struct, "found STEAM\n"); ndpi_int_steam_add_connection(ndpi_struct, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to STEAM, resetting the stage to 0...\n"); + NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to STEAM, resetting the stage to 0..\n"); flow->steam_stage = 0; } } @@ -105,17 +109,17 @@ static void ndpi_check_steam_udp1(struct ndpi_detection_module_struct *ndpi_stru u_int32_t payload_len = packet->payload_packet_len; if (ndpi_match_strprefix(packet->payload, payload_len, "VS01")) { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "Found STEAM.\n"); + NDPI_LOG_INFO(ndpi_struct, "found STEAM\n"); ndpi_int_steam_add_connection(ndpi_struct, flow); return; } /* Check if we so far detected the protocol in the request or not. */ if (flow->steam_stage1 == 0) { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "STEAM stage 0: \n"); + NDPI_LOG_DBG2(ndpi_struct, "STEAM stage 0: \n"); if (ndpi_match_strprefix(packet->payload, payload_len, "\x31\xff\x30\x2e")) { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "Possible STEAM request detected, we will look further for the response...\n"); + NDPI_LOG_DBG2(ndpi_struct, "Possible STEAM request detected, we will look further for the response..\n"); /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ flow->steam_stage1 = packet->packet_direction + 1; // packet_direction 0: stage 1, packet_direction 1: stage 2 @@ -123,7 +127,7 @@ static void ndpi_check_steam_udp1(struct ndpi_detection_module_struct *ndpi_stru } if (ndpi_match_strprefix(packet->payload, payload_len, "\xff\xff\xff\xff")) { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "Possible STEAM request detected, we will look further for the response...\n"); + NDPI_LOG_DBG2(ndpi_struct, "Possible STEAM request detected, we will look further for the response..\n"); /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ flow->steam_stage1 = packet->packet_direction + 3; // packet_direction 0: stage 3, packet_direction 1: stage 4 @@ -131,7 +135,7 @@ static void ndpi_check_steam_udp1(struct ndpi_detection_module_struct *ndpi_stru } } else if ((flow->steam_stage1 == 1) || (flow->steam_stage1 == 2)) { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "STEAM stage %u: \n", flow->steam_stage1); + NDPI_LOG_DBG2(ndpi_struct, "STEAM stage %u: \n", flow->steam_stage1); /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */ if ((flow->steam_stage1 - packet->packet_direction) == 1) { @@ -140,15 +144,15 @@ static void ndpi_check_steam_udp1(struct ndpi_detection_module_struct *ndpi_stru /* This is a packet in another direction. Check if we find the proper response. */ if (ndpi_match_strprefix(packet->payload, payload_len, "\xff\xff\xff\xff")) { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "Found STEAM.\n"); + NDPI_LOG_INFO(ndpi_struct, "found STEAM\n"); ndpi_int_steam_add_connection(ndpi_struct, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to STEAM, resetting the stage to 0...\n"); + NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to STEAM, resetting the stage to 0..\n"); flow->steam_stage1 = 0; } } else if ((flow->steam_stage1 == 3) || (flow->steam_stage1 == 4)) { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "STEAM stage %u: \n", flow->steam_stage1); + NDPI_LOG_DBG2(ndpi_struct, "STEAM stage %u: \n", flow->steam_stage1); /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */ if ((flow->steam_stage1 - packet->packet_direction) == 3) { @@ -157,10 +161,10 @@ static void ndpi_check_steam_udp1(struct ndpi_detection_module_struct *ndpi_stru /* This is a packet in another direction. Check if we find the proper response. */ if (ndpi_match_strprefix(packet->payload, payload_len, "\x31\xff\x30\x2e")) { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "Found STEAM.\n"); + NDPI_LOG_INFO(ndpi_struct, "found STEAM\n"); ndpi_int_steam_add_connection(ndpi_struct, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to STEAM, resetting the stage to 0...\n"); + NDPI_LOG_DBG(ndpi_struct, "The reply did not seem to belong to STEAM, resetting the stage to 0..\n"); flow->steam_stage1 = 0; } @@ -173,17 +177,17 @@ static void ndpi_check_steam_udp2(struct ndpi_detection_module_struct *ndpi_stru /* Check if we so far detected the protocol in the request or not. */ if (flow->steam_stage2 == 0) { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "STEAM stage 0: \n"); + NDPI_LOG_DBG2(ndpi_struct, "STEAM stage 0: \n"); if ((payload_len == 25) && ndpi_match_strprefix(packet->payload, payload_len, "\xff\xff\xff\xff")) { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "Possible STEAM request detected, we will look further for the response...\n"); + NDPI_LOG_DBG2(ndpi_struct, "Possible STEAM request detected, we will look further for the response..\n"); /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ flow->steam_stage2 = packet->packet_direction + 1; // packet_direction 0: stage 1, packet_direction 1: stage 2 } } else { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "STEAM stage %u: \n", flow->steam_stage2); + NDPI_LOG_DBG2(ndpi_struct, "STEAM stage %u: \n", flow->steam_stage2); /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */ if ((flow->steam_stage2 - packet->packet_direction) == 1) { @@ -192,10 +196,10 @@ static void ndpi_check_steam_udp2(struct ndpi_detection_module_struct *ndpi_stru /* This is a packet in another direction. Check if we find the proper response. */ if ((payload_len == 0) || ndpi_match_strprefix(packet->payload, payload_len, "\xff\xff\xff\xff")) { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "Found STEAM.\n"); + NDPI_LOG_INFO(ndpi_struct, "found STEAM\n"); ndpi_int_steam_add_connection(ndpi_struct, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to STEAM, resetting the stage to 0...\n"); + NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to STEAM, resetting the stage to 0..\n"); flow->steam_stage2 = 0; } @@ -208,17 +212,17 @@ static void ndpi_check_steam_udp3(struct ndpi_detection_module_struct *ndpi_stru /* Check if we so far detected the protocol in the request or not. */ if (flow->steam_stage3 == 0) { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "STEAM stage 0: \n"); + NDPI_LOG_DBG2(ndpi_struct, "STEAM stage 0: \n"); if ((payload_len == 4) && (packet->payload[0] == 0x39) && (packet->payload[1] == 0x18) && (packet->payload[2] == 0x00) && (packet->payload[3] == 0x00)) { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "Possible STEAM request detected, we will look further for the response...\n"); + NDPI_LOG_DBG2(ndpi_struct, "Possible STEAM request detected, we will look further for the response..\n"); /* Encode the direction of the packet in the stage, so we will know when we need to look for the response packet. */ flow->steam_stage3 = packet->packet_direction + 1; // packet_direction 0: stage 1, packet_direction 1: stage 2 } } else { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "STEAM stage %u: \n", flow->steam_stage3); + NDPI_LOG_DBG2(ndpi_struct, "STEAM stage %u: \n", flow->steam_stage3); /* At first check, if this is for sure a response packet (in another direction. If not, do nothing now and return. */ if ((flow->steam_stage3 - packet->packet_direction) == 1) { @@ -227,10 +231,10 @@ static void ndpi_check_steam_udp3(struct ndpi_detection_module_struct *ndpi_stru /* This is a packet in another direction. Check if we find the proper response. */ if ((payload_len == 0) || ((payload_len == 8) && (packet->payload[0] == 0x3a) && (packet->payload[1] == 0x18) && (packet->payload[2] == 0x00) && (packet->payload[3] == 0x00))) { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "Found STEAM.\n"); + NDPI_LOG_INFO(ndpi_struct, "found STEAM\n"); ndpi_int_steam_add_connection(ndpi_struct, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "The reply did not seem to belong to STEAM, resetting the stage to 0...\n"); + NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to STEAM, resetting the stage to 0..\n"); flow->steam_stage3 = 0; } @@ -242,8 +246,7 @@ void ndpi_search_steam(struct ndpi_detection_module_struct *ndpi_struct, struct /* Break after 20 packets. */ if (flow->packet_counter > 20) { - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "Exclude STEAM.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_STEAM); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } @@ -256,7 +259,7 @@ void ndpi_search_steam(struct ndpi_detection_module_struct *ndpi_struct, struct return; } - NDPI_LOG(NDPI_PROTOCOL_STEAM, ndpi_struct, NDPI_LOG_DEBUG, "STEAM detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search STEAM\n"); ndpi_check_steam_http(ndpi_struct, flow); if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_STEAM) { diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index d44d9c26e..53f39c4d6 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -21,10 +21,14 @@ * along with nDPI. If not, see . * */ -#include "ndpi_protocols.h" + +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_STUN +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_STUN + +#include "ndpi_api.h" #define MAX_NUM_STUN_PKTS 10 @@ -64,7 +68,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * if((strncmp((const char*)payload, (const char*)"RSP/", 4) == 0) && (strncmp((const char*)&payload[7], (const char*)" STUN_", 6) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "Found stun.\n"); + NDPI_LOG_INFO(ndpi_struct, "found stun\n"); goto udp_stun_found; } @@ -159,10 +163,10 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * u_int8_t mod; u_int8_t old = 1; u_int8_t padding = 0; - NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "len and type match.\n"); + NDPI_LOG_DBG2(ndpi_struct, "len and type match\n"); if(payload_length == 20) { - NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "found stun.\n"); + NDPI_LOG_INFO(ndpi_struct, "found stun\n"); goto udp_stun_found; } @@ -183,7 +187,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * || payload[a + 1] == 0x2a || payload[a + 1] == 0x29 || payload[a + 1] == 0x50 || payload[a + 1] == 0x54 || payload[a + 1] == 0x55)))) { - NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "attribute match.\n"); + NDPI_LOG_DBG2(ndpi_struct, "attribute match\n"); a += ((payload[a + 2] << 8) + payload[a + 3] + 4); mod = a % 4; @@ -191,7 +195,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * padding = 4 - mod; } if(a == payload_length || (padding && (a + padding) == payload_length)) { - NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "found stun.\n"); + NDPI_LOG_INFO(ndpi_struct, "found stun\n"); goto udp_stun_found; } @@ -215,7 +219,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * if((payload[a + padding] == 0x40) && (payload[a + padding + 1] == 0x00)) goto udp_stun_found; - NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "New STUN - attribute match.\n"); + NDPI_LOG_DBG2(ndpi_struct, "New STUN - attribute match\n"); old = 0; a += ((payload[a + 2 + padding] << 8) + payload[a + 3 + padding] + 4); @@ -225,7 +229,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * a += 4 - mod; } if(a == payload_length) { - NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "found stun.\n"); + NDPI_LOG_INFO(ndpi_struct, "found stun\n"); goto udp_stun_found; } } else { @@ -254,7 +258,7 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n struct ndpi_packet_struct *packet = &flow->packet; u_int8_t is_whatsapp = 0, is_skype = 0; - NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "search stun.\n"); + NDPI_LOG_DBG(ndpi_struct, "search stun\n"); if(packet->tcp) { /* STUN may be encapsulated in TCP packets */ @@ -267,10 +271,10 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n if(ndpi_int_check_stun(ndpi_struct, flow, packet->payload + 2, packet->payload_packet_len - 2, &is_whatsapp, &is_skype) == NDPI_IS_STUN) { if(is_skype) { - NDPI_LOG(NDPI_PROTOCOL_SKYPE, ndpi_struct, NDPI_LOG_DEBUG, "Found Skype\n"); + NDPI_LOG_INFO(ndpi_struct, "found Skype\n"); ndpi_int_stun_add_connection(ndpi_struct, NDPI_PROTOCOL_SKYPE, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "found UDP stun.\n"); + NDPI_LOG_INFO(ndpi_struct, "found UDP stun\n"); ndpi_int_stun_add_connection(ndpi_struct, is_whatsapp ? NDPI_PROTOCOL_WHATSAPP_VOICE : NDPI_PROTOCOL_STUN, flow); } @@ -282,10 +286,10 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n if(ndpi_int_check_stun(ndpi_struct, flow, packet->payload, packet->payload_packet_len, &is_whatsapp, &is_skype) == NDPI_IS_STUN) { if(is_skype) { - NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "Found Skype\n"); + NDPI_LOG_INFO(ndpi_struct, "Found Skype\n"); ndpi_int_stun_add_connection(ndpi_struct, NDPI_PROTOCOL_SKYPE, flow); } else { - NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "found UDP stun.\n"); + NDPI_LOG_INFO(ndpi_struct, "found UDP stun\n"); ndpi_int_stun_add_connection(ndpi_struct, is_whatsapp ? NDPI_PROTOCOL_WHATSAPP_VOICE : NDPI_PROTOCOL_STUN, flow); } @@ -293,8 +297,7 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n } if(flow->num_stun_udp_pkts >= MAX_NUM_STUN_PKTS) { - NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "exclude stun.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_STUN); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } diff --git a/src/lib/protocols/syslog.c b/src/lib/protocols/syslog.c index 589f40f21..d83cd99f7 100644 --- a/src/lib/protocols/syslog.c +++ b/src/lib/protocols/syslog.c @@ -22,10 +22,14 @@ * */ +#include "ndpi_protocol_ids.h" -#include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_SYSLOG +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_SYSLOG + +#include "ndpi_api.h" + static void ndpi_int_syslog_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -36,45 +40,41 @@ void ndpi_search_syslog(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; - u_int8_t i; - NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG, "search syslog\n"); + NDPI_LOG_DBG(ndpi_struct, "search syslog\n"); if (packet->payload_packet_len > 20 && packet->payload_packet_len <= 1024 && packet->payload[0] == '<') { - NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG, "checked len>20 and <1024 and first symbol=<.\n"); + NDPI_LOG_DBG2(ndpi_struct, "checked len>20 and <1024 and first symbol=<\n"); for (i = 1; i <= 3; i++) { if (packet->payload[i] < '0' || packet->payload[i] > '9') { break; } } - NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "read symbols while the symbol is a number.\n"); if (packet->payload[i++] != '>') { - NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG, "there is no > following the number.\n"); + NDPI_LOG_DBG(ndpi_struct, "excluded, there is no > following the number\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SYSLOG); return; } else { - NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG, "a > following the number.\n"); + NDPI_LOG_DBG2(ndpi_struct, "a > following the number\n"); } if (packet->payload[i] == 0x20) { - NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG, "a blank following the >: increment i.\n"); + NDPI_LOG_DBG2(ndpi_struct, "a blank following the >: increment i\n"); i++; } else { - NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG, "no blank following the >: do nothing.\n"); + NDPI_LOG_DBG2(ndpi_struct, "no blank following the >: do nothing\n"); } /* check for "last message repeated" */ if (i + sizeof("last message") - 1 <= packet->payload_packet_len && memcmp(packet->payload + i, "last message", sizeof("last message") - 1) == 0) { - NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG, "found syslog by 'last message' string.\n"); + NDPI_LOG_INFO(ndpi_struct, "found syslog by 'last message' string\n"); ndpi_int_syslog_add_connection(ndpi_struct, flow); @@ -84,7 +84,7 @@ void ndpi_search_syslog(struct ndpi_detection_module_struct /* snort events */ - NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG, "found syslog by 'snort: ' string.\n"); + NDPI_LOG_INFO(ndpi_struct, "found syslog by 'snort: ' string\n"); ndpi_int_syslog_add_connection(ndpi_struct, flow); @@ -103,27 +103,20 @@ void ndpi_search_syslog(struct ndpi_detection_module_struct && memcmp(&packet->payload[i], "Oct", 3) != 0 && memcmp(&packet->payload[i], "Nov", 3) != 0 && memcmp(&packet->payload[i], "Dec", 3) != 0) { - - NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG, - "no month-shortname following: syslog excluded.\n"); - - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SYSLOG); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } else { - NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG, - "a month-shortname following: syslog detected.\n"); + NDPI_LOG_INFO(ndpi_struct, "found syslog\n"); ndpi_int_syslog_add_connection(ndpi_struct, flow); return; } } - NDPI_LOG(NDPI_PROTOCOL_SYSLOG, ndpi_struct, NDPI_LOG_DEBUG, "no syslog detected.\n"); - - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_SYSLOG); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/teamspeak.c b/src/lib/protocols/teamspeak.c index fd8a296fb..df13c9756 100644 --- a/src/lib/protocols/teamspeak.c +++ b/src/lib/protocols/teamspeak.c @@ -17,49 +17,53 @@ * If not, see . */ -#include "ndpi_api.h" - +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_TEAMSPEAK +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TEAMSPEAK + +#include "ndpi_api.h" + static void ndpi_int_teamspeak_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TEAMSPEAK, NDPI_PROTOCOL_UNKNOWN); } - u_int16_t tdport = 0, tsport = 0; - u_int16_t udport = 0, usport = 0; void ndpi_search_teamspeak(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - struct ndpi_packet_struct *packet = &flow->packet; + struct ndpi_packet_struct *packet = &flow->packet; -if (packet->udp != NULL) { - usport = ntohs(packet->udp->source), udport = ntohs(packet->udp->dest); - /* http://www.imfirewall.com/en/protocols/teamSpeak.htm */ - if (((usport == 9987 || udport == 9987) || (usport == 8767 || udport == 8767)) && packet->payload_packet_len >= 20) { - NDPI_LOG(NDPI_PROTOCOL_TEAMSPEAK, ndpi_struct, NDPI_LOG_DEBUG, "found TEAMSPEAK udp.\n"); - ndpi_int_teamspeak_add_connection(ndpi_struct, flow); + NDPI_LOG_DBG(ndpi_struct, "search teamspeak\n"); + + if (packet->udp != NULL) { + u_int16_t udport, usport; + usport = ntohs(packet->udp->source), udport = ntohs(packet->udp->dest); + /* http://www.imfirewall.com/en/protocols/teamSpeak.htm */ + if (((usport == 9987 || udport == 9987) || (usport == 8767 || udport == 8767)) && packet->payload_packet_len >= 20) { + NDPI_LOG_INFO(ndpi_struct, "found TEAMSPEAK udp\n"); + ndpi_int_teamspeak_add_connection(ndpi_struct, flow); + } } -} -else if (packet->tcp != NULL) { - tsport = ntohs(packet->tcp->source), tdport = ntohs(packet->tcp->dest); + else if (packet->tcp != NULL) { + u_int16_t tdport, tsport; + tsport = ntohs(packet->tcp->source), tdport = ntohs(packet->tcp->dest); /* https://github.com/Youx/soliloque-server/wiki/Connection-packet */ if(packet->payload_packet_len >= 20) { if (((memcmp(packet->payload, "\xf4\xbe\x03\x00", 4) == 0)) || ((memcmp(packet->payload, "\xf4\xbe\x02\x00", 4) == 0)) || ((memcmp(packet->payload, "\xf4\xbe\x01\x00", 4) == 0))) { - NDPI_LOG(NDPI_PROTOCOL_TEAMSPEAK, ndpi_struct, NDPI_LOG_DEBUG, "found TEAMSPEAK tcp.\n"); + NDPI_LOG_INFO(ndpi_struct, "found TEAMSPEAK tcp\n"); ndpi_int_teamspeak_add_connection(ndpi_struct, flow); } /* http://www.imfirewall.com/en/protocols/teamSpeak.htm */ } else if ((tsport == 14534 || tdport == 14534) || (tsport == 51234 || tdport == 51234)) { - NDPI_LOG(NDPI_PROTOCOL_TEAMSPEAK, ndpi_struct, NDPI_LOG_DEBUG, "found TEAMSPEAK.\n"); + NDPI_LOG_INFO(ndpi_struct, "found TEAMSPEAK\n"); ndpi_int_teamspeak_add_connection(ndpi_struct, flow); } } - NDPI_LOG(NDPI_PROTOCOL_TEAMSPEAK, ndpi_struct, NDPI_LOG_DEBUG, "TEAMSPEAK excluded.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_TEAMSPEAK); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } diff --git a/src/lib/protocols/teamviewer.c b/src/lib/protocols/teamviewer.c index b97f6b157..f06e40a73 100644 --- a/src/lib/protocols/teamviewer.c +++ b/src/lib/protocols/teamviewer.c @@ -22,23 +22,28 @@ * */ - -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_TEAMVIEWER +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TEAMVIEWER + +#include "ndpi_api.h" + + static void ndpi_int_teamview_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TEAMVIEWER, NDPI_PROTOCOL_UNKNOWN); - NDPI_LOG(NDPI_PROTOCOL_TEAMVIEWER, ndpi_struct, NDPI_LOG_TRACE, "TEAMWIEWER Found.\n"); + NDPI_LOG_INFO(ndpi_struct, "found teamwiewer\n"); } void ndpi_search_teamview(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_TEAMVIEWER, ndpi_struct, NDPI_LOG_TRACE, "TEAMWIEWER detection...\n"); + + NDPI_LOG_DBG(ndpi_struct, "search teamwiewer\n"); /* TeamViewer 178.77.120.0/25 @@ -95,7 +100,7 @@ void ndpi_search_teamview(struct ndpi_detection_module_struct *ndpi_struct, stru } } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_TEAMVIEWER); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/telegram.c b/src/lib/protocols/telegram.c index 6d71dc844..d80f5f6b5 100644 --- a/src/lib/protocols/telegram.c +++ b/src/lib/protocols/telegram.c @@ -23,15 +23,19 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_TELEGRAM +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TELEGRAM + +#include "ndpi_api.h" + static void ndpi_int_telegram_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_UNKNOWN); - NDPI_LOG(NDPI_PROTOCOL_TELEGRAM, ndpi_struct, NDPI_LOG_TRACE, "TELEGRAM Found.\n"); + NDPI_LOG_INFO(ndpi_struct, "found telegram\n"); } @@ -40,7 +44,7 @@ void ndpi_search_telegram(struct ndpi_detection_module_struct *ndpi_struct, stru struct ndpi_packet_struct *packet = &flow->packet; u_int16_t dport /* , sport */; - NDPI_LOG(NDPI_PROTOCOL_TELEGRAM, ndpi_struct, NDPI_LOG_TRACE, "TELEGRAM detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search telegram\n"); if (packet->payload_packet_len == 0) return; @@ -63,7 +67,7 @@ void ndpi_search_telegram(struct ndpi_detection_module_struct *ndpi_struct, stru } } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_TELEGRAM); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/telnet.c b/src/lib/protocols/telnet.c index 0be921d44..17618f795 100644 --- a/src/lib/protocols/telnet.c +++ b/src/lib/protocols/telnet.c @@ -23,9 +23,13 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" + #ifdef NDPI_PROTOCOL_TELNET +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TELNET + +#include "ndpi_api.h" static void ndpi_int_telnet_add_connection(struct ndpi_detection_module_struct @@ -76,30 +80,25 @@ u_int8_t search_iac(struct ndpi_detection_module_struct *ndpi_struct, struct ndp void ndpi_search_telnet_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { - // struct ndpi_packet_struct *packet = &flow->packet; - - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; - NDPI_LOG(NDPI_PROTOCOL_TELNET, ndpi_struct, NDPI_LOG_DEBUG, "search telnet.\n"); + NDPI_LOG_DBG(ndpi_struct, "search telnet\n"); if (search_iac(ndpi_struct, flow) == 1) { if (flow->l4.tcp.telnet_stage == 2) { - NDPI_LOG(NDPI_PROTOCOL_TELNET, ndpi_struct, NDPI_LOG_DEBUG, "telnet identified.\n"); + NDPI_LOG_INFO(ndpi_struct, "found telnet\n"); ndpi_int_telnet_add_connection(ndpi_struct, flow); return; } flow->l4.tcp.telnet_stage++; - NDPI_LOG(NDPI_PROTOCOL_TELNET, ndpi_struct, NDPI_LOG_DEBUG, "telnet stage %u.\n", flow->l4.tcp.telnet_stage); + NDPI_LOG_DBG2(ndpi_struct, "telnet stage %u\n", flow->l4.tcp.telnet_stage); return; } if ((flow->packet_counter < 12 && flow->l4.tcp.telnet_stage > 0) || flow->packet_counter < 6) { return; } else { - NDPI_LOG(NDPI_PROTOCOL_TELNET, ndpi_struct, NDPI_LOG_DEBUG, "telnet excluded.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_TELNET); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } return; } diff --git a/src/lib/protocols/teredo.c b/src/lib/protocols/teredo.c index 079d1fbcd..2439f997b 100644 --- a/src/lib/protocols/teredo.c +++ b/src/lib/protocols/teredo.c @@ -18,24 +18,30 @@ * */ - -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_TEREDO +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TEREDO + +#include "ndpi_api.h" + /* https://en.wikipedia.org/wiki/Teredo_tunneling */ void ndpi_search_teredo(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; + NDPI_LOG_DBG(ndpi_struct,"search teredo\n"); if(packet->udp && packet->iph && ((ntohl(packet->iph->daddr) & 0xF0000000) == 0xE0000000 /* A multicast address */) && ((ntohs(packet->udp->source) == 3544) || (ntohs(packet->udp->dest) == 3544)) - && (packet->payload_packet_len >= 40 /* IPv6 header */)) + && (packet->payload_packet_len >= 40 /* IPv6 header */)) { + NDPI_LOG_INFO(ndpi_struct,"found teredo\n"); ndpi_int_change_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TEREDO, NDPI_PROTOCOL_UNKNOWN); - else - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_TEREDO); + } else { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + } } diff --git a/src/lib/protocols/tftp.c b/src/lib/protocols/tftp.c index feb37e620..082e04326 100644 --- a/src/lib/protocols/tftp.c +++ b/src/lib/protocols/tftp.c @@ -22,10 +22,14 @@ * */ +#include "ndpi_protocol_ids.h" -#include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_TFTP +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TFTP + +#include "ndpi_api.h" + static void ndpi_int_tftp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -37,30 +41,29 @@ void ndpi_search_tftp(struct ndpi_detection_module_struct { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_TFTP, ndpi_struct, NDPI_LOG_DEBUG, "search TFTP.\n"); + NDPI_LOG_DBG(ndpi_struct, "search TFTP\n"); if (packet->payload_packet_len > 3 && flow->l4.udp.tftp_stage == 0 && ntohl(get_u_int32_t(packet->payload, 0)) == 0x00030001) { - NDPI_LOG(NDPI_PROTOCOL_TFTP, ndpi_struct, NDPI_LOG_DEBUG, "maybe tftp. need next packet.\n"); + NDPI_LOG_DBG2(ndpi_struct, "maybe tftp. need next packet\n"); flow->l4.udp.tftp_stage = 1; return; } if (packet->payload_packet_len > 3 && (flow->l4.udp.tftp_stage == 1) && ntohl(get_u_int32_t(packet->payload, 0)) == 0x00040001) { - NDPI_LOG(NDPI_PROTOCOL_TFTP, ndpi_struct, NDPI_LOG_DEBUG, "found tftp.\n"); + NDPI_LOG_INFO(ndpi_struct, "found tftp\n"); ndpi_int_tftp_add_connection(ndpi_struct, flow); return; } if (packet->payload_packet_len > 1 && ((packet->payload[0] == 0 && packet->payload[packet->payload_packet_len - 1] == 0) || (packet->payload_packet_len == 4 && ntohl(get_u_int32_t(packet->payload, 0)) == 0x00040000))) { - NDPI_LOG(NDPI_PROTOCOL_TFTP, ndpi_struct, NDPI_LOG_DEBUG, "skip initial packet.\n"); + NDPI_LOG_DBG2(ndpi_struct, "skip initial packet\n"); return; } - NDPI_LOG(NDPI_PROTOCOL_TFTP, ndpi_struct, NDPI_LOG_DEBUG, "exclude TFTP.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_TFTP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/thunder.c b/src/lib/protocols/thunder.c index f0198cdda..2818d873d 100644 --- a/src/lib/protocols/thunder.c +++ b/src/lib/protocols/thunder.c @@ -22,10 +22,15 @@ * */ +#include "ndpi_protocol_ids.h" -#include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_THUNDER +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_THUNDER + +#include "ndpi_api.h" + + static void ndpi_int_thunder_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow/* , ndpi_protocol_type_t protocol_type */) { @@ -55,26 +60,21 @@ void ndpi_int_search_thunder_udp(struct ndpi_detection_module_struct { struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; - if (packet->payload_packet_len > 8 && packet->payload[0] >= 0x30 && packet->payload[0] < 0x40 && packet->payload[1] == 0 && packet->payload[2] == 0 && packet->payload[3] == 0) { if (flow->thunder_stage == 3) { - NDPI_LOG(NDPI_PROTOCOL_THUNDER, ndpi_struct, NDPI_LOG_DEBUG, "THUNDER udp detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found THUNDER udp\n"); ndpi_int_thunder_add_connection(ndpi_struct, flow); return; } flow->thunder_stage++; - NDPI_LOG(NDPI_PROTOCOL_THUNDER, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "maybe thunder udp packet detected, stage increased to %u\n", flow->thunder_stage); return; } - NDPI_LOG(NDPI_PROTOCOL_THUNDER, ndpi_struct, NDPI_LOG_DEBUG, - "excluding thunder udp at stage %u\n", flow->thunder_stage); - + NDPI_LOG_DBG(ndpi_struct, "excluding thunder udp at stage %u\n", flow->thunder_stage); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_THUNDER); } @@ -89,19 +89,16 @@ void ndpi_int_search_thunder_tcp(struct ndpi_detection_module_struct { struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; - if (packet->payload_packet_len > 8 && packet->payload[0] >= 0x30 && packet->payload[0] < 0x40 && packet->payload[1] == 0 && packet->payload[2] == 0 && packet->payload[3] == 0) { if (flow->thunder_stage == 3) { - NDPI_LOG(NDPI_PROTOCOL_THUNDER, ndpi_struct, NDPI_LOG_DEBUG, "THUNDER tcp detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found THUNDER tcp\n"); ndpi_int_thunder_add_connection(ndpi_struct, flow); return; } flow->thunder_stage++; - NDPI_LOG(NDPI_PROTOCOL_THUNDER, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "maybe thunder tcp packet detected, stage increased to %u\n", flow->thunder_stage); return; } @@ -110,7 +107,7 @@ void ndpi_int_search_thunder_tcp(struct ndpi_detection_module_struct && memcmp(packet->payload, "POST / HTTP/1.1\r\n", 17) == 0) { ndpi_parse_packet_line_info(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_THUNDER, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "maybe thunder http POST packet detected, parsed packet lines: %u, empty line set %u (at: %u)\n", packet->parsed_lines, packet->empty_line_position_set, packet->empty_line_position); @@ -124,15 +121,13 @@ void ndpi_int_search_thunder_tcp(struct ndpi_detection_module_struct && packet->payload[packet->empty_line_position + 3] == 0x00 && packet->payload[packet->empty_line_position + 4] == 0x00 && packet->payload[packet->empty_line_position + 5] == 0x00) { - NDPI_LOG(NDPI_PROTOCOL_THUNDER, ndpi_struct, NDPI_LOG_DEBUG, - "maybe thunder http POST packet application does match\n"); + NDPI_LOG_INFO(ndpi_struct, + "found thunder http POST packet application does match\n"); ndpi_int_thunder_add_connection(ndpi_struct, flow); return; } } - NDPI_LOG(NDPI_PROTOCOL_THUNDER, ndpi_struct, NDPI_LOG_DEBUG, - "excluding thunder tcp at stage %u\n", flow->thunder_stage); - + NDPI_LOG_DBG(ndpi_struct, "excluding thunder tcp at stage %u\n", flow->thunder_stage); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_THUNDER); } @@ -153,12 +148,12 @@ void ndpi_int_search_thunder_http(struct ndpi_detection_module_struct if (packet->detected_protocol_stack[0] == NDPI_PROTOCOL_THUNDER) { if (src != NULL && ((u_int32_t) (packet->tick_timestamp - src->thunder_ts) < ndpi_struct->thunder_timeout)) { - NDPI_LOG(NDPI_PROTOCOL_THUNDER, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "thunder : save src connection packet detected\n"); src->thunder_ts = packet->tick_timestamp; } else if (dst != NULL && ((u_int32_t) (packet->tick_timestamp - dst->thunder_ts) < ndpi_struct->thunder_timeout)) { - NDPI_LOG(NDPI_PROTOCOL_THUNDER, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "thunder : save dst connection packet detected\n"); dst->thunder_ts = packet->tick_timestamp; } @@ -167,7 +162,7 @@ void ndpi_int_search_thunder_http(struct ndpi_detection_module_struct if (packet->payload_packet_len > 5 && memcmp(packet->payload, "GET /", 5) == 0 && NDPI_SRC_OR_DST_HAS_PROTOCOL(src, dst, NDPI_PROTOCOL_THUNDER)) { - NDPI_LOG(NDPI_PROTOCOL_THUNDER, ndpi_struct, NDPI_LOG_DEBUG, "HTTP packet detected.\n"); + NDPI_LOG_DBG2(ndpi_struct, "HTTP packet detected\n"); ndpi_parse_packet_line_info(ndpi_struct, flow); if (packet->parsed_lines > 7 @@ -186,8 +181,8 @@ void ndpi_int_search_thunder_http(struct ndpi_detection_module_struct && packet->user_agent_line.len > 49 && memcmp(packet->user_agent_line.ptr, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)", 50) == 0) { - NDPI_LOG(NDPI_PROTOCOL_THUNDER, ndpi_struct, NDPI_LOG_DEBUG, - "Thunder HTTP download detected, adding flow.\n"); + NDPI_LOG_INFO(ndpi_struct, + "found thunder HTTP download detected\n"); ndpi_int_thunder_add_connection(ndpi_struct, flow); } } diff --git a/src/lib/protocols/tinc.c b/src/lib/protocols/tinc.c index cdd330bca..adb547a48 100644 --- a/src/lib/protocols/tinc.c +++ b/src/lib/protocols/tinc.c @@ -18,11 +18,14 @@ * along with nDPI. If not, see . * */ +#include "ndpi_protocol_ids.h" +#ifdef NDPI_PROTOCOL_TINC + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TINC #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_TINC static void ndpi_check_tinc(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -52,7 +55,7 @@ static void ndpi_check_tinc(struct ndpi_detection_module_struct *ndpi_struct, st /* cache_free(ndpi_struct->tinc_cache); */ - NDPI_LOG(NDPI_PROTOCOL_TINC, ndpi_struct, NDPI_LOG_DEBUG, "Found tinc udp connection\n"); + NDPI_LOG_INFO(ndpi_struct, "found tinc udp connection\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TINC, NDPI_PROTOCOL_UNKNOWN); } } @@ -111,7 +114,7 @@ static void ndpi_check_tinc(struct ndpi_detection_module_struct *ndpi_struct, st ndpi_struct->tinc_cache = cache_new(TINC_CACHE_MAX_SIZE); cache_add(ndpi_struct->tinc_cache, &(flow->tinc_cache_entry), sizeof(flow->tinc_cache_entry)); - NDPI_LOG(NDPI_PROTOCOL_TINC, ndpi_struct, NDPI_LOG_DEBUG, "Found tinc tcp connection\n"); + NDPI_LOG_INFO(ndpi_struct, "found tinc tcp connection\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TINC, NDPI_PROTOCOL_UNKNOWN); } return; @@ -123,14 +126,13 @@ static void ndpi_check_tinc(struct ndpi_detection_module_struct *ndpi_struct, st } } - NDPI_LOG(NDPI_PROTOCOL_TINC, ndpi_struct, NDPI_LOG_DEBUG, "exclude tinc.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_TINC); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } void ndpi_search_tinc(struct ndpi_detection_module_struct* ndpi_struct, struct ndpi_flow_struct* flow) { struct ndpi_packet_struct* packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_TINC, ndpi_struct, NDPI_LOG_DEBUG, "tinc detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "tinc detection\n"); if(packet->detected_protocol_stack[0] != NDPI_PROTOCOL_TINC) { if(packet->tcp_retransmission == 0) { diff --git a/src/lib/protocols/tor.c b/src/lib/protocols/tor.c index f6987ef19..93c4fecca 100644 --- a/src/lib/protocols/tor.c +++ b/src/lib/protocols/tor.c @@ -5,10 +5,15 @@ * Copyright (C) 2013 Remy Mudingay * */ -#include "ndpi_api.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_TOR +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TOR + +#include "ndpi_api.h" + + static void ndpi_int_tor_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_TOR, NDPI_PROTOCOL_UNKNOWN); @@ -88,23 +93,22 @@ void ndpi_search_tor(struct ndpi_detection_module_struct *ndpi_struct, struct nd struct ndpi_packet_struct *packet = &flow->packet; u_int16_t dport = 0, sport = 0; - NDPI_LOG(NDPI_PROTOCOL_TOR, ndpi_struct, NDPI_LOG_DEBUG, "search for TOR.\n"); + NDPI_LOG_DBG(ndpi_struct, "search for TOR\n"); if(packet->tcp != NULL) { sport = ntohs(packet->tcp->source), dport = ntohs(packet->tcp->dest); - NDPI_LOG(NDPI_PROTOCOL_TOR, ndpi_struct, NDPI_LOG_DEBUG, "calculating TOR over tcp.\n"); + NDPI_LOG_DBG2(ndpi_struct, "calculating TOR over tcp\n"); if ((((dport == 9001) || (sport == 9001)) || ((dport == 9030) || (sport == 9030))) && ((packet->payload[0] == 0x17) || (packet->payload[0] == 0x16)) && (packet->payload[1] == 0x03) && (packet->payload[2] == 0x01) && (packet->payload[3] == 0x00)) { - NDPI_LOG(NDPI_PROTOCOL_TOR, ndpi_struct, NDPI_LOG_DEBUG, "found tor.\n"); + NDPI_LOG_INFO(ndpi_struct, "found tor\n"); ndpi_int_tor_add_connection(ndpi_struct, flow); } } else { - NDPI_LOG(NDPI_PROTOCOL_TOR, ndpi_struct, NDPI_LOG_DEBUG, "exclude TOR.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_TOR); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } diff --git a/src/lib/protocols/tvants.c b/src/lib/protocols/tvants.c index 7297e489f..ceee278b9 100644 --- a/src/lib/protocols/tvants.c +++ b/src/lib/protocols/tvants.c @@ -22,11 +22,14 @@ * */ - -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_TVANTS +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TVANTS + +#include "ndpi_api.h" + static void ndpi_int_tvants_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -40,13 +43,8 @@ void ndpi_search_tvants_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - - - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; - - NDPI_LOG(NDPI_PROTOCOL_TVANTS, ndpi_struct, NDPI_LOG_DEBUG, "search tvants. \n"); + NDPI_LOG_DBG(ndpi_struct, "search tvants. \n"); if (packet->udp != NULL && packet->payload_packet_len > 57 && packet->payload[0] == 0x04 && packet->payload[1] == 0x00 @@ -57,7 +55,7 @@ void ndpi_search_tvants_udp(struct ndpi_detection_module_struct && (memcmp(&packet->payload[48], "TVANTS", 6) == 0 || memcmp(&packet->payload[49], "TVANTS", 6) == 0 || memcmp(&packet->payload[51], "TVANTS", 6) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_TVANTS, ndpi_struct, NDPI_LOG_DEBUG, "found tvants over udp. \n"); + NDPI_LOG_INFO(ndpi_struct, "found tvants over udp. \n"); ndpi_int_tvants_add_connection(ndpi_struct, flow); } else if (packet->tcp != NULL && packet->payload_packet_len > 15 @@ -67,12 +65,11 @@ void ndpi_search_tvants_udp(struct ndpi_detection_module_struct && packet->payload[6] == 0x00 && packet->payload[7] == 0x00 && memcmp(&packet->payload[8], "TVANTS", 6) == 0) { - NDPI_LOG(NDPI_PROTOCOL_TVANTS, ndpi_struct, NDPI_LOG_DEBUG, "found tvants over tcp. \n"); + NDPI_LOG_INFO(ndpi_struct, "found tvants over tcp. \n"); ndpi_int_tvants_add_connection(ndpi_struct, flow); } - NDPI_LOG(NDPI_PROTOCOL_TVANTS, ndpi_struct, NDPI_LOG_DEBUG, "exclude tvants. \n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_TVANTS); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/tvuplayer.c b/src/lib/protocols/tvuplayer.c index 2d35ae6cc..2160a5afa 100644 --- a/src/lib/protocols/tvuplayer.c +++ b/src/lib/protocols/tvuplayer.c @@ -22,10 +22,13 @@ * */ +#include "ndpi_protocol_ids.h" -#include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_TVUPLAYER +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TVUPLAYER + +#include "ndpi_api.h" static void ndpi_int_tvuplayer_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow/* , */ @@ -39,19 +42,14 @@ void ndpi_search_tvuplayer(struct ndpi_detection_module_struct *ndpi_struct, str struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; - - NDPI_LOG(NDPI_PROTOCOL_TVUPLAYER, ndpi_struct, NDPI_LOG_DEBUG, "search tvuplayer. \n"); - - + NDPI_LOG_DBG(ndpi_struct, "search tvuplayer. \n"); if (packet->tcp != NULL) { if ((packet->payload_packet_len == 36 || packet->payload_packet_len == 24) && packet->payload[0] == 0x00 && ntohl(get_u_int32_t(packet->payload, 2)) == 0x31323334 && ntohl(get_u_int32_t(packet->payload, 6)) == 0x35363837 && packet->payload[10] == 0x01) { - NDPI_LOG(NDPI_PROTOCOL_TVUPLAYER, ndpi_struct, NDPI_LOG_DEBUG, "found tvuplayer over tcp. \n"); + NDPI_LOG_INFO(ndpi_struct, "found tvuplayer over tcp. \n"); ndpi_int_tvuplayer_add_connection(ndpi_struct, flow); return; } @@ -62,7 +60,7 @@ void ndpi_search_tvuplayer(struct ndpi_detection_module_struct *ndpi_struct, str NDPI_PARSE_PACKET_LINE_INFO(ndpi_struct, flow, packet); if (packet->user_agent_line.ptr != NULL && packet->user_agent_line.len >= 8 && (memcmp(packet->user_agent_line.ptr, "MacTVUP", 7) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_TVUPLAYER, ndpi_struct, NDPI_LOG_DEBUG, "Found user agent as MacTVUP.\n"); + NDPI_LOG_INFO(ndpi_struct, "Found user agent as MacTVUP\n"); ndpi_int_tvuplayer_add_connection(ndpi_struct, flow); return; } @@ -79,7 +77,7 @@ void ndpi_search_tvuplayer(struct ndpi_detection_module_struct *ndpi_struct, str && packet->payload[12] == 0x02 && packet->payload[13] == 0xff && packet->payload[19] == 0x2c && ((packet->payload[26] == 0x05 && packet->payload[27] == 0x14) || (packet->payload[26] == 0x14 && packet->payload[27] == 0x05))) { - NDPI_LOG(NDPI_PROTOCOL_TVUPLAYER, ndpi_struct, NDPI_LOG_DEBUG, "found tvuplayer pattern type I. \n"); + NDPI_LOG_INFO(ndpi_struct, "found tvuplayer pattern type I. \n"); ndpi_int_tvuplayer_add_connection(ndpi_struct, flow); return; } @@ -91,7 +89,7 @@ void ndpi_search_tvuplayer(struct ndpi_detection_module_struct *ndpi_struct, str && packet->payload[33] == 0xff && packet->payload[34] == 0x01 && packet->payload[39] == 0x32 && ((packet->payload[46] == 0x05 && packet->payload[47] == 0x14) || (packet->payload[46] == 0x14 && packet->payload[47] == 0x05))) { - NDPI_LOG(NDPI_PROTOCOL_TVUPLAYER, ndpi_struct, NDPI_LOG_DEBUG, "found tvuplayer pattern type II. \n"); + NDPI_LOG_INFO(ndpi_struct, "found tvuplayer pattern type II. \n"); ndpi_int_tvuplayer_add_connection(ndpi_struct, flow); return; } @@ -103,7 +101,7 @@ void ndpi_search_tvuplayer(struct ndpi_detection_module_struct *ndpi_struct, str || packet->payload[11] == 0x06 || packet->payload[11] == 0x22) && packet->payload[12] == 0x01 && (packet->payload[13] == 0xff || packet->payload[13] == 0x01) && packet->payload[19] == 0x14) { - NDPI_LOG(NDPI_PROTOCOL_TVUPLAYER, ndpi_struct, NDPI_LOG_DEBUG, "found tvuplayer pattern type III. \n"); + NDPI_LOG_INFO(ndpi_struct, "found tvuplayer pattern type III. \n"); ndpi_int_tvuplayer_add_connection(ndpi_struct, flow); return; } @@ -113,7 +111,7 @@ void ndpi_search_tvuplayer(struct ndpi_detection_module_struct *ndpi_struct, str && packet->payload[12] == 0x01 && packet->payload[13] == 0xff && packet->payload[19] == 0x14 && packet->payload[32] == 0x03 && packet->payload[33] == 0xff && packet->payload[34] == 0x01 && packet->payload[39] == 0x34) { - NDPI_LOG(NDPI_PROTOCOL_TVUPLAYER, ndpi_struct, NDPI_LOG_DEBUG, "found tvuplayer pattern type IV. \n"); + NDPI_LOG_INFO(ndpi_struct, "found tvuplayer pattern type IV. \n"); ndpi_int_tvuplayer_add_connection(ndpi_struct, flow); return; } @@ -122,7 +120,7 @@ void ndpi_search_tvuplayer(struct ndpi_detection_module_struct *ndpi_struct, str && packet->payload[10] == 0x00 && packet->payload[11] == 0x00 && packet->payload[12] == 0x01 && packet->payload[13] == 0xff && packet->payload[19] == 0x14 && packet->payload[33] == 0xff && packet->payload[39] == 0x14) { - NDPI_LOG(NDPI_PROTOCOL_TVUPLAYER, ndpi_struct, NDPI_LOG_DEBUG, "found tvuplayer pattern type V. \n"); + NDPI_LOG_INFO(ndpi_struct, "found tvuplayer pattern type V. \n"); ndpi_int_tvuplayer_add_connection(ndpi_struct, flow); return; } @@ -131,7 +129,7 @@ void ndpi_search_tvuplayer(struct ndpi_detection_module_struct *ndpi_struct, str && packet->payload[12] == 0x03 && packet->payload[13] == 0xff && packet->payload[19] == 0x32 && ((packet->payload[26] == 0x05 && packet->payload[27] == 0x14) || (packet->payload[26] == 0x14 && packet->payload[27] == 0x05))) { - NDPI_LOG(NDPI_PROTOCOL_TVUPLAYER, ndpi_struct, NDPI_LOG_DEBUG, "found tvuplayer pattern type VI. \n"); + NDPI_LOG_INFO(ndpi_struct, "found tvuplayer pattern type VI. \n"); ndpi_int_tvuplayer_add_connection(ndpi_struct, flow); return; } @@ -140,14 +138,13 @@ void ndpi_search_tvuplayer(struct ndpi_detection_module_struct *ndpi_struct, str && packet->payload[0] == 0x00 && packet->payload[2] == 0x00 && packet->payload[10] == 0x00 && packet->payload[11] == 0x00 && packet->payload[12] == 0x06 && packet->payload[13] == 0x00 && packet->payload[19] == 0x30) { - NDPI_LOG(NDPI_PROTOCOL_TVUPLAYER, ndpi_struct, NDPI_LOG_DEBUG, "found tvuplayer pattern type VII. \n"); + NDPI_LOG_INFO(ndpi_struct, "found tvuplayer pattern type VII. \n"); ndpi_int_tvuplayer_add_connection(ndpi_struct, flow); return; } } - NDPI_LOG(NDPI_PROTOCOL_TVUPLAYER, ndpi_struct, NDPI_LOG_DEBUG, "exclude tvuplayer. \n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_TVUPLAYER); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/ubntac2.c b/src/lib/protocols/ubntac2.c index 7196ee884..012c8712e 100644 --- a/src/lib/protocols/ubntac2.c +++ b/src/lib/protocols/ubntac2.c @@ -19,10 +19,15 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_UBNTAC2 +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_UBNTAC2 + +#include "ndpi_api.h" + + static void ndpi_int_ubntac2_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_UBNTAC2, NDPI_PROTOCOL_UNKNOWN); @@ -33,7 +38,8 @@ void ndpi_search_ubntac2(struct ndpi_detection_module_struct *ndpi_struct, struc { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_UBNTAC2, ndpi_struct, NDPI_LOG_TRACE, "UBNTAC2 detection... plen:%i %i:%i\n", packet->payload_packet_len, ntohs(packet->udp->source), ntohs(packet->udp->dest)); + NDPI_LOG_DBG(ndpi_struct, "search ubntac2\n"); + NDPI_LOG_DBG2(ndpi_struct, "UBNTAC2 detection... plen:%i %i:%i\n", packet->payload_packet_len, ntohs(packet->udp->source), ntohs(packet->udp->dest)); if(packet->udp) { if(packet->payload_packet_len >= 135 && @@ -64,7 +70,7 @@ void ndpi_search_ubntac2(struct ndpi_detection_module_struct *ndpi_struct, struc flow->protos.ubntac2.version[len] = '\0'; } - NDPI_LOG(NDPI_PROTOCOL_UBNTAC2, ndpi_struct, NDPI_LOG_DEBUG, "UBNT AirControl 2 request\n"); + NDPI_LOG_INFO(ndpi_struct, "UBNT AirControl 2 request\n"); ndpi_int_ubntac2_add_connection(ndpi_struct, flow); } @@ -72,7 +78,7 @@ void ndpi_search_ubntac2(struct ndpi_detection_module_struct *ndpi_struct, struc } } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_UBNTAC2); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/usenet.c b/src/lib/protocols/usenet.c index 4648a69ab..0a995d6f8 100644 --- a/src/lib/protocols/usenet.c +++ b/src/lib/protocols/usenet.c @@ -23,10 +23,13 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_USENET +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_USENET + +#include "ndpi_api.h" static void ndpi_int_usenet_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -41,17 +44,9 @@ void ndpi_search_usenet_tcp(struct ndpi_detection_module_struct { struct ndpi_packet_struct *packet = &flow->packet; -// struct ndpi_id_struct *src=ndpi_struct->src; -// struct ndpi_id_struct *dst=ndpi_struct->dst; - - NDPI_LOG(NDPI_PROTOCOL_USENET, ndpi_struct, NDPI_LOG_DEBUG, "USENET: search usenet.\n"); - - - - - - NDPI_LOG(NDPI_PROTOCOL_USENET, ndpi_struct, NDPI_LOG_DEBUG, "USENET: STAGE IS %u.\n", flow->l4.tcp.usenet_stage); + NDPI_LOG_DBG(ndpi_struct, "search usenet\n"); + NDPI_LOG_DBG2(ndpi_struct, "STAGE IS %u\n", flow->l4.tcp.usenet_stage); // check for the first server replay /* @@ -62,10 +57,10 @@ void ndpi_search_usenet_tcp(struct ndpi_detection_module_struct && ((memcmp(packet->payload, "200 ", 4) == 0) || (memcmp(packet->payload, "201 ", 4) == 0))) { - NDPI_LOG(NDPI_PROTOCOL_USENET, ndpi_struct, NDPI_LOG_DEBUG, "USENET: found 200 or 201.\n"); + NDPI_LOG_DBG2(ndpi_struct, "found 200 or 201\n"); flow->l4.tcp.usenet_stage = 1 + packet->packet_direction; - NDPI_LOG(NDPI_PROTOCOL_USENET, ndpi_struct, NDPI_LOG_DEBUG, "USENET: maybe hit.\n"); + NDPI_LOG_DBG2(ndpi_struct, "maybe hit\n"); return; } @@ -78,28 +73,23 @@ void ndpi_search_usenet_tcp(struct ndpi_detection_module_struct // check for client username if (flow->l4.tcp.usenet_stage == 2 - packet->packet_direction) { if (packet->payload_packet_len > 20 && (memcmp(packet->payload, "AUTHINFO USER ", 14) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_USENET, ndpi_struct, NDPI_LOG_DEBUG, "USENET: username found\n"); + NDPI_LOG_DBG2(ndpi_struct, "username found\n"); flow->l4.tcp.usenet_stage = 3 + packet->packet_direction; - NDPI_LOG(NDPI_PROTOCOL_USENET, ndpi_struct, NDPI_LOG_DEBUG, "USENET: found usenet.\n"); + NDPI_LOG_INFO(ndpi_struct, "found usenet\n"); ndpi_int_usenet_add_connection(ndpi_struct, flow); return; } else if (packet->payload_packet_len == 13 && (memcmp(packet->payload, "MODE READER\r\n", 13) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_USENET, ndpi_struct, NDPI_LOG_DEBUG, - "USENET: no login necessary but we are a client.\n"); + NDPI_LOG_DBG2(ndpi_struct, + "no login necessary but we are a client.\n"); - NDPI_LOG(NDPI_PROTOCOL_USENET, ndpi_struct, NDPI_LOG_DEBUG, "USENET: found usenet.\n"); + NDPI_LOG_INFO(ndpi_struct, "found usenet\n"); ndpi_int_usenet_add_connection(ndpi_struct, flow); return; } } - - - NDPI_LOG(NDPI_PROTOCOL_USENET, ndpi_struct, NDPI_LOG_DEBUG, "USENET: exclude usenet.\n"); - - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_USENET); - + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/vhua.c b/src/lib/protocols/vhua.c index e20477573..844eaf84f 100644 --- a/src/lib/protocols/vhua.c +++ b/src/lib/protocols/vhua.c @@ -17,7 +17,11 @@ * along with nDPI. If not, see . * */ +#include "ndpi_protocol_ids.h" +#ifdef NDPI_PROTOCOL_VHUA + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_VHUA #include "ndpi_api.h" @@ -28,11 +32,10 @@ */ -#ifdef NDPI_PROTOCOL_VHUA static void ndpi_int_vhua_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_VHUA, NDPI_PROTOCOL_UNKNOWN); - NDPI_LOG(NDPI_PROTOCOL_VHUA, ndpi_struct, NDPI_LOG_TRACE, "VHUA Found.\n"); + NDPI_LOG_INFO(ndpi_struct, "found VHUA\n"); } @@ -47,8 +50,7 @@ static void ndpi_check_vhua(struct ndpi_detection_module_struct *ndpi_struct, st if((flow->packet_counter > 3) || (packet->udp == NULL) || (packet->payload_packet_len < sizeof(p0))) { - NDPI_LOG(NDPI_PROTOCOL_VHUA, ndpi_struct, NDPI_LOG_TRACE, "Exclude VHUA.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_VHUA); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } else if(memcmp(packet->payload, p0, sizeof(p0)) == 0) { ndpi_int_vhua_add_connection(ndpi_struct, flow); } @@ -57,7 +59,7 @@ static void ndpi_check_vhua(struct ndpi_detection_module_struct *ndpi_struct, st void ndpi_search_vhua(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_VHUA, ndpi_struct, NDPI_LOG_TRACE, "VHUA detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search VHUA\n"); /* skip marked packets */ if(packet->detected_protocol_stack[0] != NDPI_PROTOCOL_VHUA) { diff --git a/src/lib/protocols/viber.c b/src/lib/protocols/viber.c index 111a53007..517b74b91 100644 --- a/src/lib/protocols/viber.c +++ b/src/lib/protocols/viber.c @@ -18,31 +18,34 @@ * If not, see . */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_VIBER + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_VIBER #include "ndpi_api.h" -#ifdef NDPI_PROTOCOL_VIBER void ndpi_search_viber(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_VIBER, ndpi_struct, NDPI_LOG_DEBUG, "search for VIBER.\n"); + NDPI_LOG_DBG(ndpi_struct, "search for VIBER\n"); if(packet->udp != NULL) { - NDPI_LOG(NDPI_PROTOCOL_VIBER, ndpi_struct, NDPI_LOG_DEBUG, "calculating dport over udp.\n"); + NDPI_LOG_DBG2(ndpi_struct, "calculating dport over udp\n"); if((packet->payload_packet_len == 12 && packet->payload[2] == 0x03 && packet->payload[3] == 0x00) || (packet->payload_packet_len == 20 && packet->payload[2] == 0x09 && packet->payload[3] == 0x00) || ((packet->payload_packet_len < 135) && (packet->payload[0] == 0x11))) { - NDPI_LOG(NDPI_PROTOCOL_VIBER, ndpi_struct, NDPI_LOG_DEBUG, "found VIBER.\n"); + NDPI_LOG_DBG(ndpi_struct, "found VIBER\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_UNKNOWN); return; } } - NDPI_LOG(NDPI_PROTOCOL_VIBER, ndpi_struct, NDPI_LOG_DEBUG, "exclude VIBER.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_VIBER); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/vmware.c b/src/lib/protocols/vmware.c index e5421b946..34fe84ab9 100644 --- a/src/lib/protocols/vmware.c +++ b/src/lib/protocols/vmware.c @@ -17,28 +17,32 @@ * along with nDPI. If not, see . * */ -#include "ndpi_api.h" + +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_VMWARE +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_VMWARE + +#include "ndpi_api.h" void ndpi_search_vmware(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; + NDPI_LOG_DBG(ndpi_struct, "search vmware\n"); /* Check whether this is an VMWARE flow */ if(packet->udp != NULL){ if((packet->payload_packet_len == 66) && (ntohs(packet->udp->dest) == 902) && ((packet->payload[0] & 0xFF) == 0xA4)){ - NDPI_LOG(NDPI_PROTOCOL_VMWARE, ndpi_struct, NDPI_LOG_DEBUG, "Found vmware.\n"); + NDPI_LOG_INFO(ndpi_struct, "found vmware\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_VMWARE, NDPI_PROTOCOL_UNKNOWN); return; } } - NDPI_LOG(NDPI_PROTOCOL_VMWARE, ndpi_struct, NDPI_LOG_DEBUG, "exclude vmware.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_VMWARE); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } void init_vmware_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) diff --git a/src/lib/protocols/vnc.c b/src/lib/protocols/vnc.c index ff0f6c6fa..6bbb26c6d 100644 --- a/src/lib/protocols/vnc.c +++ b/src/lib/protocols/vnc.c @@ -20,15 +20,19 @@ * along with nDPI. If not, see . * */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_VNC +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_VNC + +#include "ndpi_api.h" void ndpi_search_vnc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; + NDPI_LOG_DBG(ndpi_struct, "search vnc\n"); /* search over TCP */ if(packet->tcp) { @@ -39,7 +43,7 @@ void ndpi_search_vnc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc (memcmp(packet->payload, "RFB 003.007", 11) == 0 && packet->payload[11] == 0x0a) || (memcmp(packet->payload, "RFB 003.008", 11) == 0 && packet->payload[11] == 0x0a) || (memcmp(packet->payload, "RFB 004.001", 11) == 0 && packet->payload[11] == 0x0a))) { - NDPI_LOG(NDPI_PROTOCOL_VNC, ndpi_struct, NDPI_LOG_DEBUG, "reached vnc stage one\n"); + NDPI_LOG_DBG2(ndpi_struct, "reached vnc stage one\n"); flow->l4.tcp.vnc_stage = 1 + packet->packet_direction; return; } @@ -51,14 +55,13 @@ void ndpi_search_vnc_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc (memcmp(packet->payload, "RFB 003.008", 11) == 0 && packet->payload[11] == 0x0a) || (memcmp(packet->payload, "RFB 004.001", 11) == 0 && packet->payload[11] == 0x0a))) { - NDPI_LOG(NDPI_PROTOCOL_VNC, ndpi_struct, NDPI_LOG_DEBUG, "found vnc\n"); + NDPI_LOG_INFO(ndpi_struct, "found vnc\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_VNC, NDPI_PROTOCOL_UNKNOWN); return; } } } - /* exclude VNC */ - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_VNC); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/warcraft3.c b/src/lib/protocols/warcraft3.c index ab07571eb..bbc1d8388 100644 --- a/src/lib/protocols/warcraft3.c +++ b/src/lib/protocols/warcraft3.c @@ -22,12 +22,13 @@ * */ +#include "ndpi_protocol_ids.h" +#ifdef NDPI_PROTOCOL_WARCRAFT3 -/* include files */ +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_WARCRAFT3 -#include "ndpi_protocols.h" -#ifdef NDPI_PROTOCOL_WARCRAFT3 +#include "ndpi_api.h" static void ndpi_int_warcraft3_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -40,52 +41,48 @@ void ndpi_search_warcraft3(struct ndpi_detection_module_struct { struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; - u_int16_t l; /* Leave it as u_int32_t because otherwise 'u_int16_t temp' might overflood it and thus generate an infinite loop */ - NDPI_LOG(NDPI_PROTOCOL_WARCRAFT3, ndpi_struct, NDPI_LOG_DEBUG, "search WARCRAFT3\n"); + NDPI_LOG_DBG(ndpi_struct, "search WARCRAFT3\n"); if (flow->packet_counter == 1 && packet->payload_packet_len == 1 && packet->payload[0] == 0x01) { - NDPI_LOG(NDPI_PROTOCOL_WARCRAFT3, ndpi_struct, NDPI_LOG_DEBUG, "maybe warcraft3: packet_len == 1\n"); + NDPI_LOG_DBG2(ndpi_struct, "maybe warcraft3: packet_len == 1\n"); return; } else if (packet->payload_packet_len >= 4 && (packet->payload[0] == 0xf7 || packet->payload[0] == 0xff)) { - NDPI_LOG(NDPI_PROTOCOL_WARCRAFT3, ndpi_struct, NDPI_LOG_DEBUG, "packet_payload begins with 0xf7 or 0xff\n"); + NDPI_LOG_DBG2(ndpi_struct, "packet_payload begins with 0xf7 or 0xff\n"); l = packet->payload[2] + (packet->payload[3] << 8); // similar to ntohs - NDPI_LOG(NDPI_PROTOCOL_WARCRAFT3, ndpi_struct, NDPI_LOG_DEBUG, "l = %u \n", l); + NDPI_LOG_DBG2(ndpi_struct, "l = %u \n", l); while (l <= (packet->payload_packet_len - 4)) { if (packet->payload[l] == 0xf7) { u_int16_t temp = (packet->payload[l + 2 + 1] << 8) + packet->payload[l + 2]; - NDPI_LOG(NDPI_PROTOCOL_WARCRAFT3, ndpi_struct, NDPI_LOG_DEBUG, "another f7 visited.\n"); + NDPI_LOG_DBG2(ndpi_struct, "another f7 visited\n"); if((temp <= 2) || (temp > 1500)) { - NDPI_LOG(NDPI_PROTOCOL_WARCRAFT3, ndpi_struct, NDPI_LOG_DEBUG, "break\n"); + NDPI_LOG_DBG2(ndpi_struct, "break\n"); break; } else { l += temp; - NDPI_LOG(NDPI_PROTOCOL_WARCRAFT3, ndpi_struct, NDPI_LOG_DEBUG, "l = %u \n", l); + NDPI_LOG_DBG2(ndpi_struct, "l = %u \n", l); } } else { - NDPI_LOG(NDPI_PROTOCOL_WARCRAFT3, ndpi_struct, NDPI_LOG_DEBUG, "break\n"); + NDPI_LOG_DBG2(ndpi_struct, "break\n"); break; } } if (l == packet->payload_packet_len) { - NDPI_LOG(NDPI_PROTOCOL_WARCRAFT3, ndpi_struct, NDPI_LOG_DEBUG, "maybe WARCRAFT3\n"); - NDPI_LOG(NDPI_PROTOCOL_WARCRAFT3, ndpi_struct, NDPI_LOG_DEBUG, "flow->packet_counter = %u \n", + NDPI_LOG_DBG2(ndpi_struct, "maybe WARCRAFT3 flow->packet_counter = %u \n", flow->packet_counter); if (flow->packet_counter > 2) { - NDPI_LOG(NDPI_PROTOCOL_WARCRAFT3, ndpi_struct, NDPI_LOG_DEBUG, "detected WARCRAFT3\n"); + NDPI_LOG_INFO(ndpi_struct, "found WARCRAFT3\n"); ndpi_int_warcraft3_add_connection(ndpi_struct, flow); return; } @@ -93,8 +90,7 @@ void ndpi_search_warcraft3(struct ndpi_detection_module_struct } } - NDPI_LOG(NDPI_PROTOCOL_WARCRAFT3, ndpi_struct, NDPI_LOG_DEBUG, "no warcraft3 detected.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_WARCRAFT3); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/whoisdas.c b/src/lib/protocols/whoisdas.c index 968449cbd..32a9d186f 100644 --- a/src/lib/protocols/whoisdas.c +++ b/src/lib/protocols/whoisdas.c @@ -17,14 +17,21 @@ * along with nDPI. If not, see . * */ -#include "ndpi_protocols.h" + +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_WHOIS_DAS +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_WHOIS_DAS + +#include "ndpi_api.h" + + void ndpi_search_whois_das(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; + NDPI_LOG_DBG(ndpi_struct, "search WHOIS/DAS\n"); if(packet->tcp != NULL) { u_int16_t sport = ntohs(packet->tcp->source), dport = ntohs(packet->tcp->dest); @@ -45,15 +52,14 @@ void ndpi_search_whois_das(struct ndpi_detection_module_struct *ndpi_struct, str flow->host_server_name[i] = '\0'; flow->server_id = ((sport == 43) || (sport == 4343)) ? flow->src : flow->dst; - NDPI_LOG(NDPI_PROTOCOL_WHOIS_DAS, ndpi_struct, NDPI_LOG_DEBUG, "[WHOIS/DAS] %s\n", flow->host_server_name); + NDPI_LOG_INFO(ndpi_struct, "[WHOIS/DAS] %s\n", flow->host_server_name); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WHOIS_DAS, NDPI_PROTOCOL_UNKNOWN); return; } } } - /* exclude WHOIS */ - NDPI_LOG(NDPI_PROTOCOL_WHOIS_DAS, ndpi_struct, NDPI_LOG_TRACE, "WHOIS Excluded.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_WHOIS_DAS); + + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/world_of_kung_fu.c b/src/lib/protocols/world_of_kung_fu.c index 0a8d2707d..534addc7d 100644 --- a/src/lib/protocols/world_of_kung_fu.c +++ b/src/lib/protocols/world_of_kung_fu.c @@ -22,11 +22,12 @@ * */ +#include "ndpi_protocol_ids.h" - -/* include files */ -#include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_WORLD_OF_KUNG_FU +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_WORLD_OF_KUNG_FU +#include "ndpi_api.h" + static void ndpi_int_world_of_kung_fu_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { @@ -37,22 +38,18 @@ void ndpi_search_world_of_kung_fu(struct ndpi_detection_module_struct *ndpi_stru { struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; - - NDPI_LOG(NDPI_PROTOCOL_WORLD_OF_KUNG_FU, ndpi_struct, NDPI_LOG_DEBUG, "search world_of_kung_fu.\n"); + NDPI_LOG_DBG(ndpi_struct, "search world_of_kung_fu\n"); if ((packet->payload_packet_len == 16) && ntohl(get_u_int32_t(packet->payload, 0)) == 0x0c000000 && ntohl(get_u_int32_t(packet->payload, 4)) == 0xd2000c00 && (packet->payload[9] == 0x16) && ntohs(get_u_int16_t(packet->payload, 10)) == 0x0000 && ntohs(get_u_int16_t(packet->payload, 14)) == 0x0000) { - NDPI_LOG(NDPI_PROTOCOL_WORLD_OF_KUNG_FU, ndpi_struct, NDPI_LOG_DEBUG, "detected world_of_kung_fu.\n"); + NDPI_LOG_INFO(ndpi_struct, "detected world_of_kung_fu\n"); ndpi_int_world_of_kung_fu_add_connection(ndpi_struct, flow); return; } - NDPI_LOG(NDPI_PROTOCOL_WORLD_OF_KUNG_FU, ndpi_struct, NDPI_LOG_DEBUG, "exclude world_of_kung_fu.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_WORLD_OF_KUNG_FU); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/world_of_warcraft.c b/src/lib/protocols/world_of_warcraft.c index de3f720ba..307f41070 100644 --- a/src/lib/protocols/world_of_warcraft.c +++ b/src/lib/protocols/world_of_warcraft.c @@ -21,12 +21,13 @@ * along with nDPI. If not, see . * */ - - -#include "ndpi_api.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_WORLDOFWARCRAFT +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_WORLDOFWARCRAFT + +#include "ndpi_api.h" static void ndpi_int_worldofwarcraft_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow/* , */ @@ -58,7 +59,7 @@ void ndpi_search_worldofwarcraft(struct ndpi_detection_module_struct struct ndpi_id_struct *src = flow->src; struct ndpi_id_struct *dst = flow->dst; - NDPI_LOG(NDPI_PROTOCOL_WORLDOFWARCRAFT, ndpi_struct, NDPI_LOG_DEBUG, "Search World of Warcraft.\n"); + NDPI_LOG_DBG(ndpi_struct, "search World of Warcraft\n"); if (packet->tcp != NULL) { /* @@ -72,8 +73,7 @@ void ndpi_search_worldofwarcraft(struct ndpi_detection_module_struct memcmp(packet->user_agent_line.ptr, "Blizzard Web Client", NDPI_STATICSTRING_LEN("Blizzard Web Client")) == 0) { ndpi_int_worldofwarcraft_add_connection(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_WORLDOFWARCRAFT, ndpi_struct, NDPI_LOG_DEBUG, - "World of Warcraft: Web Client found\n"); + NDPI_LOG_DBG(ndpi_struct, "World of Warcraft: Web Client found\n"); return; } } @@ -89,7 +89,7 @@ void ndpi_search_worldofwarcraft(struct ndpi_detection_module_struct && memcmp(&packet->host_line.ptr[packet->host_line.len - NDPI_STATICSTRING_LEN("worldofwarcraft.com")], "worldofwarcraft.com", NDPI_STATICSTRING_LEN("worldofwarcraft.com")) == 0) { ndpi_int_worldofwarcraft_add_connection(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_WORLDOFWARCRAFT, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_INFO(ndpi_struct, "World of Warcraft: Web Client found\n"); return; } @@ -97,14 +97,14 @@ void ndpi_search_worldofwarcraft(struct ndpi_detection_module_struct if (packet->payload_packet_len == 50 && memcmp(&packet->payload[2], "WORLD OF WARCRAFT CONNECTION", NDPI_STATICSTRING_LEN("WORLD OF WARCRAFT CONNECTION")) == 0) { ndpi_int_worldofwarcraft_add_connection(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_WORLDOFWARCRAFT, ndpi_struct, NDPI_LOG_DEBUG, "World of Warcraft: Login found\n"); + NDPI_LOG_INFO(ndpi_struct, "World of Warcraft: Login found\n"); return; } if (packet->tcp->dest == htons(3724) && packet->payload_packet_len < 70 && packet->payload_packet_len > 40 && (memcmp(&packet->payload[4], "WoW", 3) == 0 || memcmp(&packet->payload[5], "WoW", 3) == 0)) { ndpi_int_worldofwarcraft_add_connection(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_WORLDOFWARCRAFT, ndpi_struct, NDPI_LOG_DEBUG, "World of Warcraft: Login found\n"); + NDPI_LOG_INFO(ndpi_struct, "World of Warcraft: Login found\n"); return; } @@ -112,8 +112,7 @@ void ndpi_search_worldofwarcraft(struct ndpi_detection_module_struct if (packet->tcp->source == htons(3724) && packet->payload_packet_len == 8 && get_u_int32_t(packet->payload, 0) == htonl(0x0006ec01)) { ndpi_int_worldofwarcraft_add_connection(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_WORLDOFWARCRAFT, ndpi_struct, - NDPI_LOG_DEBUG, "World of Warcraft: connection detected\n"); + NDPI_LOG_INFO(ndpi_struct, "World of Warcraft: connection detected\n"); return; } @@ -127,16 +126,14 @@ void ndpi_search_worldofwarcraft(struct ndpi_detection_module_struct ntohs(get_u_int16_t(packet->payload, 0)) == (packet->payload_packet_len - 2)) { if (get_u_int32_t(packet->payload, 2) == htonl(0xec010100)) { - NDPI_LOG(NDPI_PROTOCOL_WORLDOFWARCRAFT, ndpi_struct, - NDPI_LOG_DEBUG, "probably World of Warcraft, waiting for final packet\n"); + NDPI_LOG_DBG2(ndpi_struct, "probably World of Warcraft, waiting for final packet\n"); flow->l4.tcp.wow_stage = 2; return; } else if (packet->payload_packet_len == 41 && (get_u_int16_t(packet->payload, 2) == htons(0x0085) || get_u_int16_t(packet->payload, 2) == htons(0x0034) || get_u_int16_t(packet->payload, 2) == htons(0x1960))) { - NDPI_LOG(NDPI_PROTOCOL_WORLDOFWARCRAFT, ndpi_struct, - NDPI_LOG_DEBUG, "maybe World of Warcraft, need next\n"); + NDPI_LOG_DBG2(ndpi_struct, "maybe World of Warcraft, need next\n"); flow->l4.tcp.wow_stage = 1; return; } @@ -155,21 +152,18 @@ void ndpi_search_worldofwarcraft(struct ndpi_detection_module_struct || memcmp(&packet->payload[packet->payload_packet_len - 30], "\x94\xec\xff\xfd\x67\x62\xd4\x67\xfb\xf9\xdd\xbd\xfd\x01\xc0\x8f\xf9\x81", 18) == 0)) { ndpi_int_worldofwarcraft_add_connection(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_WORLDOFWARCRAFT, ndpi_struct, - NDPI_LOG_DEBUG, "World of Warcraft: connection detected\n"); + NDPI_LOG_INFO(ndpi_struct, "World of Warcraft: connection detected\n"); return; } if (packet->payload_packet_len > 32 && ntohs(get_u_int16_t(packet->payload, 0)) == (packet->payload_packet_len - 2)) { if (get_u_int16_t(packet->payload, 4) == 0) { - NDPI_LOG(NDPI_PROTOCOL_WORLDOFWARCRAFT, ndpi_struct, - NDPI_LOG_DEBUG, "probably World of Warcraft, waiting for final packet\n"); + NDPI_LOG_DBG2(ndpi_struct, "probably World of Warcraft, waiting for final packet\n"); flow->l4.tcp.wow_stage = 2; return; } else if (get_u_int32_t(packet->payload, 2) == htonl(0x12050000)) { - NDPI_LOG(NDPI_PROTOCOL_WORLDOFWARCRAFT, ndpi_struct, - NDPI_LOG_DEBUG, "probably World of Warcraft, waiting for final packet\n"); + NDPI_LOG_DBG2(ndpi_struct, "probably World of Warcraft, waiting for final packet\n"); flow->l4.tcp.wow_stage = 2; return; } @@ -179,16 +173,14 @@ void ndpi_search_worldofwarcraft(struct ndpi_detection_module_struct if (flow->l4.tcp.wow_stage == 2) { if (packet->payload_packet_len == 4) { ndpi_int_worldofwarcraft_add_connection(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_WORLDOFWARCRAFT, ndpi_struct, - NDPI_LOG_DEBUG, "World of Warcraft: connection detected\n"); + NDPI_LOG_INFO(ndpi_struct, "World of Warcraft: connection detected\n"); return; } else if (packet->payload_packet_len > 4 && packet->payload_packet_len <= 16 && packet->payload[4] == 0x0c) { ndpi_int_worldofwarcraft_add_connection(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_WORLDOFWARCRAFT, ndpi_struct, - NDPI_LOG_DEBUG, "World of Warcraft: connection detected\n"); + NDPI_LOG_INFO(ndpi_struct, "World of Warcraft: connection detected\n"); return; } else if (flow->packet_counter < 3) { - NDPI_LOG(NDPI_PROTOCOL_WORLDOFWARCRAFT, ndpi_struct, NDPI_LOG_DEBUG, "waiting for final packet\n"); + NDPI_LOG_DBG2(ndpi_struct, "waiting for final packet\n"); return; } } @@ -199,14 +191,13 @@ void ndpi_search_worldofwarcraft(struct ndpi_detection_module_struct get_u_int32_t(packet->payload, 0) == htonl(0x40000aed) && get_u_int32_t(packet->payload, 4) == htonl(0xea070aed)) { ndpi_int_worldofwarcraft_add_connection(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_WORLDOFWARCRAFT, ndpi_struct, - NDPI_LOG_DEBUG, "World of Warcraft: connection detected\n"); + NDPI_LOG_INFO(ndpi_struct, "World of Warcraft: connection detected\n"); return; } } } - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_WORLDOFWARCRAFT); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/xbox.c b/src/lib/protocols/xbox.c index 92f68fc34..3182c191c 100644 --- a/src/lib/protocols/xbox.c +++ b/src/lib/protocols/xbox.c @@ -21,9 +21,11 @@ * */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_XBOX +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_XBOX +#include "ndpi_api.h" static void ndpi_int_xbox_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -36,9 +38,6 @@ void ndpi_search_xbox(struct ndpi_detection_module_struct *ndpi_struct, struct n { struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_id_struct *src = flow->src; - // struct ndpi_id_struct *dst = flow->dst; - /* * XBOX UDP DETCTION ONLY * the xbox TCP detection is done by http code @@ -49,7 +48,7 @@ void ndpi_search_xbox(struct ndpi_detection_module_struct *ndpi_struct, struct n u_int16_t dport = ntohs(packet->udp->dest); u_int16_t sport = ntohs(packet->udp->source); - NDPI_LOG(NDPI_PROTOCOL_XBOX, ndpi_struct, NDPI_LOG_DEBUG, "search xbox\n"); + NDPI_LOG_DBG(ndpi_struct, "search xbox\n"); if (packet->payload_packet_len > 12 && get_u_int32_t(packet->payload, 0) == 0 && packet->payload[5] == 0x58 && @@ -62,7 +61,7 @@ void ndpi_search_xbox(struct ndpi_detection_module_struct *ndpi_struct, struct n (packet->payload[4] == 0x06 && packet->payload[6] == 0x4e)) { ndpi_int_xbox_add_connection(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_XBOX, ndpi_struct, NDPI_LOG_DEBUG, "xbox udp connection detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found xbox udp connection detected\n"); return; } } @@ -76,10 +75,10 @@ void ndpi_search_xbox(struct ndpi_detection_module_struct *ndpi_struct, struct n || (packet->payload_packet_len == 28 && ntohl(get_u_int32_t(packet->payload, 0)) == 0x015f2c00))) { if (flow->l4.udp.xbox_stage == 1) { ndpi_int_xbox_add_connection(ndpi_struct, flow); - NDPI_LOG(NDPI_PROTOCOL_XBOX, ndpi_struct, NDPI_LOG_DEBUG, "xbox udp connection detected\n"); + NDPI_LOG_INFO(ndpi_struct, "found xbox udp connection detected\n"); return; } - NDPI_LOG(NDPI_PROTOCOL_XBOX, ndpi_struct, NDPI_LOG_DEBUG, "maybe xbox.\n"); + NDPI_LOG_DBG(ndpi_struct, "maybe xbox\n"); flow->l4.udp.xbox_stage++; return; } @@ -88,8 +87,7 @@ void ndpi_search_xbox(struct ndpi_detection_module_struct *ndpi_struct, struct n #ifdef NDPI_PROTOCOL_HTTP if(NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_HTTP) != 0) { #endif - NDPI_LOG(NDPI_PROTOCOL_XBOX, ndpi_struct, NDPI_LOG_DEBUG, "xbox udp excluded.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_XBOX); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } } /* to not exclude tcp traffic here, done by http code... */ diff --git a/src/lib/protocols/xdmcp.c b/src/lib/protocols/xdmcp.c index 614e503b1..71bcd9c69 100644 --- a/src/lib/protocols/xdmcp.c +++ b/src/lib/protocols/xdmcp.c @@ -22,10 +22,14 @@ * */ +#include "ndpi_protocol_ids.h" -#include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_XDMCP +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_XDMCP + +#include "ndpi_api.h" + static void ndpi_int_xdmcp_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -38,17 +42,14 @@ void ndpi_search_xdmcp(struct ndpi_detection_module_struct { struct ndpi_packet_struct *packet = &flow->packet; - // struct ndpi_id_struct *src=ndpi_struct->src; - // struct ndpi_id_struct *dst=ndpi_struct->dst; - - NDPI_LOG(NDPI_PROTOCOL_XDMCP, ndpi_struct, NDPI_LOG_DEBUG, "search xdmcp.\n"); + NDPI_LOG_DBG(ndpi_struct, "search xdmcp\n"); if (packet->tcp != NULL && (ntohs(packet->tcp->dest) >= 6000 && ntohs(packet->tcp->dest) <= 6005) && packet->payload_packet_len == 48 && packet->payload[0] == 0x6c && packet->payload[1] == 0x00 && ntohs(get_u_int16_t(packet->payload, 6)) == 0x1200 && ntohs(get_u_int16_t(packet->payload, 8)) == 0x1000) { - NDPI_LOG(NDPI_PROTOCOL_XDMCP, ndpi_struct, NDPI_LOG_DEBUG, "found xdmcp over tcp.\n"); + NDPI_LOG_INFO(ndpi_struct, "found xdmcp over tcp\n"); ndpi_int_xdmcp_add_connection(ndpi_struct, flow); return; } @@ -56,14 +57,12 @@ void ndpi_search_xdmcp(struct ndpi_detection_module_struct && packet->payload_packet_len >= 6 && packet->payload_packet_len == 6 + ntohs(get_u_int16_t(packet->payload, 4)) && ntohs(get_u_int16_t(packet->payload, 0)) == 0x0001 && ntohs(get_u_int16_t(packet->payload, 2)) == 0x0002) { - NDPI_LOG(NDPI_PROTOCOL_XDMCP, ndpi_struct, NDPI_LOG_DEBUG, "found xdmcp over udp.\n"); + NDPI_LOG_INFO(ndpi_struct, "found xdmcp over udp\n"); ndpi_int_xdmcp_add_connection(ndpi_struct, flow); return; } - - NDPI_LOG(NDPI_PROTOCOL_XDMCP, ndpi_struct, NDPI_LOG_DEBUG, "exclude xdmcp.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_XDMCP); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/yahoo.c b/src/lib/protocols/yahoo.c index 569fca940..3c073482f 100644 --- a/src/lib/protocols/yahoo.c +++ b/src/lib/protocols/yahoo.c @@ -20,9 +20,12 @@ * along with nDPI. If not, see . * */ -#include "ndpi_api.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_YAHOO +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_YAHOO +#include "ndpi_api.h" + struct ndpi_yahoo_header { @@ -87,8 +90,6 @@ static void ndpi_search_yahoo_tcp(struct ndpi_detection_module_struct *ndpi_stru struct ndpi_id_struct *dst = flow->dst; const struct ndpi_yahoo_header *yahoo = (struct ndpi_yahoo_header *) packet->payload; - - if(packet->tcp) { if(packet->payload_packet_len > 0) { /* packet must be at least 20 bytes long */ @@ -96,11 +97,11 @@ static void ndpi_search_yahoo_tcp(struct ndpi_detection_module_struct *ndpi_stru && memcmp(yahoo->YMSG_str, "YMSG", 4) == 0 && ((packet->payload_packet_len - 20) == ntohs(yahoo->len) || check_ymsg(packet->payload, packet->payload_packet_len))) { - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_TRACE, "YAHOO FOUND\n"); + NDPI_LOG_DBG(ndpi_struct, "YAHOO FOUND\n"); flow->yahoo_detection_finished = 2; if(ntohs(yahoo->service) == 24 || ntohs(yahoo->service) == 152 || ntohs(yahoo->service) == 74) { - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_TRACE, "YAHOO conference or chat invite found"); + NDPI_LOG_DBG(ndpi_struct, "YAHOO conference or chat invite found"); if(src != NULL) src->yahoo_conf_logged_in = 1; @@ -108,13 +109,13 @@ static void ndpi_search_yahoo_tcp(struct ndpi_detection_module_struct *ndpi_stru dst->yahoo_conf_logged_in = 1; } if(ntohs(yahoo->service) == 27 || ntohs(yahoo->service) == 155 || ntohs(yahoo->service) == 160) { - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_TRACE, "YAHOO conference or chat logoff found"); + NDPI_LOG_DBG(ndpi_struct, "YAHOO conference or chat logoff found"); if(src != NULL) { src->yahoo_conf_logged_in = 0; src->yahoo_voice_conf_logged_in = 0; } } - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_DEBUG, "found YAHOO"); + NDPI_LOG_INFO(ndpi_struct, "found YAHOO"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_UNKNOWN); return; @@ -140,7 +141,7 @@ static void ndpi_search_yahoo_tcp(struct ndpi_detection_module_struct *ndpi_stru && NDPI_COMPARE_PROTOCOL_TO_BITMASK(dst->detected_protocol_bitmask, NDPI_PROTOCOL_YAHOO) != 0)) { /* this is mostly a file transfer */ - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_DEBUG, "found YAHOO"); + NDPI_LOG_INFO(ndpi_struct, "found YAHOO"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_UNKNOWN); return; } @@ -151,7 +152,7 @@ static void ndpi_search_yahoo_tcp(struct ndpi_detection_module_struct *ndpi_stru if ((packet->user_agent_line.len >= 21) && (memcmp(packet->user_agent_line.ptr, "YahooMobileMessenger/", 21) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_DEBUG, "found YAHOO(Mobile)"); + NDPI_LOG_INFO(ndpi_struct, "found YAHOO(Mobile)"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_UNKNOWN); return; } @@ -169,27 +170,23 @@ static void ndpi_search_yahoo_tcp(struct ndpi_detection_module_struct *ndpi_stru && memcmp(packet->line[4].ptr, "User-Agent: Mozilla/5.0", 23) == 0 && packet->line[5].len >= 23 && memcmp(packet->line[5].ptr, "Cache-Control: no-cache", 23) == 0) { - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_TRACE, - "YAHOO HTTP POST P2P FILETRANSFER FOUND\n"); - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_DEBUG, "found YAHOO"); + NDPI_LOG_INFO(ndpi_struct, "found YAHOO HTTP POST P2P FILETRANSFER\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_UNKNOWN); return; } if (packet->host_line.ptr != NULL && packet->host_line.len >= 26 && memcmp(packet->host_line.ptr, "filetransfer.msg.yahoo.com", 26) == 0) { - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_TRACE, "YAHOO HTTP POST FILETRANSFER FOUND\n"); - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_DEBUG, "found YAHOO"); + NDPI_LOG_INFO(ndpi_struct, "found YAHOO HTTP POST FILETRANSFER\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_UNKNOWN); return; } /* now check every line */ for (a = 0; a < packet->parsed_lines; a++) { if (packet->line[a].len >= 4 && memcmp(packet->line[a].ptr, "YMSG", 4) == 0) { - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, - NDPI_LOG_TRACE, + NDPI_LOG_DBG(ndpi_struct, "YAHOO HTTP POST FOUND, line is: %.*s\n", packet->line[a].len, packet->line[a].ptr); - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_DEBUG, "found YAHOO"); + NDPI_LOG_INFO(ndpi_struct, "found YAHOO"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_UNKNOWN); return; } @@ -197,8 +194,8 @@ static void ndpi_search_yahoo_tcp(struct ndpi_detection_module_struct *ndpi_stru if (packet->parsed_lines > 8 && packet->line[8].len > 250 && packet->line[8].ptr != NULL) { if (memcmp(packet->line[8].ptr, "line[8].len, packet->line[8].ptr)) { - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_DEBUG, - "found HTTP Proxy Yahoo Chat detected_protocol_bitmask, NDPI_PROTOCOL_YAHOO) != 0) || (dst != NULL && NDPI_COMPARE_PROTOCOL_TO_BITMASK(dst->detected_protocol_bitmask, NDPI_PROTOCOL_YAHOO) != 0)) { - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_TRACE, "YAHOO HTTP GET /Messenger. match\n"); - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_DEBUG, "found YAHOO"); + NDPI_LOG_INFO(ndpi_struct, "found YAHOO HTTP GET /Messenger. match\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_UNKNOWN); return; } @@ -222,13 +218,13 @@ static void ndpi_search_yahoo_tcp(struct ndpi_detection_module_struct *ndpi_stru && memcmp(packet->user_agent_line.ptr, "YahooMobileMessenger/", NDPI_STATICSTRING_LEN("YahooMobileMessenger/")) == 0) || (packet->user_agent_line.len >= 15 && (memcmp(packet->user_agent_line.ptr, "Y!%20Messenger/", 15) == 0))) { - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_DEBUG, "found YAHOO(Mobile)"); + NDPI_LOG_INFO(ndpi_struct, "found YAHOO(Mobile)"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_UNKNOWN); return; } if(packet->host_line.ptr != NULL && packet->host_line.len >= NDPI_STATICSTRING_LEN("msg.yahoo.com") && memcmp(&packet->host_line.ptr[packet->host_line.len - NDPI_STATICSTRING_LEN("msg.yahoo.com")], "msg.yahoo.com", NDPI_STATICSTRING_LEN("msg.yahoo.com")) == 0) { - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_DEBUG, "found YAHOO"); + NDPI_LOG_INFO(ndpi_struct, "found YAHOO"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_UNKNOWN); return; } @@ -242,10 +238,10 @@ static void ndpi_search_yahoo_tcp(struct ndpi_detection_module_struct *ndpi_stru if (packet->parsed_lines > 2 && packet->line[1].len == 0) { - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_TRACE, "first line is empty.\n"); + NDPI_LOG_DBG(ndpi_struct, "first line is empty\n"); if (packet->line[2].len > 13 && memcmp(packet->line[2].ptr, "payload_packet_len > 38 && memcmp(packet->payload, "CONNECT scs.msg.yahoo.com:5050 HTTP/1.", 38) == 0) { - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_TRACE, "YAHOO-HTTP FOUND\n"); - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_DEBUG, "found YAHOO"); + NDPI_LOG_INFO(ndpi_struct, "found YAHOO-HTTP\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_UNKNOWN); return; } @@ -264,7 +259,7 @@ static void ndpi_search_yahoo_tcp(struct ndpi_detection_module_struct *ndpi_stru || (dst != NULL && NDPI_COMPARE_PROTOCOL_TO_BITMASK(dst->detected_protocol_bitmask, NDPI_PROTOCOL_YAHOO) != 0)) { if (packet->payload_packet_len == 6 && memcmp(packet->payload, "YAHOO!", 6) == 0) { - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_DEBUG, "found YAHOO"); + NDPI_LOG_INFO(ndpi_struct, "found YAHOO"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_UNKNOWN); return; } @@ -274,8 +269,6 @@ static void ndpi_search_yahoo_tcp(struct ndpi_detection_module_struct *ndpi_stru if (packet->payload_packet_len == 8 && (memcmp(packet->payload, "", 8) == 0 || memcmp(packet->payload, "", 8) == 0 || memcmp(packet->payload, "", 8) == 0 || memcmp(packet->payload, "", 8) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_TRACE, "YAHOO SNDIMG or REQIMG or RVWCFG or RUPCFG FOUND\n"); - if(src != NULL) { if (memcmp(packet->payload, "", 8) == 0) { src->yahoo_video_lan_dir = 0; @@ -293,7 +286,7 @@ static void ndpi_search_yahoo_tcp(struct ndpi_detection_module_struct *ndpi_stru dst->yahoo_video_lan_timer = packet->tick_timestamp; } - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_DEBUG, "found YAHOO subtype VIDEO"); + NDPI_LOG_INFO(ndpi_struct, "found YAHOO subtype VIDEO"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_UNKNOWN); return; } @@ -302,9 +295,8 @@ static void ndpi_search_yahoo_tcp(struct ndpi_detection_module_struct *ndpi_stru if (src->yahoo_video_lan_dir == 1) { - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_DEBUG, "found YAHOO"); + NDPI_LOG_INFO(ndpi_struct, "found YAHOO IMG MARKED"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_UNKNOWN); - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_DEBUG, "IMG MARKED"); return; } } @@ -312,9 +304,8 @@ static void ndpi_search_yahoo_tcp(struct ndpi_detection_module_struct *ndpi_stru && ((u_int32_t) (packet->tick_timestamp - dst->yahoo_video_lan_timer) < ndpi_struct->yahoo_lan_video_timeout)) { if (dst->yahoo_video_lan_dir == 0) { - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_DEBUG, "found YAHOO"); + NDPI_LOG_INFO(ndpi_struct, "found YAHOO IMG MARKED"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_UNKNOWN); - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_DEBUG, "IMG MARKED"); return; } } @@ -326,8 +317,7 @@ static void ndpi_search_yahoo_tcp(struct ndpi_detection_module_struct *ndpi_stru { if (flow->l4.tcp.yahoo_http_proxy_stage == 0) { - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_DEBUG, - "YAHOO maybe HTTP proxy packet 1 => need next packet\n"); + NDPI_LOG_DBG2(ndpi_struct, "YAHOO maybe HTTP proxy packet 1 => need next packet\n"); flow->l4.tcp.yahoo_http_proxy_stage = 1 + packet->packet_direction; return; } @@ -335,12 +325,12 @@ static void ndpi_search_yahoo_tcp(struct ndpi_detection_module_struct *ndpi_stru if ((packet->payload_packet_len > 250) && (memcmp(packet->payload, "payload_packet_len, packet->payload)) { - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_DEBUG, "found HTTP Proxy Yahoo Chat need next packet\n"); + NDPI_LOG_DBG2(ndpi_struct, "YAHOO maybe HTTP proxy still initial direction => need next packet\n"); return; } if (flow->l4.tcp.yahoo_http_proxy_stage == 2 - packet->packet_direction) { @@ -354,7 +344,7 @@ static void ndpi_search_yahoo_tcp(struct ndpi_detection_module_struct *ndpi_stru memcmp(packet->line[4].ptr, "line[8].ptr, "excluded_protocol_bitmask, NDPI_PROTOCOL_YAHOO); - } + + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } void ndpi_search_yahoo(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_YAHOO, ndpi_struct, NDPI_LOG_DEBUG, "search yahoo\n"); + NDPI_LOG_DBG(ndpi_struct, "search yahoo\n"); if(packet->payload_packet_len > 0 && flow->yahoo_detection_finished == 0) { @@ -385,13 +374,16 @@ void ndpi_search_yahoo(struct ndpi_detection_module_struct *ndpi_struct, struct #ifdef NDPI_PROTOCOL_SSL || packet->detected_protocol_stack[0] == NDPI_PROTOCOL_SSL) { #endif + /* search over TCP */ ndpi_search_yahoo_tcp(ndpi_struct, flow); } } /* search over UDP */ else if(packet->udp != NULL) { - if(flow->src == NULL || NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->src->detected_protocol_bitmask, NDPI_PROTOCOL_YAHOO) == 0) - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_YAHOO); + if ( flow->src == NULL || + NDPI_COMPARE_PROTOCOL_TO_BITMASK(flow->src->detected_protocol_bitmask, NDPI_PROTOCOL_YAHOO) == 0) { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + } return; } } diff --git a/src/lib/protocols/zattoo.c b/src/lib/protocols/zattoo.c index 3b6adcec8..9c212ddde 100644 --- a/src/lib/protocols/zattoo.c +++ b/src/lib/protocols/zattoo.c @@ -20,9 +20,13 @@ * along with nDPI. If not, see . * */ -#include "ndpi_api.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_ZATTOO + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_ZATTOO + +#include "ndpi_api.h" #ifndef WIN32 static inline @@ -33,13 +37,21 @@ u_int8_t ndpi_int_zattoo_user_agent_set(struct ndpi_detection_module_struct *ndp { if(flow->packet.user_agent_line.ptr != NULL && flow->packet.user_agent_line.len == 111) { if(memcmp(flow->packet.user_agent_line.ptr + flow->packet.user_agent_line.len - 25, "Zattoo/4", sizeof("Zattoo/4") - 1) == 0) { - NDPI_LOG(NDPI_PROTOCOL_ZATTOO, ndpi_struct, NDPI_LOG_DEBUG, "found zattoo useragent\n"); + NDPI_LOG_DBG(ndpi_struct, "found zattoo useragent\n"); return 1; } } return 0; } +#define ZATTOO_DETECTED \ + if (src != NULL) \ + src->zattoo_ts = packet->tick_timestamp; \ + if (dst != NULL) \ + dst->zattoo_ts = packet->tick_timestamp; \ + \ + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ZATTOO, NDPI_PROTOCOL_UNKNOWN) + void ndpi_search_zattoo(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; @@ -48,6 +60,8 @@ void ndpi_search_zattoo(struct ndpi_detection_module_struct *ndpi_struct, struct u_int16_t i; + NDPI_LOG_DBG(ndpi_struct, "search ZATTOO\n"); + if(packet->detected_protocol_stack[0] == NDPI_PROTOCOL_ZATTOO) { if(src != NULL && ((u_int32_t) (packet->tick_timestamp - src->zattoo_ts) < ndpi_struct->zattoo_connection_timeout)) src->zattoo_ts = packet->tick_timestamp; @@ -59,26 +73,14 @@ void ndpi_search_zattoo(struct ndpi_detection_module_struct *ndpi_struct, struct if(packet->tcp != NULL) { if(packet->payload_packet_len > 50 && memcmp(packet->payload, "GET /frontdoor/fd?brand=Zattoo&v=", 33) == 0) { - NDPI_LOG(NDPI_PROTOCOL_ZATTOO, ndpi_struct, NDPI_LOG_DEBUG, "add connection over tcp with pattern GET /frontdoor/fd?brand=Zattoo&v=\n"); - - if (src != NULL) - src->zattoo_ts = packet->tick_timestamp; - if (dst != NULL) - dst->zattoo_ts = packet->tick_timestamp; - - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ZATTOO, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found zattoo. add connection over tcp with pattern GET /frontdoor/fd?brand=Zattoo&v=\n"); + ZATTOO_DETECTED; return; } if(packet->payload_packet_len > 50 && memcmp(packet->payload, "GET /ZattooAdRedirect/redirect.jsp?user=", 40) == 0) { - NDPI_LOG(NDPI_PROTOCOL_ZATTOO, ndpi_struct, NDPI_LOG_DEBUG, "add connection over tcp with pattern GET /ZattooAdRedirect/redirect.jsp?user=\n"); - - if(src != NULL) - src->zattoo_ts = packet->tick_timestamp; - if(dst != NULL) - dst->zattoo_ts = packet->tick_timestamp; - - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ZATTOO, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found zattoo. add connection over tcp with pattern GET /ZattooAdRedirect/redirect.jsp?user=\n"); + ZATTOO_DETECTED; return; } if(packet->payload_packet_len > 50 && (memcmp(packet->payload, "POST /channelserver/player/channel/update HTTP/1.1", 50) == 0 @@ -89,14 +91,8 @@ void ndpi_search_zattoo(struct ndpi_detection_module_struct *ndpi_struct, struct for(i = 0; i < packet->parsed_lines; i++) { if(packet->line[i].len >= 18 && (memcmp(packet->line[i].ptr, "User-Agent: Zattoo", 18) == 0)) { - NDPI_LOG(NDPI_PROTOCOL_ZATTOO, ndpi_struct, NDPI_LOG_DEBUG, "add connection over tcp with pattern POST /channelserver/player/channel/update HTTP/1.1\n"); - - if(src != NULL) - src->zattoo_ts = packet->tick_timestamp; - if(dst != NULL) - dst->zattoo_ts = packet->tick_timestamp; - - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ZATTOO, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found zattoo. add connection over tcp with pattern POST /channelserver/player/channel/update HTTP/1.1\n"); + ZATTOO_DETECTED; return; } } @@ -107,12 +103,8 @@ void ndpi_search_zattoo(struct ndpi_detection_module_struct *ndpi_struct, struct if(ndpi_int_zattoo_user_agent_set(ndpi_struct, flow)) { - if(src != NULL) - src->zattoo_ts = packet->tick_timestamp; - if(dst != NULL) - dst->zattoo_ts = packet->tick_timestamp; - - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ZATTOO, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found zattoo. add connection over tcp with pattern GET / or POST /\n"); + ZATTOO_DETECTED; return; } } else if(packet->payload_packet_len > 50 && memcmp(packet->payload, "POST http://", 12) == 0) { @@ -141,14 +133,8 @@ void ndpi_search_zattoo(struct ndpi_detection_module_struct *ndpi_struct, struct && packet->payload[packet->empty_line_position + 6] == 0x0a && packet->payload[packet->empty_line_position + 7] == 0x00) { - NDPI_LOG(NDPI_PROTOCOL_ZATTOO, ndpi_struct, NDPI_LOG_DEBUG, "add connection over tcp with pattern POST http://\n"); - - if(src != NULL) - src->zattoo_ts = packet->tick_timestamp; - if(dst != NULL) - dst->zattoo_ts = packet->tick_timestamp; - - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ZATTOO, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found zattoo. add connection over tcp with pattern POST http://\n"); + ZATTOO_DETECTED; return; } } @@ -160,20 +146,14 @@ void ndpi_search_zattoo(struct ndpi_detection_module_struct *ndpi_struct, struct && packet->payload[2] == 0x00 && packet->payload[3] == 0x04 && packet->payload[4] == 0x0a && packet->payload[5] == 0x00) { flow->zattoo_stage = 1 + packet->packet_direction; - NDPI_LOG(NDPI_PROTOCOL_ZATTOO, ndpi_struct, NDPI_LOG_DEBUG, "need next packet, seen pattern 0x030400040a00\n"); + NDPI_LOG_DBG2(ndpi_struct, "need next packet, seen pattern 0x030400040a00\n"); return; } /* the following is searching for flash, not for zattoo. */ } else if(flow->zattoo_stage == 2 - packet->packet_direction && packet->payload_packet_len > 50 && packet->payload[0] == 0x03 && packet->payload[1] == 0x04) { - NDPI_LOG(NDPI_PROTOCOL_ZATTOO, ndpi_struct, NDPI_LOG_DEBUG, "add connection over tcp with 0x0304.\n"); - - if(src != NULL) - src->zattoo_ts = packet->tick_timestamp; - if(dst != NULL) - dst->zattoo_ts = packet->tick_timestamp; - - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ZATTOO, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found zattoo. add connection over tcp with 0x0304\n"); + ZATTOO_DETECTED; return; } else if(flow->zattoo_stage == 1 + packet->packet_direction) { @@ -181,7 +161,7 @@ void ndpi_search_zattoo(struct ndpi_detection_module_struct *ndpi_struct, struct flow->zattoo_stage = 3 + packet->packet_direction; - NDPI_LOG(NDPI_PROTOCOL_ZATTOO, ndpi_struct, NDPI_LOG_DEBUG, "need next packet, seen pattern 0x0000\n"); + NDPI_LOG_DBG2(ndpi_struct, "need next packet, seen pattern 0x0000\n"); return; } if(packet->payload_packet_len > 50 @@ -190,46 +170,29 @@ void ndpi_search_zattoo(struct ndpi_detection_module_struct *ndpi_struct, struct && packet->payload[2] == 0x00 && packet->payload[3] == 0x04 && packet->payload[4] == 0x0a && packet->payload[5] == 0x00) { } - NDPI_LOG(NDPI_PROTOCOL_ZATTOO, ndpi_struct, NDPI_LOG_DEBUG, "need next packet, seen pattern 0x030400040a00\n"); + NDPI_LOG_DBG2(ndpi_struct, "need next packet, seen pattern 0x030400040a00\n"); return; } else if(flow->zattoo_stage == 4 - packet->packet_direction && packet->payload_packet_len > 50 && packet->payload[0] == 0x03 && packet->payload[1] == 0x04) { - NDPI_LOG(NDPI_PROTOCOL_ZATTOO, ndpi_struct, NDPI_LOG_DEBUG, "add connection over tcp with 0x0304.\n"); - - if(src != NULL) - src->zattoo_ts = packet->tick_timestamp; - if(dst != NULL) - dst->zattoo_ts = packet->tick_timestamp; - - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ZATTOO, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found zattoo. add connection over tcp with 0x0304\n"); + ZATTOO_DETECTED; return; } else if(flow->zattoo_stage == 5 + packet->packet_direction && (packet->payload_packet_len == 125)) { - NDPI_LOG(NDPI_PROTOCOL_ZATTOO, ndpi_struct, NDPI_LOG_DEBUG, "detected zattoo.\n"); - - if(src != NULL) - src->zattoo_ts = packet->tick_timestamp; - if(dst != NULL) - dst->zattoo_ts = packet->tick_timestamp; - - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ZATTOO, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found zattoo\n"); + ZATTOO_DETECTED; return; } else if(flow->zattoo_stage == 6 - packet->packet_direction && packet->payload_packet_len == 1412) { - NDPI_LOG(NDPI_PROTOCOL_ZATTOO, ndpi_struct, NDPI_LOG_DEBUG, "found zattoo.\n"); - if(src != NULL) - src->zattoo_ts = packet->tick_timestamp; - if(dst != NULL) - dst->zattoo_ts = packet->tick_timestamp; - - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ZATTOO, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found zattoo\n"); + ZATTOO_DETECTED; return; } - NDPI_LOG(NDPI_PROTOCOL_ZATTOO, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "ZATTOO: discarded the flow (TCP): packet_size: %u; Flowstage: %u\n", packet->payload_packet_len, flow->zattoo_stage); @@ -246,27 +209,21 @@ void ndpi_search_zattoo(struct ndpi_detection_module_struct *ndpi_struct, struct if(++flow->zattoo_stage == 2) { - NDPI_LOG(NDPI_PROTOCOL_ZATTOO, ndpi_struct, NDPI_LOG_DEBUG, "add connection over udp.\n"); - if(src != NULL) - src->zattoo_ts = packet->tick_timestamp; - if(dst != NULL) - dst->zattoo_ts = packet->tick_timestamp; - - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ZATTOO, NDPI_PROTOCOL_UNKNOWN); + NDPI_LOG_INFO(ndpi_struct, "found zattoo. add connection over udp\n"); + ZATTOO_DETECTED; return; } - NDPI_LOG(NDPI_PROTOCOL_ZATTOO, ndpi_struct, NDPI_LOG_DEBUG, "need next packet udp.\n"); + NDPI_LOG_DBG2(ndpi_struct, "need next packet udp\n"); return; } - NDPI_LOG(NDPI_PROTOCOL_ZATTOO, ndpi_struct, NDPI_LOG_DEBUG, + NDPI_LOG_DBG2(ndpi_struct, "ZATTOO: discarded the flow (UDP): packet_size: %u; Flowstage: %u\n", packet->payload_packet_len, flow->zattoo_stage); } - /* exclude ZATTOO */ - NDPI_LOG(NDPI_PROTOCOL_ZATTOO, ndpi_struct, NDPI_LOG_DEBUG, "exclude zattoo.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_ZATTOO); + + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); } diff --git a/src/lib/protocols/zeromq.c b/src/lib/protocols/zeromq.c index f069bba09..c7c8e9519 100644 --- a/src/lib/protocols/zeromq.c +++ b/src/lib/protocols/zeromq.c @@ -17,13 +17,16 @@ * along with nDPI. If not, see . * */ -#include "ndpi_api.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_ZMQ +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_ZMQ + +#include "ndpi_api.h" static void ndpi_int_zmq_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_ZMQ, NDPI_PROTOCOL_UNKNOWN); - NDPI_LOG(NDPI_PROTOCOL_ZMQ, ndpi_struct, NDPI_LOG_TRACE, "ZMQ Found.\n"); + NDPI_LOG_INFO(ndpi_struct, "found ZMQ\n"); } @@ -39,8 +42,7 @@ static void ndpi_check_zmq(struct ndpi_detection_module_struct *ndpi_struct, str /* Break after 17 packets. */ if(flow->packet_counter > 17) { - NDPI_LOG(NDPI_PROTOCOL_ZMQ, ndpi_struct, NDPI_LOG_TRACE, "Exclude ZMQ.\n"); - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_ZMQ); + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } @@ -85,7 +87,7 @@ static void ndpi_check_zmq(struct ndpi_detection_module_struct *ndpi_struct, str void ndpi_search_zmq(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; - NDPI_LOG(NDPI_PROTOCOL_ZMQ, ndpi_struct, NDPI_LOG_TRACE, "ZMQ detection...\n"); + NDPI_LOG_DBG(ndpi_struct, "search ZMQ\n"); /* skip marked packets */ if(packet->detected_protocol_stack[0] != NDPI_PROTOCOL_ZMQ) { -- cgit v1.2.3 From 169aa11adc67e18a21fd81ecbb0c1c0989b346c9 Mon Sep 17 00:00:00 2001 From: Darryl Sokoloski Date: Thu, 26 Oct 2017 21:07:00 -0400 Subject: Added DHCP class identifier support. --- src/include/ndpi_typedefs.h | 1 + src/lib/protocols/dhcp.c | 7 +++++++ 2 files changed, 8 insertions(+) (limited to 'src') diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 33043fde5..c79f57f4d 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -1031,6 +1031,7 @@ struct ndpi_flow_struct { struct { char fingerprint[48]; + char class_ident[48]; } dhcp; } protos; diff --git a/src/lib/protocols/dhcp.c b/src/lib/protocols/dhcp.c index cdf33947e..c46cc1c91 100644 --- a/src/lib/protocols/dhcp.c +++ b/src/lib/protocols/dhcp.c @@ -104,6 +104,13 @@ void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct, stru "%02X", dhcp->options[i+2+idx] & 0xFF); offset += 2; } + } else if(id == 60 /* Class Identifier */) { + char *name = (char*)&dhcp->options[i+2]; + int j = 0; + + j = ndpi_min(len, sizeof(flow->protos.dhcp.class_ident)-1); + strncpy((char*)flow->protos.dhcp.class_ident, name, j); + flow->protos.dhcp.class_ident[j] = '\0'; } else if(id == 12 /* Host Name */) { char *name = (char*)&dhcp->options[i+2]; int j = 0; -- cgit v1.2.3 From cf07c925387ce803c314513ed8e4b1810bb27a0d Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sun, 29 Oct 2017 18:31:31 +0100 Subject: Dropbox and apple improvements Fixed warning --- example/ndpiReader.c | 2 ++ src/lib/ndpi_content_match.c.inc | 2 ++ 2 files changed, 4 insertions(+) (limited to 'src') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 8d8ee47b0..8bc4ad1a6 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -1117,6 +1117,8 @@ static struct receiver *cutBackTo(struct receiver **receivers, u_int32_t size, u HASH_DEL(*receivers, r); free(r); } + + return(NULL); } /* *********************************************** */ diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index ba14f50f1..4a9ec63cf 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8031,6 +8031,7 @@ ndpi_protocol_match host_match[] = { { ".cloudfront.net", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".apple.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".apple-dns.net", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".mzstatic.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".aaplimg.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".icloud.com", "AppleiCloud", NDPI_PROTOCOL_APPLE_ICLOUD, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, @@ -8048,6 +8049,7 @@ ndpi_protocol_match host_match[] = { { ".cnn.net", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".dropbox.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { ".dropbox-dns.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, { "log.getdropbox.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, { ".ebay.", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, /* or FUN */ -- cgit v1.2.3 From a0980228efa9cb4c2546dbbaaa9475db04f59cce Mon Sep 17 00:00:00 2001 From: Vitaly Lavrov Date: Tue, 31 Oct 2017 22:04:14 +0300 Subject: Bug fix. Protocol SIP: command 'CANCEL sip:' is not recognized. Add sip.pcap for tests ( Source: https://wiki.wireshark.org/SIP ). --- src/lib/protocols/sip.c | 2 +- tests/pcap/sip.pcap | Bin 0 -> 50975 bytes tests/result/sip.pcap.out | 8 ++++++++ 3 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 tests/pcap/sip.pcap create mode 100644 tests/result/sip.pcap.out (limited to 'src') diff --git a/src/lib/protocols/sip.c b/src/lib/protocols/sip.c index 94386d61e..67459f562 100644 --- a/src/lib/protocols/sip.c +++ b/src/lib/protocols/sip.c @@ -121,7 +121,7 @@ void ndpi_search_sip_handshake(struct ndpi_detection_module_struct } if ((memcmp(packet_payload, "CANCEL ", 7) == 0 || memcmp(packet_payload, "cancel ", 7) == 0) - && (memcmp(&packet_payload[4], "SIP:", 4) == 0 || memcmp(&packet_payload[4], "sip:", 4) == 0)) { + && (memcmp(&packet_payload[7], "SIP:", 4) == 0 || memcmp(&packet_payload[7], "sip:", 4) == 0)) { NDPI_LOG(NDPI_PROTOCOL_SIP, ndpi_struct, NDPI_LOG_DEBUG, "found sip CANCEL.\n"); ndpi_int_sip_add_connection(ndpi_struct, flow, 0); return; diff --git a/tests/pcap/sip.pcap b/tests/pcap/sip.pcap new file mode 100644 index 000000000..8cd7f4761 Binary files /dev/null and b/tests/pcap/sip.pcap differ diff --git a/tests/result/sip.pcap.out b/tests/result/sip.pcap.out new file mode 100644 index 000000000..8f1dfb3d2 --- /dev/null +++ b/tests/result/sip.pcap.out @@ -0,0 +1,8 @@ +RTP 9 1926 1 +SIP 102 47087 2 +RTCP 1 146 1 + + 1 UDP 192.168.1.2:5060 <-> 212.242.33.35:5060 [proto: 100/SIP][53 pkts/21940 bytes <-> 31 pkts/15635 bytes] + 2 UDP 192.168.1.2:5060 <-> 200.68.120.81:5060 [proto: 100/SIP][15 pkts/7568 bytes <-> 3 pkts/1944 bytes] + 3 UDP 192.168.1.2:30000 -> 212.242.33.36:40392 [proto: 87/RTP][9 pkts/1926 bytes -> 0 pkts/0 bytes] + 4 UDP 192.168.1.2:30001 -> 212.242.33.36:40393 [proto: 165/RTCP][1 pkts/146 bytes -> 0 pkts/0 bytes] -- cgit v1.2.3 From a488c9b7dc6d1e08ef09f681349923853ff142ae Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Fri, 3 Nov 2017 09:32:43 +0100 Subject: Fixes #485 --- src/lib/ndpi_content_match.c.inc | 2 +- src/lib/protocols/ssl.c | 2 +- src/lib/protocols/tor.c | 28 ++++++++++++++++++---------- 3 files changed, 20 insertions(+), 12 deletions(-) (limited to 'src') diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 4a9ec63cf..1ee97381e 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8434,7 +8434,7 @@ static const char *ndpi_en_bigrams[] = { "lz", "nz", "oz", "pz", "rz", "tz", "uz", "zz", NULL }; static const char *ndpi_en_impossible_bigrams[] = { - "bk", "bq", "bx", "cb", "cf", "cg", "cj", "cp", "cv", "cw", "cx", "dx", "fk", "fq", "fv", "fx", "ee", + "bk", "bq", "bx", "cb", "cf", "cg", "cj", "cp", "cv", "cw", "cx", "dx", "fk", "fq", "fv", "fx", /* "ee", removed it can be found in 'meeting' */ "fz", "gq", "gv", "gx", "hh", "hk", "hv", "hx", "hz", "iy", "jb", "jc", "jd", "jf", "jg", "jh", "jk", "jl", "jm", "jn", "jp", "jq", "jr", /* "js", */ "jt", "jv", "jw", "jx", "jy", "jz", "kg", "kq", "kv", "kx", "kz", "lq", "lx", "mg", "mj", "mq", "mx", "mz", "pq", "pv", "px", "qb", "qc", "qd", "qe", "qf", "ii", diff --git a/src/lib/protocols/ssl.c b/src/lib/protocols/ssl.c index 5afca5389..231bde1eb 100644 --- a/src/lib/protocols/ssl.c +++ b/src/lib/protocols/ssl.c @@ -641,7 +641,7 @@ void ndpi_search_ssl_tcp(struct ndpi_detection_module_struct *ndpi_struct, struc return; } else if((packet->payload_packet_len == 4) && (packet->payload[0] == 'W') - && (packet->payload[1] == 'A')){ + && (packet->payload[1] == 'A')) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_UNKNOWN); return; } else { diff --git a/src/lib/protocols/tor.c b/src/lib/protocols/tor.c index f6987ef19..95233e471 100644 --- a/src/lib/protocols/tor.c +++ b/src/lib/protocols/tor.c @@ -16,14 +16,23 @@ static void ndpi_int_tor_add_connection(struct ndpi_detection_module_struct int ndpi_is_ssl_tor(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow, char *certificate) { - + struct ndpi_flow_struct *flow, char *certificate) { int prev_num = 0, numbers_found = 0, num_found = 0, i, len; char dummy[48], *dot, *name; - if((certificate == NULL) - || (strlen(certificate) < 6) - || (strncmp(certificate, "www.", 4))) + if(certificate == NULL) + return(0); + else + len = strlen(certificate); + + /* Check if it ends in .com or .net */ + if(strcmp(&certificate[len-4], ".com") && strcmp(&certificate[len-4], ".net")) + return(0); + + if((len < 6) + || (!strncmp(certificate, "*.", 2)) /* Wildcard certificate */ + || (strncmp(certificate, "www.", 4)) /* Not starting with www.... */ + ) return(0); // printf("***** [SSL] %s(): %s\n", __FUNCTION__, certificate); @@ -55,13 +64,12 @@ int ndpi_is_ssl_tor(struct ndpi_detection_module_struct *ndpi_struct, } else prev_num = 0; - if(ndpi_match_bigram(ndpi_struct, &ndpi_struct->impossible_bigrams_automa, &name[i])) { - ndpi_int_tor_add_connection(ndpi_struct, flow); - return(1); - } - + if(ndpi_match_bigram(ndpi_struct, &ndpi_struct->bigrams_automa, &name[i])) { num_found++; + } else if(ndpi_match_bigram(ndpi_struct, &ndpi_struct->impossible_bigrams_automa, &name[i])) { + ndpi_int_tor_add_connection(ndpi_struct, flow); + return(1); } } -- cgit v1.2.3 From 3caac691d5640c505f03ae98fc187e019cb91d3d Mon Sep 17 00:00:00 2001 From: Campus Date: Sat, 11 Nov 2017 15:56:16 +0100 Subject: removed bigrams for src/lib/ndpi_content_match.c.inc --- src/lib/ndpi_content_match.c.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 1ee97381e..cc37d2ce0 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8439,8 +8439,8 @@ static const char *ndpi_en_impossible_bigrams[] = { "jl", "jm", "jn", "jp", "jq", "jr", /* "js", */ "jt", "jv", "jw", "jx", "jy", "jz", "kg", "kq", "kv", "kx", "kz", "lq", "lx", "mg", "mj", "mq", "mx", "mz", "pq", "pv", "px", "qb", "qc", "qd", "qe", "qf", "ii", "qg", "qh", "qj", "qk", "ql", "qm", "qn", "qo", "qp", "qr", "qs", "qt", "qv", "qw", "qx", "qy", "uu", - "qz", "sx", "sz", "tq", "tx", "vb", "vc", "vd", "vf", "vg", "vh", "vj", "vk", "vm", "vn", "vp", "bw", + "qz", "sx", "sz", "tq", "tx", "vb", "vc", "vd", "vf", "vg", "vh", "vj", "vm", "vn", "vp", "bw", /* "vk", "zr" Removed for kavkazr */ "vq", "vt", "vw", "vx", "vz", "wq", "wv", "wx", "wz", "xb", "xg", "xj", "xk", "xv", "xz", "xw", "yd", /*"yp", Removed for paypal */ - "yj", "yq", "yv", "yz", "yw", "zb", "zc", "zg", "zh", "zj", "zn", "zq", "zr", "zs", "zx", "wh", "wk", + "yj", "yq", "yv", "yz", "yw", "zb", "zc", "zg", "zh", "zj", "zn", "zq", "zs", "zx", "wh", "wk", "wb", "zk", "kp", "zk", "xy", NULL }; -- cgit v1.2.3 From a4532a49997ae185de393699e4b61c7d673fb78a Mon Sep 17 00:00:00 2001 From: Campus Date: Sat, 11 Nov 2017 16:23:14 +0100 Subject: update Telegram match --- src/lib/ndpi_content_match.c.inc | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src') diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index cc37d2ce0..e15fa88df 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8309,6 +8309,8 @@ ndpi_protocol_match host_match[] = { { "getrockerbox.com", "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "web.telegram.org", "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { "tdesktop.com", "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { "tupdate.com", "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, { NULL, 0 } }; -- cgit v1.2.3 From 2831d64f6abdf0275e15a8ba785d2289b4092de1 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sun, 19 Nov 2017 18:11:37 +0100 Subject: Added YouTube Upload protocol (used the identified unused by NDPI_PROTOCOL_SKYFILE_PREPAID) --- src/include/ndpi_protocol_ids.h | 2 +- src/lib/ndpi_content_match.c.inc | 2 ++ src/lib/ndpi_main.c | 8 +------- tests/pcap/youtubeupload.pcap | Bin 0 -> 131592 bytes 4 files changed, 4 insertions(+), 8 deletions(-) create mode 100644 tests/pcap/youtubeupload.pcap (limited to 'src') diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index bd0c8e999..42995e5e8 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -172,7 +172,7 @@ #define NDPI_PROTOCOL_NETFLIX 133 #define NDPI_PROTOCOL_LASTFM 134 #define NDPI_PROTOCOL_WAZE 135 -#define NDPI_PROTOCOL_SKYFILE_PREPAID 136 /* free for future use */ +#define NDPI_PROTOCOL_YOUTUBE_UPLOAD 136 /* Upload files to youtube */ #define NDPI_PROTOCOL_SKYFILE_RUDICS 137 /* free for future use */ #define NDPI_PROTOCOL_SKYFILE_POSTPAID 138 /* free for future use */ #define NDPI_PROTOCOL_CITRIX_ONLINE 139 diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index e15fa88df..79ee47a48 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8138,6 +8138,8 @@ ndpi_protocol_match host_match[] = { { ".yimg.com", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { "yahooapis.", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "upload.youtube.com", "YouTubeUpload", NDPI_PROTOCOL_YOUTUBE_UPLOAD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "upload.video.google.com", "YouTubeUpload", NDPI_PROTOCOL_YOUTUBE_UPLOAD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "youtube.", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "youtu.be.", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "yt3.ggpht.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index d7583f520..e59dd62c6 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1372,11 +1372,6 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "Citrix", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 1494, 2598, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYFILE_PREPAID, - no_master, - no_master, "SkyFile_PrePaid", NDPI_PROTOCOL_CATEGORY_MAIL, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYFILE_RUDICS, no_master, no_master, "SkyFile_Rudics", NDPI_PROTOCOL_CATEGORY_MAIL, @@ -4524,8 +4519,7 @@ ndpi_protocol ndpi_find_port_based_protocol(struct ndpi_detection_module_struct /* Skyfile (host 193.252.234.246 or host 10.10.102.80) */ if((shost == 0xC1FCEAF6) || (dhost == 0xC1FCEAF6) || (shost == 0x0A0A6650) || (dhost == 0x0A0A6650)) { - if((sport == 4708) || (dport == 4708)) proto.app_protocol = NDPI_PROTOCOL_SKYFILE_PREPAID; - else if((sport == 4709) || (dport == 4709)) proto.app_protocol = NDPI_PROTOCOL_SKYFILE_RUDICS; + if((sport == 4709) || (dport == 4709)) proto.app_protocol = NDPI_PROTOCOL_SKYFILE_RUDICS; else if((sport == 4710) || (dport == 4710)) proto.app_protocol = NDPI_PROTOCOL_SKYFILE_POSTPAID; } diff --git a/tests/pcap/youtubeupload.pcap b/tests/pcap/youtubeupload.pcap new file mode 100644 index 000000000..fa313fe76 Binary files /dev/null and b/tests/pcap/youtubeupload.pcap differ -- cgit v1.2.3 From 6e62367b56d7b79f840b02604c9d5e8f6340a0c5 Mon Sep 17 00:00:00 2001 From: Campus Date: Mon, 20 Nov 2017 17:05:15 +0100 Subject: add ICQ (instant messaging client) detection - deleted unused skyfile protocol --- src/include/ndpi_protocol_ids.h | 2 +- src/lib/ndpi_content_match.c.inc | 9 ++++++--- src/lib/ndpi_main.c | 8 +------- 3 files changed, 8 insertions(+), 11 deletions(-) (limited to 'src') diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 42995e5e8..29a5299fa 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -173,7 +173,7 @@ #define NDPI_PROTOCOL_LASTFM 134 #define NDPI_PROTOCOL_WAZE 135 #define NDPI_PROTOCOL_YOUTUBE_UPLOAD 136 /* Upload files to youtube */ -#define NDPI_PROTOCOL_SKYFILE_RUDICS 137 /* free for future use */ +#define NDPI_PROTOCOL_ICQ 137 #define NDPI_PROTOCOL_SKYFILE_POSTPAID 138 /* free for future use */ #define NDPI_PROTOCOL_CITRIX_ONLINE 139 #define NDPI_PROTOCOL_APPLE 140 diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 79ee47a48..ceb713002 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8310,9 +8310,12 @@ ndpi_protocol_match host_match[] = { { ".soundcloud.com", "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "getrockerbox.com", "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "web.telegram.org", "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - { "tdesktop.com", "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - { "tupdate.com", "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { "web.telegram.org", "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { "tdesktop.com", "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { "tupdate.com", "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + + { ".icq.", "ICQ", NDPI_PROTOCOL_ICQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { "icq.", "ICQ", NDPI_PROTOCOL_ICQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, { NULL, 0 } }; diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index e59dd62c6..3f91e7a6d 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1372,11 +1372,6 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "Citrix", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 1494, 2598, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYFILE_RUDICS, - no_master, - no_master, "SkyFile_Rudics", NDPI_PROTOCOL_CATEGORY_MAIL, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYFILE_POSTPAID, no_master, no_master, "SkyFile_PostPaid", NDPI_PROTOCOL_CATEGORY_MAIL, @@ -4519,8 +4514,7 @@ ndpi_protocol ndpi_find_port_based_protocol(struct ndpi_detection_module_struct /* Skyfile (host 193.252.234.246 or host 10.10.102.80) */ if((shost == 0xC1FCEAF6) || (dhost == 0xC1FCEAF6) || (shost == 0x0A0A6650) || (dhost == 0x0A0A6650)) { - if((sport == 4709) || (dport == 4709)) proto.app_protocol = NDPI_PROTOCOL_SKYFILE_RUDICS; - else if((sport == 4710) || (dport == 4710)) proto.app_protocol = NDPI_PROTOCOL_SKYFILE_POSTPAID; + if((sport == 4710) || (dport == 4710)) proto.app_protocol = NDPI_PROTOCOL_SKYFILE_POSTPAID; } return(proto); -- cgit v1.2.3 From 33e0be73f7d7b398b246933f67c643a467b7f8f2 Mon Sep 17 00:00:00 2001 From: Jacob Masen-Smith Date: Wed, 22 Nov 2017 01:11:31 -0800 Subject: Fixed ndpi_win32.h so that it compiles on MinGW+GCC --- src/include/ndpi_win32.h | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/include/ndpi_win32.h b/src/include/ndpi_win32.h index 8a952b293..d4109dcb2 100644 --- a/src/include/ndpi_win32.h +++ b/src/include/ndpi_win32.h @@ -24,7 +24,18 @@ #ifndef __NDPI_WIN32_H__ #define __NDPI_WIN32_H__ +// fix a MinGW build issue "error: multiple storage classes in declaration specifiers" due to MinGW +// defining extern for __forceinline types +#if (defined(__MINGW32__) || defined(__MINGW64__)) && defined(__GNUC__) +// MinGW winnt.h uses FORCEINLINE which is originally defined as __forceinline, but requires extern +#undef FORCEINLINE +#define FORCEINLINE extern __inline__ __attribute__((__always_inline__,__gnu_inline__)) +#undef __forceinline +#define __forceinline __inline__ __attribute__((__always_inline__,__gnu_inline__)) +#endif + #include +#include #include #include #include @@ -40,7 +51,7 @@ #define IPVERSION 4 /* on *nix it is defined in netinet/ip.h */ -extern char* strsep(char **sp, const char *sep); +extern char* strsep(char **sp, char *sep); typedef unsigned char u_char; typedef unsigned short u_short; -- cgit v1.2.3 From 1b5c90cfbee33f3b64ebd45e464a9ca314e0bd99 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Thu, 23 Nov 2017 14:16:27 +0100 Subject: STUN improvements --- src/lib/ndpi_main.c | 2 +- src/lib/protocols/stun.c | 12 ++++++++++-- 2 files changed, 11 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 3f91e7a6d..ad8eeeb48 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1140,7 +1140,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); custom_master[0] = NDPI_PROTOCOL_SIP, custom_master[1] = NDPI_PROTOCOL_H323; - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_STUN, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_STUN, no_master, custom_master, "STUN", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index d44d9c26e..b527678b7 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -243,10 +243,18 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * return NDPI_IS_NOT_STUN; udp_stun_found: - if(can_this_be_whatsapp_voice) + if(can_this_be_whatsapp_voice) { flow->num_stun_udp_pkts++; - return((flow->num_stun_udp_pkts < MAX_NUM_STUN_PKTS) ? NDPI_IS_NOT_STUN : NDPI_IS_STUN); + return((flow->num_stun_udp_pkts < MAX_NUM_STUN_PKTS) ? NDPI_IS_NOT_STUN : NDPI_IS_STUN); + } else { + /* + We cannot immediately say that this is STUN as there are other protocols + like GoogleHangout that might be candidates, thus we set the + guessed protocol to STUN + */ + flow->guessed_protocol_id = NDPI_PROTOCOL_STUN; + } } void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) -- cgit v1.2.3 From 8b1f8636d17973a2af57391990ff8d7563d74862 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Thu, 23 Nov 2017 15:25:02 +0100 Subject: Further check if a STUN flow will eventually become RTP --- src/lib/protocols/stun.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'src') diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index b527678b7..15834df0b 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -297,6 +297,7 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n ndpi_int_stun_add_connection(ndpi_struct, is_whatsapp ? NDPI_PROTOCOL_WHATSAPP_VOICE : NDPI_PROTOCOL_STUN, flow); } + return; } @@ -304,6 +305,11 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n NDPI_LOG(NDPI_PROTOCOL_STUN, ndpi_struct, NDPI_LOG_DEBUG, "exclude stun.\n"); NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_STUN); } + + if(flow->packet_counter > 0) { + /* This might be a RTP stream: let's make sure we check it */ + NDPI_CLR(&flow->excluded_protocol_bitmask, NDPI_PROTOCOL_RTP); + } } -- cgit v1.2.3 From 8eaf0cefa1330c9b01b21b7f63f41f9ba1980eeb Mon Sep 17 00:00:00 2001 From: Luca Date: Thu, 23 Nov 2017 15:39:20 +0100 Subject: Warning fix --- src/lib/protocols/rtp.c | 2 ++ src/lib/protocols/stun.c | 7 ++++--- 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/lib/protocols/rtp.c b/src/lib/protocols/rtp.c index 80848f5ba..1271510ff 100644 --- a/src/lib/protocols/rtp.c +++ b/src/lib/protocols/rtp.c @@ -113,6 +113,8 @@ void ndpi_search_rtp(struct ndpi_detection_module_struct *ndpi_struct, struct nd { struct ndpi_packet_struct *packet = &flow->packet; + /* printf("*** %s(pkt=%d)\n", __FUNCTION__, flow->packet_counter); */ + if((packet->udp != NULL) && (ntohs(packet->udp->source) > 1023) && (ntohs(packet->udp->dest) > 1023)) diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index 15834df0b..6a1d903ee 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -254,7 +254,8 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * guessed protocol to STUN */ flow->guessed_protocol_id = NDPI_PROTOCOL_STUN; - } + return(NDPI_IS_NOT_STUN); + } } void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) @@ -313,8 +314,8 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n } -void init_stun_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) -{ +void init_stun_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, + NDPI_PROTOCOL_BITMASK *detection_bitmask) { ndpi_set_bitmask_protocol_detection("STUN", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_STUN, ndpi_search_stun, -- cgit v1.2.3 From 950f5db3dd2fda8159f2ba280d66d44103810aef Mon Sep 17 00:00:00 2001 From: Jacob Masen-Smith Date: Thu, 23 Nov 2017 20:40:43 -0800 Subject: Changed MinGW __forceinline strategy to something with less side effects --- src/include/ndpi_win32.h | 7 ++----- src/lib/protocols/attic/ftp.c | 7 +++++++ src/lib/protocols/irc.c | 3 +++ src/lib/protocols/qq.c | 6 ++++++ src/lib/protocols/rtp.c | 4 ++++ src/lib/protocols/sip.c | 2 ++ src/lib/protocols/sopcast.c | 2 ++ src/lib/protocols/telnet.c | 2 ++ src/lib/protocols/thunder.c | 6 ++++++ src/lib/protocols/world_of_warcraft.c | 2 ++ src/lib/protocols/yahoo.c | 4 +++- src/lib/protocols/zattoo.c | 4 +++- 12 files changed, 42 insertions(+), 7 deletions(-) (limited to 'src') diff --git a/src/include/ndpi_win32.h b/src/include/ndpi_win32.h index d4109dcb2..db309faff 100644 --- a/src/include/ndpi_win32.h +++ b/src/include/ndpi_win32.h @@ -27,11 +27,8 @@ // fix a MinGW build issue "error: multiple storage classes in declaration specifiers" due to MinGW // defining extern for __forceinline types #if (defined(__MINGW32__) || defined(__MINGW64__)) && defined(__GNUC__) -// MinGW winnt.h uses FORCEINLINE which is originally defined as __forceinline, but requires extern -#undef FORCEINLINE -#define FORCEINLINE extern __inline__ __attribute__((__always_inline__,__gnu_inline__)) -#undef __forceinline -#define __forceinline __inline__ __attribute__((__always_inline__,__gnu_inline__)) +#define MINGW_GCC +#define __mingw_forceinline __inline__ __attribute__((__always_inline__,__gnu_inline__)) #endif #include diff --git a/src/lib/protocols/attic/ftp.c b/src/lib/protocols/attic/ftp.c index 29cf55d15..2e06aec9a 100644 --- a/src/lib/protocols/attic/ftp.c +++ b/src/lib/protocols/attic/ftp.c @@ -43,6 +43,8 @@ static void ndpi_int_ftp_add_connection(struct ndpi_detection_module_struct *ndp */ #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif @@ -78,8 +80,11 @@ u_int8_t ndpi_int_check_possible_ftp_command(const struct ndpi_packet_struct *pa /** * ftp replies are are 3-digit number followed by space or hyphen */ + #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif @@ -108,6 +113,8 @@ u_int8_t ndpi_int_check_possible_ftp_reply(const struct ndpi_packet_struct *pack */ #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif diff --git a/src/lib/protocols/irc.c b/src/lib/protocols/irc.c index b2b73ac5f..a609062b3 100644 --- a/src/lib/protocols/irc.c +++ b/src/lib/protocols/irc.c @@ -39,8 +39,11 @@ static void ndpi_int_irc_add_connection(struct ndpi_detection_module_struct *ndp } + #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif diff --git a/src/lib/protocols/qq.c b/src/lib/protocols/qq.c index 0507efa36..5df6503e0 100644 --- a/src/lib/protocols/qq.c +++ b/src/lib/protocols/qq.c @@ -81,6 +81,8 @@ static const u_int16_t ndpi_valid_qq_versions[] = { #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif @@ -172,6 +174,8 @@ u_int8_t ndpi_is_valid_qq_packet(const struct ndpi_packet_struct *packet) #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif @@ -428,6 +432,8 @@ static void ndpi_search_qq_udp(struct ndpi_detection_module_struct *ndpi_struct, #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif diff --git a/src/lib/protocols/rtp.c b/src/lib/protocols/rtp.c index 80848f5ba..b9035e44a 100644 --- a/src/lib/protocols/rtp.c +++ b/src/lib/protocols/rtp.c @@ -148,6 +148,8 @@ static void ndpi_int_rtp_add_connection(struct ndpi_detection_module_struct #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif @@ -162,6 +164,8 @@ void init_seq(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif diff --git a/src/lib/protocols/sip.c b/src/lib/protocols/sip.c index 67459f562..45c39c64e 100644 --- a/src/lib/protocols/sip.c +++ b/src/lib/protocols/sip.c @@ -34,6 +34,8 @@ static void ndpi_int_sip_add_connection(struct ndpi_detection_module_struct *ndp #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif diff --git a/src/lib/protocols/sopcast.c b/src/lib/protocols/sopcast.c index 63590fec7..037e4df2c 100644 --- a/src/lib/protocols/sopcast.c +++ b/src/lib/protocols/sopcast.c @@ -43,6 +43,8 @@ static void ndpi_int_sopcast_add_connection(struct ndpi_detection_module_struct #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif diff --git a/src/lib/protocols/telnet.c b/src/lib/protocols/telnet.c index 0be921d44..162fee30d 100644 --- a/src/lib/protocols/telnet.c +++ b/src/lib/protocols/telnet.c @@ -37,6 +37,8 @@ static void ndpi_int_telnet_add_connection(struct ndpi_detection_module_struct #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif diff --git a/src/lib/protocols/thunder.c b/src/lib/protocols/thunder.c index f0198cdda..0a99282fc 100644 --- a/src/lib/protocols/thunder.c +++ b/src/lib/protocols/thunder.c @@ -47,6 +47,8 @@ static void ndpi_int_thunder_add_connection(struct ndpi_detection_module_struct #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif @@ -81,6 +83,8 @@ void ndpi_int_search_thunder_udp(struct ndpi_detection_module_struct #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif @@ -139,6 +143,8 @@ void ndpi_int_search_thunder_tcp(struct ndpi_detection_module_struct #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif diff --git a/src/lib/protocols/world_of_warcraft.c b/src/lib/protocols/world_of_warcraft.c index de3f720ba..9c1e41cc1 100644 --- a/src/lib/protocols/world_of_warcraft.c +++ b/src/lib/protocols/world_of_warcraft.c @@ -38,6 +38,8 @@ static void ndpi_int_worldofwarcraft_add_connection(struct ndpi_detection_module #if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif diff --git a/src/lib/protocols/yahoo.c b/src/lib/protocols/yahoo.c index 569fca940..a87195431 100644 --- a/src/lib/protocols/yahoo.c +++ b/src/lib/protocols/yahoo.c @@ -52,8 +52,10 @@ static u_int8_t ndpi_check_for_YmsgCommand(u_int16_t len, const u_int8_t * ptr) } -#ifndef WIN32 +#if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif diff --git a/src/lib/protocols/zattoo.c b/src/lib/protocols/zattoo.c index 3b6adcec8..dc58f1b00 100644 --- a/src/lib/protocols/zattoo.c +++ b/src/lib/protocols/zattoo.c @@ -24,8 +24,10 @@ #ifdef NDPI_PROTOCOL_ZATTOO -#ifndef WIN32 +#if !defined(WIN32) static inline +#elif defined(MINGW_GCC) +__mingw_forceinline static #else __forceinline static #endif -- cgit v1.2.3 From 7090ef838ced77d05a1071fb93e3bc0d0fd9aa95 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 28 Nov 2017 00:44:08 +0100 Subject: Minor optimizations --- src/lib/ndpi_main.c | 135 +++++++++++++++++++++------------------------------- 1 file changed, 53 insertions(+), 82 deletions(-) (limited to 'src') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index ad8eeeb48..f8956cb25 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -4655,92 +4655,63 @@ void ndpi_category_set_name(struct ndpi_detection_module_struct *ndpi_mod, /* ****************************************************** */ +static const char* categories[] = { + "Unspecified", + "Media", + "VPN", + "DataTransfer", + "Email", + "Download-FileTransfer-FileSharing", + "Web", + "SocialNetwork", + "Game", + "Chat", + "VoIP", + "Database", + "RemoteAccess", + "Cloud", + "Network", + "Collaborative", + "RPC", + "NetworkTool", + "System", + "SoftwareUpdate", + "", + "", + "", + "", + "" +}; + const char* ndpi_category_get_name(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol_category_t category) { - if(!ndpi_mod) return(NULL); - - switch(category) { - case NDPI_PROTOCOL_CATEGORY_MEDIA: - return("Media"); - break; - case NDPI_PROTOCOL_CATEGORY_VPN: - return("VPN"); - break; - case NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER: - return("DataTransfer"); - break; - case NDPI_PROTOCOL_CATEGORY_MAIL: - return("Email"); - break; - case NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT: - return("Download-FileTransfer-FileSharing"); - break; - case NDPI_PROTOCOL_CATEGORY_WEB: - return("Web"); - break; - case NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK: - return("SocialNetwork"); - break; - case NDPI_PROTOCOL_CATEGORY_GAME: - return("Game"); - break; - case NDPI_PROTOCOL_CATEGORY_CHAT: - return("Chat"); - break; - case NDPI_PROTOCOL_CATEGORY_VOIP: - return("VoIP"); - break; - case NDPI_PROTOCOL_CATEGORY_DATABASE: - return("Database"); - break; - case NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS: - return("RemoteAccess"); - break; - case NDPI_PROTOCOL_CATEGORY_CLOUD: - return("Cloud"); - break; - case NDPI_PROTOCOL_CATEGORY_NETWORK: - return("Network"); - break; - case NDPI_PROTOCOL_CATEGORY_COLLABORATIVE: - return("Collaborative"); - break; - case NDPI_PROTOCOL_CATEGORY_RPC: - return("RPC"); - break; - case NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL: - return("NetworkTool"); - break; - case NDPI_PROTOCOL_CATEGORY_SYSTEM_OS: - return("System"); - break; - case NDPI_PROTOCOL_CATEGORY_UNSPECIFIED: - return("Unspecified"); - break; - case NDPI_PROTOCOL_CATEGORY_SW_UPDATE: - return("SoftwareUpdate"); - break; - case NDPI_PROTOCOL_CATEGORY_CUSTOM_1: - return(ndpi_mod->custom_category_labels[0]); - break; - case NDPI_PROTOCOL_CATEGORY_CUSTOM_2: - return(ndpi_mod->custom_category_labels[1]); - break; - case NDPI_PROTOCOL_CATEGORY_CUSTOM_3: - return(ndpi_mod->custom_category_labels[2]); - break; - case NDPI_PROTOCOL_CATEGORY_CUSTOM_4: - return(ndpi_mod->custom_category_labels[3]); - break; - case NDPI_PROTOCOL_CATEGORY_CUSTOM_5: - return(ndpi_mod->custom_category_labels[4]); - break; - case NDPI_PROTOCOL_NUM_CATEGORIES: - return("Code should not use this internal constant"); - break; - } + if(category < NDPI_PROTOCOL_CATEGORY_CUSTOM_1) + return(categories[category]); + else { + switch(category) { + case NDPI_PROTOCOL_CATEGORY_CUSTOM_1: + return(ndpi_mod->custom_category_labels[0]); + break; + case NDPI_PROTOCOL_CATEGORY_CUSTOM_2: + return(ndpi_mod->custom_category_labels[1]); + break; + case NDPI_PROTOCOL_CATEGORY_CUSTOM_3: + return(ndpi_mod->custom_category_labels[2]); + break; + case NDPI_PROTOCOL_CATEGORY_CUSTOM_4: + return(ndpi_mod->custom_category_labels[3]); + break; + case NDPI_PROTOCOL_CATEGORY_CUSTOM_5: + return(ndpi_mod->custom_category_labels[4]); + break; + case NDPI_PROTOCOL_NUM_CATEGORIES: + return("Code should not use this internal constant"); + break; + } + } + return("Unspecified"); } -- cgit v1.2.3 From df7015f3a5290b16420e37b7f7f602bd11b602c9 Mon Sep 17 00:00:00 2001 From: cymaniac Date: Tue, 28 Nov 2017 21:29:38 +0100 Subject: Added dissector for protocol check_mk --- src/include/ndpi_protocol_ids.h | 4 ++ src/include/ndpi_protocols.h | 1 + src/lib/ndpi_main.c | 8 ++++ src/lib/protocols/checkmk.c | 85 +++++++++++++++++++++++++++++++++++++++++ 4 files changed, 98 insertions(+) create mode 100755 src/lib/protocols/checkmk.c (limited to 'src') diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 29a5299fa..9538aa86e 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -275,6 +275,10 @@ #define NDPI_PROTOCOL_CSGO 235 /* Counter-Strike Global Offensive, Dota 2 */ #define NDPI_PROTOCOL_LISP 236 +/* check_mk */ +#define NDPI_PROTOCOL_CHECKMK 237 + + /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ #define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_LISP diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index ef248027a..dec3a9eeb 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -140,6 +140,7 @@ void ndpi_search_pptp(struct ndpi_detection_module_struct *ndpi_struct, struct n void ndpi_search_stealthnet(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_dhcpv6_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_afp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); +void ndpi_search_checkmk(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_aimini(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_florensia(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_maplestory(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index f8956cb25..500ef892b 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1242,6 +1242,11 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "AFP", NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER, ndpi_build_default_ports(ports_a, 548, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 548, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CHECKMK, + no_master, + no_master, "CHECKMK", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, + ndpi_build_default_ports(ports_a, 6556, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_STEALTHNET, no_master, no_master, "Stealthnet", NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, @@ -2608,6 +2613,9 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* AFP */ init_afp_dissector(ndpi_struct, &a, detection_bitmask); + /* check_mk */ + init_checkmk_dissector(ndpi_struct, &a, detection_bitmask); + /* AIMINI */ init_aimini_dissector(ndpi_struct, &a, detection_bitmask); diff --git a/src/lib/protocols/checkmk.c b/src/lib/protocols/checkmk.c new file mode 100755 index 000000000..d407efea5 --- /dev/null +++ b/src/lib/protocols/checkmk.c @@ -0,0 +1,85 @@ +/* + * checkmk.c + * + * Copyright (C) 2009-2011 by ipoque GmbH + * Copyright (C) 2011-16 - ntop.org + * + * This file is part of nDPI, an open source deep packet inspection + * library based on the OpenDPI and PACE technology by ipoque GmbH + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + * + */ + +#include "ndpi_protocols.h" + +#ifdef NDPI_PROTOCOL_CHECKMK + +static void ndpi_int_checkmk_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) +{ + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CHECKMK, NDPI_PROTOCOL_UNKNOWN); +} + + +void ndpi_search_checkmk(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) +{ + struct ndpi_packet_struct *packet = &flow->packet; + + if (packet->payload_packet_len >= 15) { + + if(packet->payload_packet_len > 128) { + /* + When we transfer a large data chunk, unless we have observed + the initial connection, we need to discard these packets + as they are not an indication that this flow is not AFP + */ + return; + } + + /* + * this will detect the OpenSession command of the Data Stream Interface (DSI) protocol + * which is exclusively used by the Apple Filing Protocol (AFP) on TCP/IP networks + */ + + + + if (packet->payload_packet_len >= 15 && packet->payload_packet_len < 100 + && memcmp(packet->payload, "<<>>", 14) == 0) { + + NDPI_LOG(NDPI_PROTOCOL_CHECKMK, ndpi_struct, NDPI_LOG_DEBUG, "Check_MK: Flow detected.\n"); + ndpi_int_checkmk_add_connection(ndpi_struct, flow); + return; + } + } + + NDPI_LOG(NDPI_PROTOCOL_CHECKMK, ndpi_struct, NDPI_LOG_DEBUG, "Check_MK excluded.\n"); + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_CHECKMK); +} + + +void init_checkmk_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +{ + ndpi_set_bitmask_protocol_detection("CHECKMK", ndpi_struct, detection_bitmask, *id, + NDPI_PROTOCOL_CHECKMK, + ndpi_search_checkmk, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_TCP_WITH_PAYLOAD_WITHOUT_RETRANSMISSION, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, + ADD_TO_DETECTION_BITMASK); + *id += 1; +} + + +#endif + -- cgit v1.2.3 From 8af18763cc1ca09d39a57f80760d3d02a8114278 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 28 Nov 2017 22:05:34 +0100 Subject: Compilation fixes --- example/ndpiReader.c | 17 +++++++++++------ src/include/ndpi_protocol_ids.h | 7 ++----- src/include/ndpi_protocols.h | 1 + src/lib/Makefile.am | 1 + src/lib/ndpi_main.c | 41 +++++------------------------------------ src/lib/protocols/checkmk.c | 22 ++++++++++------------ 6 files changed, 30 insertions(+), 59 deletions(-) (limited to 'src') diff --git a/example/ndpiReader.c b/example/ndpiReader.c index 0c9218934..68a3bac3c 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -2238,7 +2238,8 @@ static pcap_t * openPcapFileOrDevice(u_int16_t thread_id, const u_char * pcap_fi pcap_t * pcap_handle = NULL; /* trying to open a live interface */ - if((pcap_handle = pcap_open_live((char*)pcap_file, snaplen, promisc, 500, pcap_error_buffer)) == NULL) { + if((pcap_handle = pcap_open_live((char*)pcap_file, snaplen, promisc, + 500, pcap_error_buffer)) == NULL) { capture_for = capture_until = 0; live_capture = 0; @@ -2248,28 +2249,32 @@ static pcap_t * openPcapFileOrDevice(u_int16_t thread_id, const u_char * pcap_fi if((pcap_handle = pcap_open_offline((char*)pcap_file, pcap_error_buffer)) == NULL) { char filename[256] = { 0 }; - if(strstr(pcap_file, ".pcap")) + if(strstr((char*)pcap_file, (char*)".pcap")) printf("ERROR: could not open pcap file %s: %s\n", pcap_file, pcap_error_buffer); else if((getNextPcapFileFromPlaylist(thread_id, filename, sizeof(filename)) != 0) || ((pcap_handle = pcap_open_offline(filename, pcap_error_buffer)) == NULL)) { printf("ERROR: could not open playlist %s: %s\n", filename, pcap_error_buffer); exit(-1); } else { - if((!json_flag) && (!quiet_mode)) printf("Reading packets from playlist %s...\n", pcap_file); + if((!json_flag) && (!quiet_mode)) + printf("Reading packets from playlist %s...\n", pcap_file); } } else { - if((!json_flag) && (!quiet_mode)) printf("Reading packets from pcap file %s...\n", pcap_file); + if((!json_flag) && (!quiet_mode)) + printf("Reading packets from pcap file %s...\n", pcap_file); } } else { live_capture = 1; - if((!json_flag) && (!quiet_mode)) printf("Capturing live traffic from device %s...\n", pcap_file); + if((!json_flag) && (!quiet_mode)) + printf("Capturing live traffic from device %s...\n", pcap_file); } configurePcapHandle(pcap_handle); if(capture_for > 0) { - if((!json_flag) && (!quiet_mode)) printf("Capturing traffic up to %u seconds\n", (unsigned int)capture_for); + if((!json_flag) && (!quiet_mode)) + printf("Capturing traffic up to %u seconds\n", (unsigned int)capture_for); #ifndef WIN32 alarm(capture_for); diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 9538aa86e..c9496797c 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -1,3 +1,4 @@ + /* * ndpi_protocol_ids.h * @@ -174,7 +175,7 @@ #define NDPI_PROTOCOL_WAZE 135 #define NDPI_PROTOCOL_YOUTUBE_UPLOAD 136 /* Upload files to youtube */ #define NDPI_PROTOCOL_ICQ 137 -#define NDPI_PROTOCOL_SKYFILE_POSTPAID 138 /* free for future use */ +#define NDPI_PROTOCOL_CHECKMK 138 #define NDPI_PROTOCOL_CITRIX_ONLINE 139 #define NDPI_PROTOCOL_APPLE 140 #define NDPI_PROTOCOL_WEBEX 141 @@ -275,10 +276,6 @@ #define NDPI_PROTOCOL_CSGO 235 /* Counter-Strike Global Offensive, Dota 2 */ #define NDPI_PROTOCOL_LISP 236 -/* check_mk */ -#define NDPI_PROTOCOL_CHECKMK 237 - - /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ #define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_LISP diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index dec3a9eeb..da7acaef7 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -349,5 +349,6 @@ void init_tinc_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int void init_fix_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_nintendo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_csgo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); +void init_checkmk_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); #endif /* __NDPI_PROTOCOLS_H__ */ diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index c2b4e4b13..7db19f818 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -26,6 +26,7 @@ libndpi_la_SOURCES = ndpi_content_match.c.inc \ protocols/bgp.c \ protocols/bittorrent.c \ protocols/bjnp.c \ + protocols/checkmk.c \ protocols/ciscovpn.c \ protocols/citrix.c \ protocols/coap.c \ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 500ef892b..c12b4bea2 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1244,7 +1244,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 548, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CHECKMK, no_master, - no_master, "CHECKMK", NDPI_PROTOCOL_CATEGORY_FILE_TRANSFER, + no_master, "CHECKMK", NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER, ndpi_build_default_ports(ports_a, 6556, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_STEALTHNET, @@ -1377,11 +1377,6 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "Citrix", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 1494, 2598, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SKYFILE_POSTPAID, - no_master, - no_master, "SkyFile_PostPaid", NDPI_PROTOCOL_CATEGORY_MAIL, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_CITRIX_ONLINE, no_master, no_master, "Citrix_Online", NDPI_PROTOCOL_CATEGORY_REMOTE_ACCESS, @@ -3170,7 +3165,8 @@ void ndpi_connection_tracking(struct ndpi_detection_module_struct *ndpi_struct, packet->packet_direction = 1; #ifdef NDPI_DETECTION_SUPPORT_IPV6 - if(iphv6 != NULL && NDPI_COMPARE_IPV6_ADDRESS_STRUCTS(&iphv6->ip6_src, &iphv6->ip6_dst) != 0) + if(iphv6 != NULL && NDPI_COMPARE_IPV6_ADDRESS_STRUCTS(&iphv6->ip6_src, + &iphv6->ip6_dst) != 0) packet->packet_direction = 1; #endif } @@ -4513,23 +4509,6 @@ u_int16_t ntohs_ndpi_bytestream_to_number(const u_int8_t * str, u_int16_t max_ch /* ****************************************************** */ -ndpi_protocol ndpi_find_port_based_protocol(struct ndpi_detection_module_struct *ndpi_struct /* NOTUSED */, - /* u_int8_t proto, */ - u_int32_t shost, u_int16_t sport, - u_int32_t dhost, u_int16_t dport) { - ndpi_protocol proto = NDPI_PROTOCOL_NULL; - - /* Skyfile (host 193.252.234.246 or host 10.10.102.80) */ - if((shost == 0xC1FCEAF6) || (dhost == 0xC1FCEAF6) - || (shost == 0x0A0A6650) || (dhost == 0x0A0A6650)) { - if((sport == 4710) || (dport == 4710)) proto.app_protocol = NDPI_PROTOCOL_SKYFILE_POSTPAID; - } - - return(proto); -} - -/* ****************************************************** */ - u_int8_t ndpi_is_proto(ndpi_protocol proto, u_int16_t p) { return(((proto.app_protocol == p) || (proto.master_protocol == p)) ? 1 : 0); } @@ -4575,10 +4554,6 @@ ndpi_protocol ndpi_guess_undetected_protocol(struct ndpi_detection_module_struct return(ret); } - ret = ndpi_find_port_based_protocol(ndpi_struct/* , proto */, shost, sport, dhost, dport); - if(ret.app_protocol != NDPI_PROTOCOL_UNKNOWN) - return(ret); - check_guessed_skype: addr.s_addr = htonl(shost); if(ndpi_network_ptree_match(ndpi_struct, &addr) == NDPI_PROTOCOL_SKYPE) { @@ -4701,26 +4676,20 @@ const char* ndpi_category_get_name(struct ndpi_detection_module_struct *ndpi_mod switch(category) { case NDPI_PROTOCOL_CATEGORY_CUSTOM_1: return(ndpi_mod->custom_category_labels[0]); - break; case NDPI_PROTOCOL_CATEGORY_CUSTOM_2: return(ndpi_mod->custom_category_labels[1]); - break; case NDPI_PROTOCOL_CATEGORY_CUSTOM_3: return(ndpi_mod->custom_category_labels[2]); - break; case NDPI_PROTOCOL_CATEGORY_CUSTOM_4: return(ndpi_mod->custom_category_labels[3]); - break; case NDPI_PROTOCOL_CATEGORY_CUSTOM_5: return(ndpi_mod->custom_category_labels[4]); - break; case NDPI_PROTOCOL_NUM_CATEGORIES: return("Code should not use this internal constant"); - break; + default: + return("Unspecified"); } } - - return("Unspecified"); } /* ****************************************************** */ diff --git a/src/lib/protocols/checkmk.c b/src/lib/protocols/checkmk.c index d407efea5..50a92c8d5 100755 --- a/src/lib/protocols/checkmk.c +++ b/src/lib/protocols/checkmk.c @@ -1,8 +1,7 @@ /* * checkmk.c * - * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-16 - ntop.org + * Copyright (C) 2011-17 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -20,20 +19,22 @@ * You should have received a copy of the GNU Lesser General Public License * along with nDPI. If not, see . * - * + * */ #include "ndpi_protocols.h" #ifdef NDPI_PROTOCOL_CHECKMK -static void ndpi_int_checkmk_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) +static void ndpi_int_checkmk_add_connection(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) { ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_CHECKMK, NDPI_PROTOCOL_UNKNOWN); } -void ndpi_search_checkmk(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) +void ndpi_search_checkmk(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; @@ -43,7 +44,7 @@ void ndpi_search_checkmk(struct ndpi_detection_module_struct *ndpi_struct, struc /* When we transfer a large data chunk, unless we have observed the initial connection, we need to discard these packets - as they are not an indication that this flow is not AFP + as they are not an indication that this flow is not AFP */ return; } @@ -52,10 +53,7 @@ void ndpi_search_checkmk(struct ndpi_detection_module_struct *ndpi_struct, struc * this will detect the OpenSession command of the Data Stream Interface (DSI) protocol * which is exclusively used by the Apple Filing Protocol (AFP) on TCP/IP networks */ - - - - if (packet->payload_packet_len >= 15 && packet->payload_packet_len < 100 + if (packet->payload_packet_len >= 15 && packet->payload_packet_len < 100 && memcmp(packet->payload, "<<>>", 14) == 0) { NDPI_LOG(NDPI_PROTOCOL_CHECKMK, ndpi_struct, NDPI_LOG_DEBUG, "Check_MK: Flow detected.\n"); @@ -69,7 +67,8 @@ void ndpi_search_checkmk(struct ndpi_detection_module_struct *ndpi_struct, struc } -void init_checkmk_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +void init_checkmk_dissector(struct ndpi_detection_module_struct *ndpi_struct, + u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) { ndpi_set_bitmask_protocol_detection("CHECKMK", ndpi_struct, detection_bitmask, *id, NDPI_PROTOCOL_CHECKMK, @@ -82,4 +81,3 @@ void init_checkmk_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_ #endif - -- cgit v1.2.3 From 3577072b12438bf2706789fbaf1bd1868d60fe94 Mon Sep 17 00:00:00 2001 From: Darryl Sokoloski Date: Thu, 30 Nov 2017 14:54:23 -0500 Subject: Return before calling ndpi_match_host_subprotocol when dns_dissect_response enabled. Otherwise responses will never be seen if a host sub-protocol matched. --- src/lib/protocols/dns.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c index 5358cc8b7..2d11554f1 100644 --- a/src/lib/protocols/dns.c +++ b/src/lib/protocols/dns.c @@ -197,6 +197,9 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd off++; } + if(is_query && ndpi_struct->dns_dissect_response) + return; /* The response will set the verdict */ + flow->host_server_name[j] = '\0'; flow->protos.dns.num_queries = (u_int8_t)dns_header.num_queries, @@ -217,9 +220,6 @@ void ndpi_search_dns(struct ndpi_detection_module_struct *ndpi_struct, struct nd #endif if(flow->packet.detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN) { - if(is_query && ndpi_struct->dns_dissect_response) - return; /* The response will set the verdict */ - /** Do not set the protocol with DNS if ndpi_match_host_subprotocol() has matched a subprotocol -- cgit v1.2.3 From 7fd840691683d882da80265d5dc324cc7b2666c4 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 5 Dec 2017 11:30:29 +0100 Subject: Fixed invalid symbolic categories --- src/lib/ndpi_main.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index c12b4bea2..464cee224 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -4642,11 +4642,11 @@ static const char* categories[] = { "Unspecified", "Media", "VPN", - "DataTransfer", "Email", - "Download-FileTransfer-FileSharing", + "DataTransfer", "Web", "SocialNetwork", + "Download-FileTransfer-FileSharing", "Game", "Chat", "VoIP", -- cgit v1.2.3 From 90ec8040e6e189b57cbf4e53a9de1651f1bf316f Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 6 Dec 2017 21:39:56 +0100 Subject: Improved Apple update pattern --- src/lib/ndpi_content_match.c.inc | 1 + 1 file changed, 1 insertion(+) (limited to 'src') diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index ceb713002..2682b2e71 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8044,6 +8044,7 @@ ndpi_protocol_match host_match[] = { { "swscan.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, { "itunes-apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, { "itunes.apple.com", "AppleiTunes", NDPI_PROTOCOL_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { "aaplimg.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, { ".cnn.c", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".cnn.net", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, -- cgit v1.2.3 From d88a73397d07e7ee1c9f14287019bc2d82ff8b18 Mon Sep 17 00:00:00 2001 From: Luca Date: Thu, 7 Dec 2017 18:29:46 +0100 Subject: Fix for #491 (SpeedTest/Ookla) --- src/lib/protocols/http.c | 56 ++++++++++++++++++++++++++++++--------------- tests/result/ookla.pcap.out | 2 +- 2 files changed, 39 insertions(+), 19 deletions(-) (limited to 'src') diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index c57c73aac..4b4a26ef3 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -543,15 +543,15 @@ static void http_bitmask_exclude(struct ndpi_flow_struct *flow) /*************************************************************************************************/ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct, - struct ndpi_flow_struct *flow) { - + struct ndpi_flow_struct *flow) { struct ndpi_packet_struct *packet = &flow->packet; u_int16_t filename_start; /* the filename in the request method line, e.g., "GET filename_start..."*/ packet->packet_lines_parsed_complete = 0; /* Check if we so far detected the protocol in the request or not. */ - if(flow->l4.tcp.http_stage == 0) { /* Expected a request */ + if(flow->l4.tcp.http_stage == 0) { + /* Expected a request */ flow->http_detected = 0; NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP stage %d: \n", @@ -572,11 +572,29 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct } if((packet->payload_packet_len == 3) && memcmp(packet->payload, "HI\n", 3) == 0) { - /* This looks like Ookla: we don't give up with HTTP yet */ - flow->l4.tcp.http_stage = 1; - return; + /* This looks like Ookla: we don't give up with HTTP yet */ + flow->l4.tcp.http_stage = 1; + return; } - + + if((packet->payload_packet_len == 40) && (flow->l4.tcp.http_stage == 0)) { + /* + -> QR O06L0072-6L91-4O43-857J-K8OO172L6L51 + <- QNUUX 2.5 2017-08-15.1314.4jn12m5 + -> MXFWUXJM 31625365 + */ + + if((packet->payload[2] == ' ') + && (packet->payload[11] == '-') + && (packet->payload[16] == '-') + && (packet->payload[21] == '-') + && (packet->payload[26] == '-') + && (packet->payload[39] == 0x0A) + ) + flow->l4.tcp.http_stage = 1; + return; + } + if((packet->payload_packet_len == 23) && (memcmp(packet->payload, "", 23) == 0)) { /* @@ -746,20 +764,23 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct http_bitmask_exclude(flow); } else if((flow->l4.tcp.http_stage == 1) || (flow->l4.tcp.http_stage == 2)) { - NDPI_LOG(NDPI_PROTOCOL_HTTP, ndpi_struct, NDPI_LOG_DEBUG, "HTTP stage %u: \n", flow->l4.tcp.http_stage); - - if(flow->l4.tcp.http_stage == 1) { - if((packet->payload_packet_len > 6) && memcmp(packet->payload, "HELLO ", 6) == 0) { - /* This looks like Ookla */ - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_UNKNOWN); - return; - } else - NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_OOKLA); + if((packet->payload_packet_len == 34) && (flow->l4.tcp.http_stage == 1)) { + if((packet->payload[5] == ' ') && (packet->payload[9] == ' ')) { + ndpi_int_http_add_connection(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA); + return; + } } - + + if((packet->payload_packet_len > 6) && memcmp(packet->payload, "HELLO ", 6) == 0) { + /* This looks like Ookla */ + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_UNKNOWN); + return; + } else + NDPI_ADD_PROTOCOL_TO_BITMASK(flow->excluded_protocol_bitmask, NDPI_PROTOCOL_OOKLA); + /** At first check, if this is for sure a response packet (in another direction. If not, if HTTP is detected do nothing now and return, otherwise check the second packet for the HTTP request @@ -843,7 +864,6 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct flow->l4.tcp.http_stage = 0; return; } - } void ndpi_search_http_tcp(struct ndpi_detection_module_struct *ndpi_struct, diff --git a/tests/result/ookla.pcap.out b/tests/result/ookla.pcap.out index 4a3dd3c5a..da52b60e8 100644 --- a/tests/result/ookla.pcap.out +++ b/tests/result/ookla.pcap.out @@ -1,4 +1,4 @@ Ookla 5086 4689745 2 - 1 TCP 192.168.1.7:51215 <-> 46.44.253.187:8080 [proto: 191/Ookla][2202 pkts/1032520 bytes <-> 2864 pkts/3652905 bytes] + 1 TCP 192.168.1.7:51215 <-> 46.44.253.187:8080 [proto: 7.191/HTTP.Ookla][2202 pkts/1032520 bytes <-> 2864 pkts/3652905 bytes] 2 TCP 192.168.1.7:51207 <-> 46.44.253.187:80 [proto: 7.191/HTTP.Ookla][12 pkts/2238 bytes <-> 8 pkts/2082 bytes] -- cgit v1.2.3 From 61bc528159ea332c0463ae2b3a056b2effce0b88 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Fri, 8 Dec 2017 18:13:31 +0100 Subject: Simplified IPv6 datatypes --- example/ndpi_util.c | 6 +++--- src/include/ndpi_typedefs.h | 31 ++++++++++++------------------- src/lib/ndpi_content_match.c.inc | 1 + src/lib/ndpi_main.c | 8 ++++---- src/lib/protocols/tcp_udp.c | 2 +- 5 files changed, 21 insertions(+), 27 deletions(-) (limited to 'src') diff --git a/example/ndpi_util.c b/example/ndpi_util.c index 11f66049c..b3b9f26a1 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -459,7 +459,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info6(struct ndpi_workflow * workflo iph.version = IPVERSION; iph.saddr = iph6->ip6_src.u6_addr.u6_addr32[2] + iph6->ip6_src.u6_addr.u6_addr32[3]; iph.daddr = iph6->ip6_dst.u6_addr.u6_addr32[2] + iph6->ip6_dst.u6_addr.u6_addr32[3]; - iph.protocol = iph6->ip6_ctlun.ip6_un1.ip6_un1_nxt; + iph.protocol = iph6->ip6_hdr.ip6_un1_nxt; if(iph.protocol == IPPROTO_DSTOPTS /* IPv6 destination option */) { u_int8_t *options = (u_int8_t*)iph6 + sizeof(const struct ndpi_ipv6hdr); @@ -469,7 +469,7 @@ static struct ndpi_flow_info *get_ndpi_flow_info6(struct ndpi_workflow * workflo return(get_ndpi_flow_info(workflow, 6, vlan_id, &iph, iph6, ip_offset, sizeof(struct ndpi_ipv6hdr), - ntohs(iph6->ip6_ctlun.ip6_un1.ip6_un1_plen), + ntohs(iph6->ip6_hdr.ip6_un1_plen), tcph, udph, sport, dport, src, dst, proto, payload, payload_len, src_to_dst_direction)); } @@ -881,7 +881,7 @@ struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow, } } else if(iph->version == 6) { iph6 = (struct ndpi_ipv6hdr *)&packet[ip_offset]; - proto = iph6->ip6_ctlun.ip6_un1.ip6_un1_nxt; + proto = iph6->ip6_hdr.ip6_un1_nxt; ip_len = sizeof(struct ndpi_ipv6hdr); if(proto == IPPROTO_DSTOPTS /* IPv6 destination option */) { diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index a55696e13..8aab7408f 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -206,34 +206,27 @@ struct ndpi_iphdr { /* +++++++++++++++++++++++ IPv6 header +++++++++++++++++++++++ */ /* rfc3542 */ -struct ndpi_in6_addr -{ - union - { +struct ndpi_in6_addr { + union { u_int8_t u6_addr8[16]; u_int16_t u6_addr16[8]; u_int32_t u6_addr32[4]; } u6_addr; /* 128-bit IP6 address */ }; -PACK_ON -struct ndpi_ipv6hdr -{ - union - { - struct ndpi_ip6_hdrctl - { - u_int32_t ip6_un1_flow; - u_int16_t ip6_un1_plen; - u_int8_t ip6_un1_nxt; - u_int8_t ip6_un1_hlim; - } ip6_un1; - u_int8_t ip6_un2_vfc; - } ip6_ctlun; +struct ndpi_ip6_hdrctl { + u_int32_t ip6_un1_flow; + u_int16_t ip6_un1_plen; + u_int8_t ip6_un1_nxt; + u_int8_t ip6_un1_hlim; +}; +/* PACK_ON */ +struct ndpi_ipv6hdr { + struct ndpi_ip6_hdrctl ip6_hdr; struct ndpi_in6_addr ip6_src; struct ndpi_in6_addr ip6_dst; -} PACK_OFF; +} /* PACK_OFF */; /* +++++++++++++++++++++++ TCP header +++++++++++++++++++++++ */ diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 2682b2e71..7c3856068 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8050,6 +8050,7 @@ ndpi_protocol_match host_match[] = { { ".cnn.net", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".dropbox.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { ".dropboxstatic.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, { ".dropbox-dns.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, { "log.getdropbox.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 25d8de602..3405779e7 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -3020,10 +3020,10 @@ static u_int8_t ndpi_detection_get_l4_internal(struct ndpi_detection_module_stru l4protocol = iph->protocol; } #ifdef NDPI_DETECTION_SUPPORT_IPV6 - else if(iph_v6 != NULL && (l3_len - sizeof(struct ndpi_ipv6hdr)) >= ntohs(iph_v6->ip6_ctlun.ip6_un1.ip6_un1_plen)) { + else if(iph_v6 != NULL && (l3_len - sizeof(struct ndpi_ipv6hdr)) >= ntohs(iph_v6->ip6_hdr.ip6_un1_plen)) { l4ptr = (((const u_int8_t *) iph_v6) + sizeof(struct ndpi_ipv6hdr)); - l4len = ntohs(iph_v6->ip6_ctlun.ip6_un1.ip6_un1_plen); - l4protocol = iph_v6->ip6_ctlun.ip6_un1.ip6_un1_nxt; + l4len = ntohs(iph_v6->ip6_hdr.ip6_un1_plen); + l4protocol = iph_v6->ip6_hdr.ip6_un1_nxt; // we need to handle IPv6 extension headers if present if(ndpi_handle_ipv6_extension_headers(ndpi_struct, &l4ptr, &l4len, &l4protocol) != 0) { @@ -3660,7 +3660,7 @@ ndpi_protocol ndpi_detection_process_packet(struct ndpi_detection_module_struct #ifdef NDPI_DETECTION_SUPPORT_IPV6 if(flow->packet.iphv6 != NULL) { - protocol = flow->packet.iphv6->ip6_ctlun.ip6_un1.ip6_un1_nxt; + protocol = flow->packet.iphv6->ip6_hdr.ip6_un1_nxt; } else #endif { diff --git a/src/lib/protocols/tcp_udp.c b/src/lib/protocols/tcp_udp.c index f7e8c9ac1..407d36b3b 100644 --- a/src/lib/protocols/tcp_udp.c +++ b/src/lib/protocols/tcp_udp.c @@ -74,7 +74,7 @@ void ndpi_search_tcp_or_udp(struct ndpi_detection_module_struct *ndpi_struct, st flow, flow->packet.iph ? flow->packet.iph->protocol : #ifdef NDPI_DETECTION_SUPPORT_IPV6 - flow->packet.iphv6->ip6_ctlun.ip6_un1.ip6_un1_nxt, + flow->packet.iphv6->ip6_hdr.ip6_un1_nxt, #else 0, #endif -- cgit v1.2.3 From cd12a8608883f7079ff877db6b3a769860f36951 Mon Sep 17 00:00:00 2001 From: Simone Mainardi Date: Mon, 11 Dec 2017 20:15:00 +0100 Subject: Implements ndpi_get_category_id --- libndpi.sym | 1 + src/include/ndpi_api.h | 15 +++++++++++++-- src/lib/ndpi_main.c | 16 ++++++++++++++++ 3 files changed, 30 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/libndpi.sym b/libndpi.sym index c821189e8..6508f5d91 100644 --- a/libndpi.sym +++ b/libndpi.sym @@ -22,6 +22,7 @@ ndpi_init_detection_module ndpi_get_num_supported_protocols ndpi_set_proto_defaults ndpi_get_protocol_id +ndpi_get_category_id ndpi_find_port_based_protocol ndpi_get_http_method ndpi_get_http_url diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 2062974ad..9fbabc5f7 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -533,13 +533,24 @@ extern "C" { * Return the ID of the protocol * * @par ndpi_mod = the detection module - * @par proto = the ID of the protocol - * @return the string name of the breed ID + * @par proto = the protocol name + * @return the ID of the protocol * */ int ndpi_get_protocol_id(struct ndpi_detection_module_struct *ndpi_mod, char *proto); + /** + * Return the ID of the category + * + * @par ndpi_mod = the detection module + * @par proto = the category name + * @return the ID of the category + * + */ + int ndpi_get_category_id(struct ndpi_detection_module_struct *ndpi_mod, char *cat); + + /** * Write the list of the supported protocols * diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 3405779e7..0288c3e9f 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -4676,6 +4676,7 @@ void ndpi_category_set_name(struct ndpi_detection_module_struct *ndpi_mod, /* ****************************************************** */ +/* Keep it in order and in sync with ndpi_protocol_category_t in ndpi_typedefs.h */ static const char* categories[] = { "Unspecified", "Media", @@ -4807,6 +4808,21 @@ int ndpi_get_protocol_id(struct ndpi_detection_module_struct *ndpi_mod, char *pr /* ****************************************************** */ +int ndpi_get_category_id(struct ndpi_detection_module_struct *ndpi_mod, char *cat) { + int i; + const char *name; + + for(i = 0; i < NDPI_PROTOCOL_NUM_CATEGORIES; i++) { + name = ndpi_category_get_name(ndpi_mod, i); + if(strcasecmp(cat, name) == 0) + return(i); + } + + return(-1); +} + +/* ****************************************************** */ + void ndpi_dump_protocols(struct ndpi_detection_module_struct *ndpi_mod) { int i; for(i=0; i<(int)ndpi_mod->ndpi_num_supported_protocols; i++) -- cgit v1.2.3 From a06c3995302981f35121ec154a718507954d4efd Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 13 Dec 2017 08:04:51 +0100 Subject: Compilation fixes --- src/lib/protocols/http.c | 2 +- src/lib/protocols/pando.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c index 50eef99ed..187f2a84a 100644 --- a/src/lib/protocols/http.c +++ b/src/lib/protocols/http.c @@ -492,7 +492,7 @@ static struct l_string { STATIC_STRING_L("REPORT ") }; static const char *http_fs = "CDGHOPR"; -static inline uint8_t non_ctrl(uint8_t c) { +static uint8_t non_ctrl(uint8_t c) { return c < 32 ? '.':c; } diff --git a/src/lib/protocols/pando.c b/src/lib/protocols/pando.c index e5f292550..ccf1ee12d 100644 --- a/src/lib/protocols/pando.c +++ b/src/lib/protocols/pando.c @@ -121,7 +121,7 @@ static void ndpi_check_pando_udp(struct ndpi_detection_module_struct *ndpi_struc NDPI_LOG_INFO(ndpi_struct, "found PANDO\n"); ndpi_int_pando_add_connection(ndpi_struct, flow); } else { - NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to PANDO, resetting the stage to 0\n") + NDPI_LOG_DBG2(ndpi_struct, "The reply did not seem to belong to PANDO, resetting the stage to 0\n"); flow->pando_stage = 0; } } -- cgit v1.2.3 From 00e6ee3dc337c0af106345950005cbeb63ad6acd Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Fri, 15 Dec 2017 10:33:01 +0100 Subject: Implemented GooglePlus support that replaced ancient Quake protocol now obsolete --- src/include/ndpi_protocol_ids.h | 2 +- src/lib/Makefile.am | 1 - src/lib/ndpi_content_match.c.inc | 2 + src/lib/ndpi_main.c | 8 --- src/lib/protocols/quake.c | 106 --------------------------------------- 5 files changed, 3 insertions(+), 116 deletions(-) delete mode 100644 src/lib/protocols/quake.c (limited to 'src') diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index c9496797c..aaa25a396 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -109,7 +109,7 @@ #define NDPI_PROTOCOL_OSCAR 69 #define NDPI_PROTOCOL_YAHOO 70 #define NDPI_PROTOCOL_BATTLEFIELD 71 -#define NDPI_PROTOCOL_QUAKE 72 +#define NDPI_PROTOCOL_GOOGLE_PLUS 72 #define NDPI_PROTOCOL_IP_VRRP 73 #define NDPI_PROTOCOL_STEAM 74 /* Tomasz Bujlow */ #define NDPI_PROTOCOL_HALFLIFE2 75 diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index 7db19f818..410a50f21 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -104,7 +104,6 @@ libndpi_la_SOURCES = ndpi_content_match.c.inc \ protocols/ppstream.c \ protocols/pptp.c \ protocols/qq.c \ - protocols/quake.c \ protocols/quic.c \ protocols/radius.c \ protocols/rdp.c \ diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 7c3856068..e306efae9 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8078,6 +8078,8 @@ ndpi_protocol_match host_match[] = { { "android.clients.google.com", "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, { "ggpht.com", "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { "plus.google.com", "GooglePlus", NDPI_PROTOCOL_GOOGLE_PLUS, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "plus.url.google.com", "GooglePlus", NDPI_PROTOCOL_GOOGLE_PLUS, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { "google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".gstatic.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 0288c3e9f..5d9061465 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1132,11 +1132,6 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "BattleField", NDPI_PROTOCOL_CATEGORY_GAME, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_FUN, NDPI_PROTOCOL_QUAKE, - no_master, - no_master, "Quake", NDPI_PROTOCOL_CATEGORY_GAME, - ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, - ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_VRRP, no_master, no_master, "VRRP", NDPI_PROTOCOL_CATEGORY_NETWORK, @@ -2575,9 +2570,6 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* BGP */ init_bgp_dissector(ndpi_struct, &a, detection_bitmask); - /* QUAKE */ - init_quake_dissector(ndpi_struct, &a, detection_bitmask); - /* BATTLEFIELD */ init_battlefield_dissector(ndpi_struct, &a, detection_bitmask); diff --git a/src/lib/protocols/quake.c b/src/lib/protocols/quake.c deleted file mode 100644 index 6f00c4296..000000000 --- a/src/lib/protocols/quake.c +++ /dev/null @@ -1,106 +0,0 @@ -/* - * quake.c - * - * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org - * - * This file is part of nDPI, an open source deep packet inspection - * library based on the OpenDPI and PACE technology by ipoque GmbH - * - * nDPI is free software: you can redistribute it and/or modify - * it under the terms of the GNU Lesser General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * nDPI is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with nDPI. If not, see . - * - */ - -#include "ndpi_protocol_ids.h" - -#ifdef NDPI_PROTOCOL_QUAKE - -#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_QUAKE - -#include "ndpi_api.h" - - -static void ndpi_int_quake_add_connection(struct ndpi_detection_module_struct - *ndpi_struct, struct ndpi_flow_struct *flow) -{ - ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_QUAKE, NDPI_PROTOCOL_UNKNOWN); -} - -void ndpi_search_quake(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) -{ - struct ndpi_packet_struct *packet = &flow->packet; - - NDPI_LOG_DBG(ndpi_struct, "search Quake\n"); - - if ((packet->payload_packet_len == 14 - && get_u_int16_t(packet->payload, 0) == 0xffff && memcmp(&packet->payload[2], "getInfo", 7) == 0) - || (packet->payload_packet_len == 17 - && get_u_int16_t(packet->payload, 0) == 0xffff && memcmp(&packet->payload[2], "challenge", 9) == 0) - || (packet->payload_packet_len > 20 - && packet->payload_packet_len < 30 - && get_u_int16_t(packet->payload, 0) == 0xffff && memcmp(&packet->payload[2], "getServers", 10) == 0)) { - NDPI_LOG_INFO(ndpi_struct, "found Quake IV\n"); - ndpi_int_quake_add_connection(ndpi_struct, flow); - return; - } - - /* Quake III/Quake Live */ - if (packet->payload_packet_len == 15 && get_u_int32_t(packet->payload, 0) == 0xffffffff - && memcmp(&packet->payload[4], "getinfo", NDPI_STATICSTRING_LEN("getinfo")) == 0) { - NDPI_LOG_INFO(ndpi_struct, "found Quake III Arena/Quake Live\n"); - ndpi_int_quake_add_connection(ndpi_struct, flow); - return; - } - if (packet->payload_packet_len == 16 && get_u_int32_t(packet->payload, 0) == 0xffffffff - && memcmp(&packet->payload[4], "getchallenge", NDPI_STATICSTRING_LEN("getchallenge")) == 0) { - NDPI_LOG_INFO(ndpi_struct, "found Quake III Arena/Quake Live\n"); - ndpi_int_quake_add_connection(ndpi_struct, flow); - return; - } - if (packet->payload_packet_len > 20 && packet->payload_packet_len < 30 - && get_u_int32_t(packet->payload, 0) == 0xffffffff - && memcmp(&packet->payload[4], "getservers", NDPI_STATICSTRING_LEN("getservers")) == 0) { - NDPI_LOG_INFO(ndpi_struct, "found Quake III Arena/Quake Live\n"); - ndpi_int_quake_add_connection(ndpi_struct, flow); - return; - } - - - - /* ports for startup packet: - Quake I 26000 (starts with 0x8000) - Quake II 27910 - Quake III 27960 (increases with each player) - Quake IV 27650 - Quake World 27500 - Quake Wars ????? - */ - - NDPI_EXCLUDE_PROTO(ndpi_struct, flow); -} - - -void init_quake_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) -{ - ndpi_set_bitmask_protocol_detection("Quake", ndpi_struct, detection_bitmask, *id, - NDPI_PROTOCOL_QUAKE, - ndpi_search_quake, - NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, - SAVE_DETECTION_BITMASK_AS_UNKNOWN, - ADD_TO_DETECTION_BITMASK); - - *id += 1; -} - -#endif -- cgit v1.2.3 From caf602c4a9210e821a5650abc49590d89f16ea23 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sat, 23 Dec 2017 19:40:39 +0100 Subject: Merged categories network and network_tool (way too similar) Replaced former network_tool category with streaming category --- src/include/ndpi_typedefs.h | 2 +- src/lib/ndpi_content_match.c.inc | 44 ++++++++++++++++++++-------------------- src/lib/ndpi_main.c | 27 ++++++++++++++---------- 3 files changed, 39 insertions(+), 34 deletions(-) (limited to 'src') diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 8aab7408f..beb6a86f8 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -777,7 +777,7 @@ typedef enum { NDPI_PROTOCOL_CATEGORY_NETWORK, /* Network infrastructure protocols */ NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, /* Software for collaborative development, including Webmail */ NDPI_PROTOCOL_CATEGORY_RPC, /* High level network communication protocols */ - NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, /* Network administration and monitor protocols */ + NDPI_PROTOCOL_CATEGORY_STREAMING, /* Streaming protocols */ NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, /* System/Operating System level applications */ NDPI_PROTOCOL_CATEGORY_SW_UPDATE, /* Software update */ /* See #define NUM_CUSTOM_CATEGORIES */ diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index e306efae9..e1f46c110 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8043,7 +8043,7 @@ ndpi_protocol_match host_match[] = { { "myapp.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, { "swscan.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, { "itunes-apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, - { "itunes.apple.com", "AppleiTunes", NDPI_PROTOCOL_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_FUN }, + { "itunes.apple.com", "AppleiTunes", NDPI_PROTOCOL_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, { "aaplimg.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, { ".cnn.c", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, @@ -8068,7 +8068,7 @@ ndpi_protocol_match host_match[] = { { "fbcdn-", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { ".facebook.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".speedtest.net", "Ookla", NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, NDPI_PROTOCOL_SAFE }, + { ".speedtest.net", "Ookla", NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_SAFE }, { "drive-thirdparty.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, { "docs.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, @@ -8102,15 +8102,15 @@ ndpi_protocol_match host_match[] = { { "mail.outlook.com", "Hotmail", NDPI_PROTOCOL_HOTMAIL, NDPI_PROTOCOL_CATEGORY_MAIL, NDPI_PROTOCOL_ACCEPTABLE }, - { ".last.fm", "LastFM", NDPI_PROTOCOL_LASTFM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".last.fm", "LastFM", NDPI_PROTOCOL_LASTFM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, { "msn.com", "MSN", NDPI_PROTOCOL_MSN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, /*News site*/ - { "netflix.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "nflxext.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "nflximg.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "nflximg.net", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "nflxvideo.net", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "netflix.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "nflxext.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "nflximg.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "nflximg.net", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "nflxvideo.net", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, { ".skype.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, { ".skypeassets.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, @@ -8159,7 +8159,7 @@ ndpi_protocol_match host_match[] = { { "audio-fa.scdn.co", "Spotify", NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".pandora.com", "Pandora", NDPI_PROTOCOL_PANDORA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".pandora.com", "Pandora", NDPI_PROTOCOL_PANDORA, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, { ".torproject.org", "Tor", NDPI_PROTOCOL_TOR, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, @@ -8169,7 +8169,7 @@ ndpi_protocol_match host_match[] = { { "static-cdn.jtvnw.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "www-cdn.jtvnw.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "quickplay.com", "QuickPlay", NDPI_PROTOCOL_QUICKPLAY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "quickplay.com", "QuickPlay", NDPI_PROTOCOL_QUICKPLAY, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, { ".qq.com", "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, { ".gtimg.com", "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, @@ -8197,7 +8197,7 @@ ndpi_protocol_match host_match[] = { { ".waze.com", "Waze", NDPI_PROTOCOL_WAZE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".deezer.com", "Deezer", NDPI_PROTOCOL_DEEZER, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".deezer.com", "Deezer", NDPI_PROTOCOL_DEEZER, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, { ".microsoft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { "i-msdn.sec.s-msft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, NDPI_PROTOCOL_ACCEPTABLE }, @@ -8268,16 +8268,16 @@ ndpi_protocol_match host_match[] = { { "githubusercontent.com", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, { ".githubusercontent.com", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".iqiyi.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".qiyi.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".71.am", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".qiyipic.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".iqiyi.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".qiyi.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".71.am", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".qiyipic.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".ppstream.com", "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".pps.tv", "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".ppstream.com", "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".pps.tv", "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".1kxun.", "1kxun", NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "tcad.wedolook.com", "1kxun", NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".1kxun.", "1kxun", NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "tcad.wedolook.com", "1kxun", NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, { ".steampowered.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, { "steamcommunity.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, @@ -8310,9 +8310,9 @@ ndpi_protocol_match host_match[] = { { ".linkedin.com", "LinkedIn", NDPI_PROTOCOL_LINKEDIN, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { ".licdn.com", "LinkedIn", NDPI_PROTOCOL_LINKEDIN, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".sndcdn.com", "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".soundcloud.com", "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "getrockerbox.com", "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".sndcdn.com", "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".soundcloud.com", "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "getrockerbox.com", "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, { "web.telegram.org", "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, { "tdesktop.com", "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 5d9061465..f6c39b250 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -872,7 +872,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SNMP, no_master, - no_master, "SNMP", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, + no_master, "SNMP", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 161, 162, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_XDMCP, @@ -922,7 +922,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_SOCRATES, no_master, - no_master, "Socrates", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, + no_master, "Socrates", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_VMWARE, @@ -1288,7 +1288,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 5060, 5061, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TRUPHONE, no_master, - no_master, "TruPhone", NDPI_PROTOCOL_CATEGORY_CHAT, + no_master, "TruPhone", NDPI_PROTOCOL_CATEGORY_VOIP, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_IP_ICMPV6, @@ -1378,12 +1378,12 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_NETFLOW, no_master, - no_master, "NetFlow", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, + no_master, "NetFlow", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 2055, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SFLOW, no_master, - no_master, "sFlow", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, + no_master, "sFlow", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 6343, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_HTTP_CONNECT, @@ -1413,7 +1413,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_RADIUS, no_master, - no_master, "Radius", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, + no_master, "Radius", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 1812, 1813, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 1812, 1813, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_TEAMVIEWER, @@ -1456,6 +1456,11 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "Dropbox", NDPI_PROTOCOL_CATEGORY_CLOUD, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 17500, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SPOTIFY, + no_master, + no_master, "Spotify", NDPI_PROTOCOL_CATEGORY_STREAMING, + ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_LISP, no_master, no_master, "LISP", NDPI_PROTOCOL_CATEGORY_CLOUD, @@ -1484,7 +1489,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 5355, 0, 0, 0, 0) /* UDP */); /* Missing dissector: port based only */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, NDPI_PROTOCOL_REMOTE_SCAN, no_master, - no_master, "RemoteScan", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, + no_master, "RemoteScan", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 6077, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 6078, 0, 0, 0, 0) /* UDP */); /* Missing dissector: port based only */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_CONTENT_WEBM, @@ -1549,7 +1554,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_WHOIS_DAS, no_master, - no_master, "Whois-DAS", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, + no_master, "Whois-DAS", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 43, 4343, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_COLLECTD, @@ -1604,7 +1609,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 1119, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_UBNTAC2, no_master, - no_master, "UBNTAC2", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, + no_master, "UBNTAC2", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 10001, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_VIBER, @@ -1659,7 +1664,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_SAFE, NDPI_PROTOCOL_OOKLA, no_master, - no_master, "Ookla", NDPI_PROTOCOL_CATEGORY_NETWORK_TOOL, + no_master, "Ookla", NDPI_PROTOCOL_CATEGORY_NETWORK, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0), /* TCP */ ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0)); /* UDP */ ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_AMQP, @@ -4687,7 +4692,7 @@ static const char* categories[] = { "Network", "Collaborative", "RPC", - "NetworkTool", + "Streaming", "System", "SoftwareUpdate", "", -- cgit v1.2.3 From 8d52491508f6df8a2d1763b89690281d4952540c Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 25 Dec 2017 19:26:17 +0100 Subject: Added simplified makefile Fixed small warnings Compilation fixes --- src/include/ndpi_api.h | 4 +++- src/lib/Makefile.simple | 22 ++++++++++++++++++++++ src/lib/protocols/btlib.c | 16 ++++++++++++---- src/lib/protocols/btlib.h | 2 +- src/lib/third_party/src/ndpi_patricia.c | 1 + 5 files changed, 39 insertions(+), 6 deletions(-) create mode 100644 src/lib/Makefile.simple (limited to 'src') diff --git a/src/include/ndpi_api.h b/src/include/ndpi_api.h index 9fbabc5f7..25a7612f2 100644 --- a/src/include/ndpi_api.h +++ b/src/include/ndpi_api.h @@ -736,7 +736,9 @@ extern "C" { void set_ndpi_flow_malloc(void* (*__ndpi_flow_malloc)(size_t size)); void set_ndpi_flow_free(void (*__ndpi_flow_free)(void *ptr)); void set_ndpi_debug_function(struct ndpi_detection_module_struct *ndpi_str, ndpi_debug_function_ptr ndpi_debug_printf); - + void * ndpi_malloc(size_t size); + void * ndpi_calloc(unsigned long count, size_t size); + void ndpi_free(void *ptr); #ifdef __cplusplus } #endif diff --git a/src/lib/Makefile.simple b/src/lib/Makefile.simple new file mode 100644 index 000000000..b7db4ff30 --- /dev/null +++ b/src/lib/Makefile.simple @@ -0,0 +1,22 @@ +# +# Simple non-autotools dependent makefile +# +# ./autogen.sh +# cd src/lib +# make -f Makefile.simple +# +CFLAGS += -fPIC -DPIC -I../include -Ithird_party/include +RANLIB=ranlib + +OBJECTS = $(patsubst protocols/%.c, protocols/%.o, $(wildcard protocols/*.c)) ndpi_main.o third_party/src/ndpi_patricia.o +HEADERS = $(wildcard ../include/*.h) + +libndpi.a: $(OBJECTS) + ar rc $@ $(OBJECTS) + $(RANLIB) $@ + +%.o: %.c $(HEADERS) Makefile + $(CC) $(CFLAGS) -c $< -o $@ + +clean: + /bin/rm -f libndpi.a $(OBJECTS) \ No newline at end of file diff --git a/src/lib/protocols/btlib.c b/src/lib/protocols/btlib.c index 66d9654bc..ac456f364 100644 --- a/src/lib/protocols/btlib.c +++ b/src/lib/protocols/btlib.c @@ -29,17 +29,17 @@ #include #include +/* typedef unsigned char u_int8_t; typedef unsigned short int u_int16_t; typedef unsigned long long int u_int64_t; +*/ #include #include #include #endif -typedef signed long long int i_int64_t; - #include "btlib.h" int bt_parse_debug = 0; @@ -90,6 +90,7 @@ static char *print_id_ip6_p(char *s,const struct bt_nodes6_data *b) { } +#if 0 void dump_bt_proto_struct(struct bt_parse_protocol *p) { char b20h[128]; int i; @@ -155,7 +156,9 @@ void dump_bt_proto_struct(struct bt_parse_protocol *p) { if(p->interval) printf("\tinterval\t%d\n",p->interval); if(p->min_interval) printf("\tmin interval\t%d\n",p->min_interval); } +#endif +#ifdef BTLIB_DEBUG static void _print_safe_str(char *msg,char *k,const u_int8_t *s,size_t l) { static const char *th="0123456789abcdef?"; char *buf = (char*)ndpi_malloc((size_t)(l*3+2)); @@ -183,6 +186,11 @@ static void print_safe_str(char *msg,bt_parse_data_cb_t *cbd) { } #define DEBUG_TRACE(cmd) { if(bt_parse_debug) cmd; } +#else +#define DEBUG_TRACE(cmd) ; +#endif + + #define STREQ(a,b) !strcmp(a,b) @@ -408,8 +416,8 @@ void cb_data(bt_parse_data_cb_t *cbd,int *ret) { const u_int8_t *bt_decode(const u_int8_t *b, size_t *l, int *ret, bt_parse_data_cb_t *cbd) { unsigned int n=0,neg=0; - i_int64_t d = 0; - register u_int8_t c; + int64_t d = 0; + u_int8_t c; if(*l == 0) return NULL; if(cbd->level > BDEC_MAXDEPT) goto bad_data; diff --git a/src/lib/protocols/btlib.h b/src/lib/protocols/btlib.h index a9ca53786..cc8b52b65 100644 --- a/src/lib/protocols/btlib.h +++ b/src/lib/protocols/btlib.h @@ -171,7 +171,7 @@ typedef struct bt_parse_data_cb { int level; int t; union { - i_int64_t i; + int64_t i; b_elem_s_t s; } v; } bt_parse_data_cb_t; diff --git a/src/lib/third_party/src/ndpi_patricia.c b/src/lib/third_party/src/ndpi_patricia.c index fe63b21b1..2bc4f869c 100644 --- a/src/lib/third_party/src/ndpi_patricia.c +++ b/src/lib/third_party/src/ndpi_patricia.c @@ -54,6 +54,7 @@ #include /* BSD, Linux, Solaris: for inet_addr */ #endif #include "ndpi_patricia.h" +#include "ndpi_api.h" void ndpi_DeleteEntry(void *a) { ndpi_free(a); -- cgit v1.2.3 From f5e366d8c4766c56c0ca7ec61e973d395b76ed5d Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 25 Dec 2017 19:57:03 +0100 Subject: Added third party libs --- src/lib/Makefile.simple | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/lib/Makefile.simple b/src/lib/Makefile.simple index b7db4ff30..2a6649131 100644 --- a/src/lib/Makefile.simple +++ b/src/lib/Makefile.simple @@ -8,7 +8,7 @@ CFLAGS += -fPIC -DPIC -I../include -Ithird_party/include RANLIB=ranlib -OBJECTS = $(patsubst protocols/%.c, protocols/%.o, $(wildcard protocols/*.c)) ndpi_main.o third_party/src/ndpi_patricia.o +OBJECTS = $(patsubst protocols/%.c, protocols/%.o, $(wildcard protocols/*.c)) $(patsubst third_party/src/%.c, third_party/src/%.o, $(wildcard third_party/src/*.c)) ndpi_main.o HEADERS = $(wildcard ../include/*.h) libndpi.a: $(OBJECTS) -- cgit v1.2.3 From 1d1082342f608d37a4abcdf18c3e7e60c8734b05 Mon Sep 17 00:00:00 2001 From: Campus Date: Tue, 2 Jan 2018 13:47:46 +0100 Subject: added diameter protocol dissector --- src/include/ndpi_protocol_ids.h | 5 +- src/include/ndpi_protocols.h | 4 +- src/lib/Makefile.am | 1 + src/lib/ndpi_main.c | 10 ++- src/lib/protocols/bittorrent.c | 2 +- src/lib/protocols/diameter.c | 132 ++++++++++++++++++++++++++++++++++++++++ src/lib/protocols/quic.c | 2 +- tests/pcap/diameter.pcap | Bin 0 -> 2100 bytes tests/result/diameter.pcap.out | 3 + 9 files changed, 153 insertions(+), 6 deletions(-) create mode 100644 src/lib/protocols/diameter.c create mode 100644 tests/pcap/diameter.pcap create mode 100644 tests/result/diameter.pcap.out (limited to 'src') diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index aaa25a396..30d138d3f 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -2,7 +2,7 @@ /* * ndpi_protocol_ids.h * - * Copyright (C) 2011-17 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -275,9 +275,10 @@ #define NDPI_PROTOCOL_SOUNDCLOUD 234 #define NDPI_PROTOCOL_CSGO 235 /* Counter-Strike Global Offensive, Dota 2 */ #define NDPI_PROTOCOL_LISP 236 +#define NDPI_PROTOCOL_DIAMETER 237 /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ -#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_LISP +#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_DIAMETER #define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1) #define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL) diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index da7acaef7..2fb105afe 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -1,7 +1,7 @@ /* * ndpi_protocols.h * - * Copyright (C) 2011-16 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -52,6 +52,7 @@ u_int ndpi_search_tcp_or_udp_raw(struct ndpi_detection_module_struct *ndpi_struc void ndpi_search_tcp_or_udp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); /* Applications and other protocols. */ +void ndpi_search_diameter(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_bittorrent(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_lisp(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_edonkey(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); @@ -202,6 +203,7 @@ void ndpi_search_tinc(struct ndpi_detection_module_struct *ndpi_struct, struct n void ndpi_search_fix(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); void ndpi_search_csgo(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow); /* --- INIT FUNCTIONS --- */ +void init_diameter_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_afp_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_aimini_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_applejuice_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index 410a50f21..e67d076c3 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -37,6 +37,7 @@ libndpi_la_SOURCES = ndpi_content_match.c.inc \ protocols/dcerpc.c \ protocols/dhcp.c \ protocols/dhcpv6.c \ + protocols/diameter.c \ protocols/directconnect.c \ protocols/directdownloadlink.c \ protocols/dns.c \ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index f6c39b250..13a216b1d 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1,7 +1,7 @@ /* * ndpi_main.c * - * Copyright (C) 2011-17 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH @@ -1451,6 +1451,11 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "QUIC", NDPI_PROTOCOL_CATEGORY_WEB, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 443, 80, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DIAMETER, + no_master, + no_master, "Diameter", NDPI_PROTOCOL_CATEGORY_WEB, + ndpi_build_default_ports(ports_a, 3868, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DROPBOX, no_master, no_master, "Dropbox", NDPI_PROTOCOL_CATEGORY_CLOUD, @@ -2767,6 +2772,9 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* QUIC */ init_quic_dissector(ndpi_struct, &a, detection_bitmask); + /* DIAMETER */ + init_diameter_dissector(ndpi_struct, &a, detection_bitmask); + /* EAQ */ init_eaq_dissector(ndpi_struct, &a, detection_bitmask); diff --git a/src/lib/protocols/bittorrent.c b/src/lib/protocols/bittorrent.c index 727992702..81fc3baf6 100644 --- a/src/lib/protocols/bittorrent.c +++ b/src/lib/protocols/bittorrent.c @@ -2,7 +2,7 @@ * bittorrent.c * * Copyright (C) 2009-2011 by ipoque GmbH - * Copyright (C) 2011-15 - ntop.org + * Copyright (C) 2011-18 - ntop.org * * This file is part of nDPI, an open source deep packet inspection * library based on the OpenDPI and PACE technology by ipoque GmbH diff --git a/src/lib/protocols/diameter.c b/src/lib/protocols/diameter.c new file mode 100644 index 000000000..24317f498 --- /dev/null +++ b/src/lib/protocols/diameter.c @@ -0,0 +1,132 @@ +/* + * aimini.c + * + * Copyright (C) 2018 - ntop.org + * Written by Michele Campus - + * + * This file is part of nDPI, an open source deep packet inspection + * library based on the OpenDPI and PACE technology by ipoque GmbH + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_DIAMETER + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_DIAMETER + +#include "ndpi_api.h" + + +// Header Flags possibile values +#define REQUEST 0X80 +#define PROXYABLE 0X40 +#define ERROR 0X20 +#define RETRASM 0X10 + +typedef enum { + AC = 271, + AS = 274, + CC = 272, + CE = 257, + DW = 280, + DP = 282, + RA = 258, + ST = 275 +} com_type_t; + +#define DIAM_HEADER_LEN 20 + +// DIAMETER header +struct diameter_header_t +{ + u_int8_t version; + u_int8_t length[3]; + u_int8_t flags; + u_int8_t com_code[3]; + u_int32_t app_id; + u_int32_t hop_id; + u_int32_t end_id; +}; + + +// Check packet +int is_diameter(struct ndpi_packet_struct *packet, int size_payload) +{ + // check param + if(!packet || size_payload == 0) return -1; + + // cast to diameter header + struct diameter_header_t *diameter = (struct diameter_header_t *) packet; + + // check if the packet is diameter + if(diameter->version == 0x01 && + (diameter->flags == REQUEST || + diameter->flags == PROXYABLE || + diameter->flags == ERROR || + diameter->flags == RETRASM)) { + + u_int16_t com_code = diameter->com_code[2] + (diameter->com_code[1] << 8) + (diameter->com_code[0] << 8); + + if(com_code == AC || com_code == AS || + com_code == CC || com_code == CE || + com_code == DW || com_code == DP || + com_code == RA || com_code == ST) + return 0; // OK + } + // wrong packet + return -2; +} + + +void ndpi_search_diameter(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) +{ + struct ndpi_packet_struct *packet = &flow->packet; + + // Diameter is on TCP + if(packet->tcp) { + + /* Check if it's diameter */ + int ret = is_diameter(packet, packet->payload_packet_len); + if(ret != 0) { + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + return; + } + else { + NDPI_LOG_INFO(ndpi_struct, "found Diameter\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_DIAMETER, NDPI_PROTOCOL_UNKNOWN); + } + } + else { // UDP + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); + return; + } +} + + +void init_diameter_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, + NDPI_PROTOCOL_BITMASK *detection_bitmask) +{ + ndpi_set_bitmask_protocol_detection("Diameter", ndpi_struct, detection_bitmask, *id, + NDPI_PROTOCOL_DIAMETER, ndpi_search_diameter, + NDPI_SELECTION_BITMASK_PROTOCOL_V4_V6_UDP_WITH_PAYLOAD, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, ADD_TO_DETECTION_BITMASK); + + *id += 1; +} + +#endif /* NDPI_PROTOCOL_DIAMETER */ + diff --git a/src/lib/protocols/quic.c b/src/lib/protocols/quic.c index 24a2b8f12..203aead36 100644 --- a/src/lib/protocols/quic.c +++ b/src/lib/protocols/quic.c @@ -1,7 +1,7 @@ /* * quic.c * - * Copyright (C) 2012-16 - ntop.org + * Copyright (C) 2012-18 - ntop.org * * Based on code of: * Andrea Buscarinu - diff --git a/tests/pcap/diameter.pcap b/tests/pcap/diameter.pcap new file mode 100644 index 000000000..cad16d27b Binary files /dev/null and b/tests/pcap/diameter.pcap differ diff --git a/tests/result/diameter.pcap.out b/tests/result/diameter.pcap.out new file mode 100644 index 000000000..9a43af0ef --- /dev/null +++ b/tests/result/diameter.pcap.out @@ -0,0 +1,3 @@ +Diameter 6 1980 1 + + 1 TCP 10.201.9.245:50957 <-> 10.201.9.11:3868 [proto: 237/Diameter][3 pkts/1174 bytes <-> 3 pkts/806 bytes] -- cgit v1.2.3 From 61e297b851af570109e72a93a65b1ac5ccfda0b4 Mon Sep 17 00:00:00 2001 From: Campus Date: Fri, 5 Jan 2018 00:34:33 +0100 Subject: add missing check for free TCP/UDP root in tree --- src/lib/ndpi_main.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 13a216b1d..e1979fbb2 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -2041,8 +2041,10 @@ void ndpi_exit_detection_module(struct ndpi_detection_module_struct *ndpi_struct if(ndpi_struct->protocols_ptree) ndpi_Destroy_Patricia((patricia_tree_t*)ndpi_struct->protocols_ptree, free_ptree_data); - ndpi_tdestroy(ndpi_struct->udpRoot, ndpi_free); - ndpi_tdestroy(ndpi_struct->tcpRoot, ndpi_free); + if (ndpi_struct->udpRoot != NULL) + ndpi_tdestroy(ndpi_struct->udpRoot, ndpi_free); + if (ndpi_struct->tcpRoot != NULL) + ndpi_tdestroy(ndpi_struct->tcpRoot, ndpi_free); if(ndpi_struct->host_automa.ac_automa != NULL) ac_automata_release((AC_AUTOMATA_t*)ndpi_struct->host_automa.ac_automa); -- cgit v1.2.3 From 35dc6e27ae11a92553611a9d3d8c1ed963a894d4 Mon Sep 17 00:00:00 2001 From: Ludovico Cavedon Date: Tue, 9 Jan 2018 10:26:10 -0800 Subject: Fix MPLS header parsing in ndpiReader. Reported at https://bugs.debian.org/886133. The current parsing for the MPLS header in examples/ndpi_util.c has multiple issues: - the bitfield order is incorrect for little endian architectures - ntohl() is applied to a 20 bit label, which has unclear purpose - if multiple labels are detected, the while loop parsing labels will never exit due to a missing re-read of the mpls label - the last label is identified by looking inside the label field, while it should be done by looking at the S bit This change fixes the above issues. Notice that bitfield ordering is implementation-dependent, so C bitfields should not be used in the first place to parse network packets. --- example/ndpi_util.c | 15 +++++++++------ src/include/ndpi_typedefs.h | 8 ++++++++ 2 files changed, 17 insertions(+), 6 deletions(-) (limited to 'src') diff --git a/example/ndpi_util.c b/example/ndpi_util.c index d0a8470dc..af83c6d14 100644 --- a/example/ndpi_util.c +++ b/example/ndpi_util.c @@ -689,7 +689,10 @@ struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow, const struct ndpi_wifi_header *wifi; /* --- MPLS header --- */ - struct ndpi_mpls_header *mpls; + union mpls { + uint32_t u32; + struct ndpi_mpls_header mpls; + } mpls; /** --- IP header --- **/ struct ndpi_iphdr *iph; @@ -846,15 +849,15 @@ struct ndpi_proto ndpi_workflow_process_packet (struct ndpi_workflow * workflow, break; case MPLS_UNI: case MPLS_MULTI: - mpls = (struct ndpi_mpls_header *) &packet[ip_offset]; - label = ntohl(mpls->label); - /* label = ntohl(*((u_int32_t*)&packet[ip_offset])); */ + mpls.u32 = *((uint32_t *) &packet[ip_offset]); + mpls.u32 = ntohl(mpls.u32); workflow->stats.mpls_count++; type = ETH_P_IP, ip_offset += 4; - while((label & 0x100) != 0x100) { + while(!mpls.mpls.s) { ip_offset += 4; - label = ntohl(mpls->label); + mpls.u32 = *((uint32_t *) &packet[ip_offset]); + mpls.u32 = ntohl(mpls.u32); } break; case PPPoE: diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index beb6a86f8..d0afcb40c 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -178,7 +178,15 @@ struct ndpi_wifi_header PACK_ON struct ndpi_mpls_header { + /* Before using this strcut to parse an MPLS header, you will need to convert + * the 4-byte data to the correct endianess with ntohl(). */ +#if defined(__LITTLE_ENDIAN__) + u_int32_t ttl:8, s:1, exp:3, label:20; +#elif defined(__BIG_ENDIAN__) u_int32_t label:20, exp:3, s:1, ttl:8; +#else +# error "Byte order must be defined" +#endif } PACK_OFF; /* ++++++++++++++++++++++++ IP header ++++++++++++++++++++++++ */ -- cgit v1.2.3 From ced9658c63693ca178638a351b7dcde93eab170b Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 15 Jan 2018 20:13:34 +0100 Subject: Added ApplePush support --- src/include/ndpi_protocol_ids.h | 4 +- src/lib/Makefile.am | 1 + src/lib/ndpi_content_match.c.inc | 6 ++- src/lib/ndpi_main.c | 10 ++++- src/lib/protocols/apple_push.c | 81 ++++++++++++++++++++++++++++++++++++++++ 5 files changed, 97 insertions(+), 5 deletions(-) create mode 100644 src/lib/protocols/apple_push.c (limited to 'src') diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 30d138d3f..dc32345e3 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -210,7 +210,6 @@ #define NDPI_PROTOCOL_WHOIS_DAS 170 #define NDPI_PROTOCOL_COLLECTD 171 #define NDPI_PROTOCOL_SOCKS 172 /* Tomasz Bujlow */ -/* The Lync protocol is now skype for business and this the old id 173 can now be recycled */ #define NDPI_PROTOCOL_NINTENDO 173 #define NDPI_PROTOCOL_RTMP 174 /* Tomasz Bujlow */ #define NDPI_PROTOCOL_FTP_DATA 175 /* Tomasz Bujlow */ @@ -276,9 +275,10 @@ #define NDPI_PROTOCOL_CSGO 235 /* Counter-Strike Global Offensive, Dota 2 */ #define NDPI_PROTOCOL_LISP 236 #define NDPI_PROTOCOL_DIAMETER 237 +#define NDPI_PROTOCOL_APPLE_PUSH 238 /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ -#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_DIAMETER +#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_APPLE_PUSH #define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1) #define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL) diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index e67d076c3..2d587496b 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -19,6 +19,7 @@ libndpi_la_SOURCES = ndpi_content_match.c.inc \ protocols/afp.c \ protocols/aimini.c \ protocols/applejuice.c \ + protocols/apple_push.c \ protocols/armagetron.c \ protocols/ayiya.c \ protocols/amqp.c \ diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index e1f46c110..5a7a1fa66 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8030,11 +8030,11 @@ ndpi_protocol_match host_match[] = { { "amazon-adsystem.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".cloudfront.net", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".apple.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + + { ".push.apple.com", "ApplePush", NDPI_PROTOCOL_APPLE_PUSH, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE }, { ".apple-dns.net", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".mzstatic.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".aaplimg.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".icloud.com", "AppleiCloud", NDPI_PROTOCOL_APPLE_ICLOUD, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "iosapps.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, /* iOS */ { "osxapps.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, /* MacOS */ { "buy.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, @@ -8045,6 +8045,8 @@ ndpi_protocol_match host_match[] = { { "itunes-apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, { "itunes.apple.com", "AppleiTunes", NDPI_PROTOCOL_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, { "aaplimg.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { ".apple.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".icloud.com", "AppleiCloud", NDPI_PROTOCOL_APPLE_ICLOUD, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".cnn.c", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".cnn.net", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index e1979fbb2..27eddfd1a 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1451,11 +1451,16 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp no_master, "QUIC", NDPI_PROTOCOL_CATEGORY_WEB, ndpi_build_default_ports(ports_a, 0, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 443, 80, 0, 0, 0) /* UDP */); - ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DIAMETER, + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DIAMETER, no_master, no_master, "Diameter", NDPI_PROTOCOL_CATEGORY_WEB, ndpi_build_default_ports(ports_a, 3868, 0, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); + ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_APPLE_PUSH, + no_master, + no_master, "ApplePush", NDPI_PROTOCOL_CATEGORY_CLOUD, + ndpi_build_default_ports(ports_a, 1, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_DROPBOX, no_master, no_master, "Dropbox", NDPI_PROTOCOL_CATEGORY_CLOUD, @@ -2777,6 +2782,9 @@ void ndpi_set_protocol_detection_bitmask2(struct ndpi_detection_module_struct *n /* DIAMETER */ init_diameter_dissector(ndpi_struct, &a, detection_bitmask); + /* APPLE_PUSH */ + init_apple_push_dissector(ndpi_struct, &a, detection_bitmask); + /* EAQ */ init_eaq_dissector(ndpi_struct, &a, detection_bitmask); diff --git a/src/lib/protocols/apple_push.c b/src/lib/protocols/apple_push.c new file mode 100644 index 000000000..734be6e96 --- /dev/null +++ b/src/lib/protocols/apple_push.c @@ -0,0 +1,81 @@ +/* + * apple_push.c + * + * Copyright (C) 2018 by ntop.org + * + * This file is part of nDPI, an open source deep packet inspection + * library based on the OpenDPI and PACE technology by ipoque GmbH + * + * nDPI is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * nDPI is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with nDPI. If not, see . + * + */ + +#include "ndpi_protocol_ids.h" + +#ifdef NDPI_PROTOCOL_APPLE_PUSH + +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_APPLE_PUSH + +#include "ndpi_api.h" + +static void ndpi_check_apple_push(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow) { + struct ndpi_packet_struct *packet = &flow->packet; + + /* https://support.apple.com/en-us/HT203609 */ + if(((ntohl(packet->iph->saddr) & 0xFF000000 /* 255.0.0.0 */) == 0x11000000 /* 17.0.0.0/8 */) + || ((ntohl(packet->iph->daddr) & 0xFF000000 /* 255.0.0.0 */) == 0x11000000 /* 17.0.0.0/8 */)) { + u_int16_t apple_push_port = ntohs(5223); + u_int16_t notification_apn_port = ntohs(2195); + u_int16_t apn_feedback_port = ntohs(2196); + + if(((packet->tcp->source == apple_push_port) || (packet->tcp->dest == apple_push_port)) + || ((packet->tcp->source == notification_apn_port) || (packet->tcp->dest == notification_apn_port)) + || ((packet->tcp->source == apn_feedback_port) || (packet->tcp->dest == apn_feedback_port)) + ) { + NDPI_LOG_INFO(ndpi_struct, "found apple_push\n"); + ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_APPLE_PUSH, NDPI_PROTOCOL_UNKNOWN); + return; + } + } + + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); +} + +void ndpi_search_apple_push(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) +{ + struct ndpi_packet_struct *packet = &flow->packet; + + NDPI_LOG_DBG(ndpi_struct, "search apple_push\n"); + + /* skip marked packets */ + if(packet->detected_protocol_stack[0] != NDPI_PROTOCOL_APPLE_PUSH) + ndpi_check_apple_push(ndpi_struct, flow); +} + + +void init_apple_push_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) +{ + ndpi_set_bitmask_protocol_detection("APPLE_PUSH", ndpi_struct, detection_bitmask, *id, + NDPI_PROTOCOL_APPLE_PUSH, + ndpi_search_apple_push, + NDPI_SELECTION_BITMASK_PROTOCOL_TCP, + SAVE_DETECTION_BITMASK_AS_UNKNOWN, + ADD_TO_DETECTION_BITMASK); + *id += 1; +} + + + +#endif -- cgit v1.2.3 From fbf7fe242462d07b0dc3a72907421a2b472b5d21 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 16 Jan 2018 15:57:45 +0100 Subject: Implemented Google services detection Refreshed google-based services support --- src/include/ndpi_protocol_ids.h | 3 ++- src/include/ndpi_protocols.h | 1 + src/include/ndpi_typedefs.h | 7 +++--- src/lib/ndpi_content_match.c.inc | 49 +++++++++++++++++++++++++++++++--------- 4 files changed, 45 insertions(+), 15 deletions(-) (limited to 'src') diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index dc32345e3..acc510d49 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -276,9 +276,10 @@ #define NDPI_PROTOCOL_LISP 236 #define NDPI_PROTOCOL_DIAMETER 237 #define NDPI_PROTOCOL_APPLE_PUSH 238 +#define NDPI_PROTOCOL_GOOGLE_SERVICES 239 /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ -#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_APPLE_PUSH +#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_GOOGLE_SERVICES #define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1) #define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL) diff --git a/src/include/ndpi_protocols.h b/src/include/ndpi_protocols.h index 2fb105afe..3268488e1 100644 --- a/src/include/ndpi_protocols.h +++ b/src/include/ndpi_protocols.h @@ -352,5 +352,6 @@ void init_fix_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int3 void init_nintendo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_csgo_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); void init_checkmk_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); +void init_apple_push_dissector(struct ndpi_detection_module_struct *ndpi_struct, u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask); #endif /* __NDPI_PROTOCOLS_H__ */ diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index d0afcb40c..15b629068 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -756,11 +756,12 @@ typedef struct { } ndpi_port_range; typedef enum { - NDPI_PROTOCOL_SAFE = 0, /* Surely doesn’t provide risks for the network. (e.g., a news site) */ - NDPI_PROTOCOL_ACCEPTABLE, /* Probably doesn’t provide risks, but could be malicious (e.g., Dropbox) */ + NDPI_PROTOCOL_SAFE = 0, /* Surely doesn't provide risks for the network. (e.g., a news site) */ + NDPI_PROTOCOL_ACCEPTABLE, /* Probably doesn't provide risks, but could be malicious (e.g., Dropbox) */ NDPI_PROTOCOL_FUN, /* Pure fun protocol, which may be prohibited by the user policy (e.g., Netflix) */ NDPI_PROTOCOL_UNSAFE, /* Probably provides risks, but could be a normal traffic. Unencrypted protocols with clear pass should be here (e.g., telnet) */ NDPI_PROTOCOL_POTENTIALLY_DANGEROUS, /* Surely is dangerous (ex. Tor). Be prepared to troubles */ + NDPI_PROTOCOL_TRACKER_ADS, /* Trackers, Advertisements... */ NDPI_PROTOCOL_UNRATED /* No idea, not implemented or impossible to classify */ } ndpi_protocol_breed_t; @@ -773,7 +774,7 @@ typedef enum { NDPI_PROTOCOL_CATEGORY_VPN, /* Virtual Private Networks */ NDPI_PROTOCOL_CATEGORY_MAIL, /* Protocols to send/receive/sync emails */ NDPI_PROTOCOL_CATEGORY_DATA_TRANSFER, /* AFS/NFS and similar protocols */ - NDPI_PROTOCOL_CATEGORY_WEB, /* Web protocols and services */ + NDPI_PROTOCOL_CATEGORY_WEB, /* Web/mobile protocols and services */ NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, /* Social networks */ NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, /* Download, FTP, file transfer/sharing */ NDPI_PROTOCOL_CATEGORY_GAME, /* Online games */ diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 5a7a1fa66..48f39f1b7 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -636,7 +636,7 @@ static ndpi_network host_protocol_list[] = { /* Teamviewer 159.122.189.32-63 */ { 0x9F7ABD30 /* 159.122.189.32 */, 21, NDPI_PROTOCOL_TEAMVIEWER }, - + /* IFLIX services -by www.vizuamatix.com R&D team */ @@ -852,7 +852,7 @@ static ndpi_network host_protocol_list[] = { { 0x5B6C1400 /* 91.108.20.0/22 */, 22, NDPI_PROTOCOL_TELEGRAM }, { 0x5B6C3800 /* 91.108.56.0/22 */, 22, NDPI_PROTOCOL_TELEGRAM }, { 0x959AA000 /* 149.154.160.0/20 */, 20, NDPI_PROTOCOL_TELEGRAM }, - + /* BitTorrent */ @@ -8080,20 +8080,47 @@ ndpi_protocol_match host_match[] = { { "android.clients.google.com", "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, { "ggpht.com", "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + /* + See https://better.fyi/trackers/ + + DoubleClick by Google (2mdn.net) + DoubleClick by Google (doubleclick.net) + DoubleClick by Google, Inc. (dmtry.com) + Google AdSense by Google (google.com) + Google AdSense by Google (google.se) + Google AdSense by Google (googleadservices.com) + Google Analytics by Google (google-analytics.com) + Google APIs by Google (ajax.googleapis.com) + Google Fonts by Google (fonts.googleapis.com) + Google Interactive Media Ads (imasdk.googleapis.com) + Google Syndication (googlesyndication.com) + Google Tag Manager by Google (googletagmanager.com) + Google Tag Manager by Google (googletagservices.com) + Gstatic by Google (gstatic.com) + */ + + /* Google Advertisements */ + { ".googlesyndication.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_ACCEPTABLE }, + { "googleads.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_ACCEPTABLE }, + { ".doubleclick.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_ACCEPTABLE }, + { "googleadservices.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_ACCEPTABLE }, + { ".2mdn.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_ACCEPTABLE }, + { ".dmtry.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_ACCEPTABLE }, + { "google-analytics.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_ACCEPTABLE }, + + /* Google Services */ + { "googleapis.com", "GoogleServices", NDPI_PROTOCOL_GOOGLE_SERVICES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".googletagservices.com", "GoogleServices", NDPI_PROTOCOL_GOOGLE_SERVICES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "mtalk.google.com", "GoogleServices", NDPI_PROTOCOL_GOOGLE_SERVICES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "plus.google.com", "GooglePlus", NDPI_PROTOCOL_GOOGLE_PLUS, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { "plus.url.google.com", "GooglePlus", NDPI_PROTOCOL_GOOGLE_PLUS, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { "google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".gstatic.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".googlesyndication.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".googletagservices.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".2mdn.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".doubleclick.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, /* Ads */ - { "googleads.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "google-analytics.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "googleusercontent.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "googleadservices.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "googleapis.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "1e100.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "maps.google.", "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, @@ -8106,7 +8133,7 @@ ndpi_protocol_match host_match[] = { { ".last.fm", "LastFM", NDPI_PROTOCOL_LASTFM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { "msn.com", "MSN", NDPI_PROTOCOL_MSN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, /*News site*/ + { "msn.com", "MSN", NDPI_PROTOCOL_MSN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, /* News site */ { "netflix.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, { "nflxext.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, -- cgit v1.2.3 From d2d20a8aa4bbd6994c23f34dc9e06febae9aaf12 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Tue, 16 Jan 2018 16:39:30 +0100 Subject: Warnign fix --- src/lib/ndpi_content_match.c.inc | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) (limited to 'src') diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 48f39f1b7..26c7cc068 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8100,13 +8100,13 @@ ndpi_protocol_match host_match[] = { */ /* Google Advertisements */ - { ".googlesyndication.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_ACCEPTABLE }, - { "googleads.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_ACCEPTABLE }, - { ".doubleclick.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_ACCEPTABLE }, - { "googleadservices.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_ACCEPTABLE }, - { ".2mdn.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_ACCEPTABLE }, - { ".dmtry.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_ACCEPTABLE }, - { "google-analytics.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_TRACKER_ADS, NDPI_PROTOCOL_ACCEPTABLE }, + { ".googlesyndication.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, + { "googleads.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, + { ".doubleclick.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, + { "googleadservices.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, + { ".2mdn.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, + { ".dmtry.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, + { "google-analytics.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, /* Google Services */ { "googleapis.com", "GoogleServices", NDPI_PROTOCOL_GOOGLE_SERVICES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, @@ -8119,6 +8119,9 @@ ndpi_protocol_match host_match[] = { { ".google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".gstatic.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + /* http://check.googlezip.net/connect [check browser connectivity] */ + { ".googlezip.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "googleusercontent.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "1e100.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, -- cgit v1.2.3 From d18824a73fa7f05122bc35000a8a1b538c62fc58 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Fri, 19 Jan 2018 14:33:43 +0100 Subject: Cleaned up Amazon IP range Improved HostShield VPN --- src/lib/ndpi_content_match.c.inc | 56 +++------------------------------------- 1 file changed, 3 insertions(+), 53 deletions(-) (limited to 'src') diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 26c7cc068..7b868a764 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -216,59 +216,9 @@ static ndpi_network host_protocol_list[] = { { 0x344D0000 /* 52.77.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, { 0x344E0000 /* 52.78.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, { 0x344F0000 /* 52.79.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, - { 0x3452BB00 /* 52.82.187.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, - { 0x34530000 /* 52.83.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, - { 0x34540000 /* 52.84.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, - { 0x34560000 /* 52.86.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, - { 0x34580000 /* 52.88.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, + { 0x3452BB00 /* 52.82.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x34580000 /* 52.88.0.0/13 */, 13, NDPI_PROTOCOL_AMAZON }, { 0x345A0000 /* 52.90.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, - { 0x345C0000 /* 52.92.0.0/20 */, 20, NDPI_PROTOCOL_AMAZON }, - { 0x345C1000 /* 52.92.16.0/20 */, 20, NDPI_PROTOCOL_AMAZON }, - { 0x345C2000 /* 52.92.32.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, - { 0x345C2800 /* 52.92.40.0/21 */, 21, NDPI_PROTOCOL_AMAZON }, - { 0x345C3000 /* 52.92.48.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, - { 0x345C3400 /* 52.92.52.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, - { 0x345C3800 /* 52.92.56.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, - { 0x345C3C00 /* 52.92.60.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, - { 0x345C4000 /* 52.92.64.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, - { 0x345C4400 /* 52.92.68.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, - { 0x345C4800 /* 52.92.72.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, - { 0x345C4C00 /* 52.92.76.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, - { 0x345C5400 /* 52.92.84.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, - { 0x345C5800 /* 52.92.88.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, - { 0x345CF800 /* 52.92.248.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, - { 0x345CFC00 /* 52.92.252.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, - { 0x345D0000 /* 52.93.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, - { 0x345E0000 /* 52.94.0.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, - { 0x345E0400 /* 52.94.4.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, - { 0x345E0500 /* 52.94.5.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, - { 0x345E0600 /* 52.94.6.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, - { 0x345E0700 /* 52.94.7.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, - { 0x345E0800 /* 52.94.8.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, - { 0x345E0900 /* 52.94.9.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, - { 0x345E0A00 /* 52.94.10.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, - { 0x345E0B00 /* 52.94.11.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, - { 0x345E0C00 /* 52.94.12.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, - { 0x345E0D00 /* 52.94.13.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, - { 0x345E0E00 /* 52.94.14.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, - { 0x345E0F00 /* 52.94.15.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, - { 0x345E1100 /* 52.94.17.0/24 */, 24, NDPI_PROTOCOL_AMAZON }, - { 0x345E1800 /* 52.94.24.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, - { 0x345E1C00 /* 52.94.28.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, - { 0x345E2000 /* 52.94.32.0/20 */, 20, NDPI_PROTOCOL_AMAZON }, - { 0x345E3000 /* 52.94.48.0/20 */, 20, NDPI_PROTOCOL_AMAZON }, - { 0x345E4000 /* 52.94.64.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, - { 0x345E5000 /* 52.94.80.0/20 */, 20, NDPI_PROTOCOL_AMAZON }, - { 0x345E6000 /* 52.94.96.0/20 */, 20, NDPI_PROTOCOL_AMAZON }, - { 0x345E7000 /* 52.94.112.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, - { 0x345ECC00 /* 52.94.204.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, - { 0x345ECE00 /* 52.94.206.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, - { 0x345ED000 /* 52.94.208.0/21 */, 21, NDPI_PROTOCOL_AMAZON }, - { 0x345ED800 /* 52.94.216.0/21 */, 21, NDPI_PROTOCOL_AMAZON }, - { 0x345EE000 /* 52.94.224.0/20 */, 20, NDPI_PROTOCOL_AMAZON }, - { 0x345EF000 /* 52.94.240.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, - { 0x345EFC00 /* 52.94.252.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, - { 0x345EFE00 /* 52.94.254.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, { 0x345F0000 /* 52.95.0.0/21 */, 21, NDPI_PROTOCOL_AMAZON }, { 0x345F0A00 /* 52.95.10.0/23 */, 23, NDPI_PROTOCOL_AMAZON }, { 0x345F0C00 /* 52.95.12.0/22 */, 22, NDPI_PROTOCOL_AMAZON }, @@ -8030,7 +7980,6 @@ ndpi_protocol_match host_match[] = { { "amazon-adsystem.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".cloudfront.net", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".push.apple.com", "ApplePush", NDPI_PROTOCOL_APPLE_PUSH, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE }, { ".apple-dns.net", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { ".mzstatic.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, @@ -8251,6 +8200,7 @@ ndpi_protocol_match host_match[] = { { ".anchorfree.", "HotspotShield", NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, { "hotspotshield.com", "HotspotShield", NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, + { ".northghost.com", "HotspotShield", NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, { ".webex.com", "Webex", NDPI_PROTOCOL_WEBEX, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, -- cgit v1.2.3 From e09ebab0c2faea63be03e58ac4cf512faf965752 Mon Sep 17 00:00:00 2001 From: emanuele-f Date: Wed, 24 Jan 2018 16:47:23 +0100 Subject: Initial support for Intel hyperscan pattern matching library. --- src/include/ndpi_typedefs.h | 5 +++ src/lib/ndpi_main.c | 83 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 88 insertions(+) (limited to 'src') diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 15b629068..3e4fcabad 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -937,6 +937,11 @@ struct ndpi_detection_module_struct { u_int8_t http_dont_dissect_response:1, dns_dissect_response:1, direction_detect_disable:1; /* disable internal detection of packet direction */ + +#ifdef HAVE_HYPERSCAN + hs_database_t *hs_database; + hs_scratch_t *hs_scratch; +#endif }; struct ndpi_flow_struct { diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 27eddfd1a..e3a646c97 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -731,10 +731,63 @@ void ndpi_init_protocol_match(struct ndpi_detection_module_struct *ndpi_mod, /* ******************************************************************** */ +#ifdef HAVE_HYPERSCAN + +static int init_hyperscan(struct ndpi_detection_module_struct *ndpi_mod) { + // TODO populate from ndpi_content_match.c.inc + // The regexes + static const char* expressions[] = { + "\\.facebook\\.com$", + "\\.youtube\\.com$", + "\\.youtube\\.it$", + "^video\\..*\\.google\\.com$", + "wikipedia\\.org$", + }; + // The protocol ID to associate to each regex + static unsigned int ids[] = { + NDPI_PROTOCOL_FACEBOOK, + NDPI_PROTOCOL_YOUTUBE, + NDPI_PROTOCOL_YOUTUBE, + NDPI_PROTOCOL_GOOGLE, + NDPI_PROTOCOL_WIKIPEDIA, + }; + #define NUM_EXPRESSIONS 5 // must match the above structures length + + hs_compile_error_t *compile_err; + + if(hs_compile_multi(expressions, NULL, ids, + NUM_EXPRESSIONS, HS_MODE_BLOCK, NULL, + &ndpi_mod->hs_database, &compile_err) != HS_SUCCESS) { + NDPI_LOG_ERR(ndpi_mod, "Unable to initialize hyperscan database\n"); + hs_free_compile_error(compile_err); + return -1; + } + + if(hs_alloc_scratch(ndpi_mod->hs_database, &ndpi_mod->hs_scratch) != HS_SUCCESS) { + NDPI_LOG_ERR(ndpi_mod, "Unable to allocate hyperscan scratch space\n"); + hs_free_database(ndpi_mod->hs_database); + return -1; + } + + return 0; +} + +static void destroy_hyperscan(struct ndpi_detection_module_struct *ndpi_mod) { + hs_free_scratch(ndpi_mod->hs_scratch); + hs_free_database(ndpi_mod->hs_database); +} + +#endif + static void init_string_based_protocols(struct ndpi_detection_module_struct *ndpi_mod) { int i; +#ifdef HAVE_HYPERSCAN + // TODO check return value + init_hyperscan(ndpi_mod); +#endif + for(i=0; host_match[i].string_to_match != NULL; i++) ndpi_init_protocol_match(ndpi_mod, &host_match[i]); @@ -2063,6 +2116,10 @@ void ndpi_exit_detection_module(struct ndpi_detection_module_struct *ndpi_struct if(ndpi_struct->impossible_bigrams_automa.ac_automa != NULL) ac_automata_release((AC_AUTOMATA_t*)ndpi_struct->impossible_bigrams_automa.ac_automa); +#ifdef HAVE_HYPERSCAN + destroy_hyperscan(ndpi_struct); +#endif + ndpi_free(ndpi_struct); } } @@ -4929,6 +4986,8 @@ int ndpi_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_stru /* ****************************************************** */ +#ifndef HAVE_HYPERSCAN + static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow, char *string_to_match, u_int string_to_match_len, @@ -4969,6 +5028,30 @@ static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_str return(NDPI_PROTOCOL_UNKNOWN); } +#else + +static int hyperscanEventHandler(unsigned int id, unsigned long long from, + unsigned long long to, unsigned int flags, void *ctx) { + *((int *)ctx) = (int)id; + return HS_SCAN_TERMINATED; +} + +static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, + struct ndpi_flow_struct *flow, + char *string_to_match, u_int string_to_match_len, + u_int16_t master_protocol_id, + u_int8_t is_host_match) { + int rv = NDPI_PROTOCOL_UNKNOWN; + + if(hs_scan(ndpi_struct->hs_database, string_to_match, string_to_match_len, 0, ndpi_struct->hs_scratch, + hyperscanEventHandler, &rv) != HS_SUCCESS) + NDPI_LOG_ERR(ndpi_struct, "[NDPI] Hyperscan match returned error\n"); + + return rv; +} + +#endif + /* ****************************************************** */ int ndpi_match_host_subprotocol(struct ndpi_detection_module_struct *ndpi_struct, -- cgit v1.2.3 From 78feabfad741561bbfff2be52b3eadaee9be0e2b Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 24 Jan 2018 22:11:05 +0100 Subject: Inital hyperscan work --- configure.seed | 15 +- example/Makefile.am | 6 +- example/ndpiReader.c | 1 - src/include/ndpi_typedefs.h | 74 +++-- src/lib/Makefile.am | 2 +- src/lib/ndpi_content_match.c.inc | 610 +++++++++++++++++++-------------------- src/lib/ndpi_main.c | 92 ++++-- src/lib/protocols/rx.c | 6 +- src/lib/protocols/tinc.c | 1 + 9 files changed, 420 insertions(+), 387 deletions(-) (limited to 'src') diff --git a/configure.seed b/configure.seed index 2b2392a16..b6c53cf43 100644 --- a/configure.seed +++ b/configure.seed @@ -51,6 +51,17 @@ else AC_CHECK_LIB([numa], [numa_available], [LIBNUMA="-lnuma"]) fi + +HS_LIB= +HS_INC= +AC_ARG_WITH(hyperscan, [ --with-hyperscan Enable Intel Hyperscan (if available)]) + +if test "${with_hyperscan}" == "yes"; then : + AC_CHECK_LIB([hs], [hs_compile_multi], AC_DEFINE_UNQUOTED(HAVE_HYPERSCAN, 1, [Intel Hyperscan is present])) + HS_INC=`pkg-config --cflags libhs` + HS_LIB=`pkg-config --libs libhs` +fi + if test -f $PCAP_HOME/libpcap/libpcap.a; then : echo "Using libpcap from $PCAP_HOME" PCAP_INC="-I $PCAP_HOME/libpcap" @@ -101,7 +112,7 @@ AS_IF([test "x$enable_json_c" != "xno"], [ AC_CHECK_LIB(pthread, pthread_setaffinity_np, AC_DEFINE_UNQUOTED(HAVE_PTHREAD_SETAFFINITY_NP, 1, [libc has pthread_setaffinity_np])) AC_CONFIG_FILES([Makefile src/lib/Makefile example/Makefile tests/Makefile libndpi.pc src/include/ndpi_define.h]) -AC_CONFIG_HEADERS(config.h) +AC_CONFIG_HEADERS(src/include/ndpi_config.h) AC_SUBST(GIT_RELEASE) AC_SUBST(NDPI_MAJOR) AC_SUBST(NDPI_MINOR) @@ -111,6 +122,8 @@ AC_SUBST(JSON_C_LIB) AC_SUBST(PCAP_INC) AC_SUBST(PCAP_LIB) AC_SUBST(DL_LIB) +AC_SUBST(HS_LIB) +AC_SUBST(HS_INC) AC_SUBST(HAVE_PTHREAD_SETAFFINITY_NP) AC_OUTPUT diff --git a/example/Makefile.am b/example/Makefile.am index 6cc6a14ce..9eedc21d8 100644 --- a/example/Makefile.am +++ b/example/Makefile.am @@ -1,10 +1,10 @@ bin_PROGRAMS = ndpiReader -AM_CPPFLAGS = -I$(top_srcdir)/src/include -I$(top_srcdir)/src/lib/third_party/include @PCAP_INC@ +AM_CPPFLAGS = -I$(top_srcdir)/src/include -I$(top_srcdir)/src/lib/third_party/include @PCAP_INC@ @HS_INC@ AM_CFLAGS = @PTHREAD_CFLAGS@ # --coverage -LDADD = $(top_builddir)/src/lib/libndpi.la @JSON_C_LIB@ @PTHREAD_LIBS@ @PCAP_LIB@ @DL_LIB@ -lm -AM_LDFLAGS = -static @DL_LIB@ +LDADD = $(top_builddir)/src/lib/libndpi.la @JSON_C_LIB@ @PTHREAD_LIBS@ @PCAP_LIB@ @DL_LIB@ @HS_LIB@ -lm +AM_LDFLAGS = -static @DL_LIB@ @HS_LIB@ ndpiReader_SOURCES = ndpiReader.c ndpi_util.c ndpi_util.h uthash.h diff --git a/example/ndpiReader.c b/example/ndpiReader.c index aa8e09507..202de40d4 100644 --- a/example/ndpiReader.c +++ b/example/ndpiReader.c @@ -43,7 +43,6 @@ #include #include #include -#include "../config.h" #include "ndpi_api.h" #include "uthash.h" #include diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 739d82294..7ad9757a4 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -25,33 +25,28 @@ #define __NDPI_TYPEDEFS_H__ #include "ndpi_define.h" -#include "libcache.h" #define BT_ANNOUNCE #define SNAP_EXT - /* NDPI_LOG_LEVEL */ -typedef enum - { - NDPI_LOG_ERROR, - NDPI_LOG_TRACE, - NDPI_LOG_DEBUG, - NDPI_LOG_DEBUG_EXTRA - } ndpi_log_level_t; +typedef enum { + NDPI_LOG_ERROR, + NDPI_LOG_TRACE, + NDPI_LOG_DEBUG, + NDPI_LOG_DEBUG_EXTRA +} ndpi_log_level_t; /* NDPI_VISIT */ -typedef enum - { - ndpi_preorder, - ndpi_postorder, - ndpi_endorder, - ndpi_leaf - } ndpi_VISIT; +typedef enum { + ndpi_preorder, + ndpi_postorder, + ndpi_endorder, + ndpi_leaf +} ndpi_VISIT; /* NDPI_NODE */ -typedef struct node_t -{ +typedef struct node_t { char *key; struct node_t *left, *right; } ndpi_node; @@ -60,8 +55,7 @@ typedef struct node_t typedef u_int32_t ndpi_ndpi_mask; /* NDPI_PROTO_BITMASK_STRUCT */ -typedef struct ndpi_protocol_bitmask_struct -{ +typedef struct ndpi_protocol_bitmask_struct { ndpi_ndpi_mask fds_bits[NDPI_NUM_FDS_BITS]; } ndpi_protocol_bitmask_struct_t; @@ -797,9 +791,9 @@ typedef enum { NDPI_PROTOCOL_CATEGORY_CUSTOM_5, /* User custom category 5 */ NDPI_PROTOCOL_NUM_CATEGORIES /* - NOTE: Keep this as last member - Unused as value but useful to getting the number of elements - in this datastructure + NOTE: Keep this as last member + Unused as value but useful to getting the number of elements + in this datastructure */ } ndpi_protocol_category_t; @@ -863,6 +857,7 @@ struct ndpi_detection_module_struct { ndpi_default_ports_tree_node_t *tcpRoot, *udpRoot; ndpi_log_level_t ndpi_log_level; /* default error */ + #ifdef NDPI_ENABLE_DEBUG_MESSAGES /* debug callback, only set when debug is used */ ndpi_debug_function_ptr ndpi_debug_printf; @@ -930,7 +925,7 @@ struct ndpi_detection_module_struct { #endif #endif #ifdef NDPI_PROTOCOL_TINC - cache_t tinc_cache; + struct cache *tinc_cache; #endif ndpi_proto_defaults_t proto_defaults[NDPI_MAX_SUPPORTED_PROTOCOLS+NDPI_MAX_NUM_CUSTOM_PROTOCOLS]; @@ -938,10 +933,7 @@ struct ndpi_detection_module_struct { u_int8_t http_dont_dissect_response:1, dns_dissect_response:1, direction_detect_disable:1; /* disable internal detection of packet direction */ -#ifdef HAVE_HYPERSCAN - hs_database_t *hs_database; - hs_scratch_t *hs_scratch; -#endif + void *hyperscan; /* Intel Hyperscan */ }; struct ndpi_flow_struct { @@ -957,8 +949,8 @@ struct ndpi_flow_struct { u_int8_t protocol_id_already_guessed:1, host_already_guessed:1, init_finished:1, setup_packet_direction:1, packet_direction:1, check_extra_packets:1; /* - if ndpi_struct->direction_detect_disable == 1 - tcp sequence number connection tracking + if ndpi_struct->direction_detect_disable == 1 + tcp sequence number connection tracking */ u_int32_t next_tcp_seq_nr[2]; @@ -967,8 +959,8 @@ struct ndpi_flow_struct { int (*extra_packets_func) (struct ndpi_detection_module_struct *, struct ndpi_flow_struct *flow); /* - the tcp / udp / other l4 value union - used to reduce the number of bytes for tcp or udp protocol states + the tcp / udp / other l4 value union + used to reduce the number of bytes for tcp or udp protocol states */ union { struct ndpi_flow_tcp_struct tcp; @@ -976,20 +968,20 @@ struct ndpi_flow_struct { } l4; /* - Pointer to src or dst - that identifies the - server of this connection + Pointer to src or dst + that identifies the + server of this connection */ struct ndpi_id_struct *server_id; /* HTTP host or DNS query */ u_char host_server_name[256]; /* - This structure below will not not stay inside the protos - structure below as HTTP is used by many subprotocols - such as FaceBook, Google... so it is hard to know - when to use it or not. Thus we leave it outside for the - time being. + This structure below will not not stay inside the protos + structure below as HTTP is used by many subprotocols + such as FaceBook, Google... so it is hard to know + when to use it or not. Thus we leave it outside for the + time being. */ struct { ndpi_http_method method; @@ -1150,7 +1142,7 @@ struct ndpi_flow_struct { }; typedef struct { - char *string_to_match, *proto_name; + char *string_to_match, *string2_to_match, *pattern_to_match, *proto_name; int protocol_id; ndpi_protocol_category_t proto_category; ndpi_protocol_breed_t protocol_breed; diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am index 4b25e0162..33b402f6e 100644 --- a/src/lib/Makefile.am +++ b/src/lib/Makefile.am @@ -1,7 +1,7 @@ lib_LTLIBRARIES = libndpi.la CFLAGS += -fPIC -DPIC # --coverage -libndpi_la_CPPFLAGS = -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/lib/third_party/include/ +libndpi_la_CPPFLAGS = -I$(top_srcdir)/src/include/ -I$(top_srcdir)/src/lib/third_party/include/ @HS_INC@ libndpi_la_LDFLAGS = -version-info 1:0:0 -export-symbols $(top_srcdir)/libndpi.sym libndpi_la_includedir = $(includedir)/libndpi-@VERSION@/libndpi diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 7b868a764..435a5dde4 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -7973,61 +7973,61 @@ static ndpi_network host_protocol_list[] = { */ ndpi_protocol_match host_match[] = { - { "amazon.", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { "amazon.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { "images-amazon.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "amazonaws.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_UNSAFE }, - { "amazon-adsystem.com", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".cloudfront.net", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - - { ".push.apple.com", "ApplePush", NDPI_PROTOCOL_APPLE_PUSH, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE }, - { ".apple-dns.net", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".mzstatic.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".aaplimg.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { "iosapps.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, /* iOS */ - { "osxapps.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, /* MacOS */ - { "buy.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, - { "su.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, - { "se.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, - { "myapp.itunes.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, - { "swscan.apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, - { "itunes-apple.com", "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, - { "itunes.apple.com", "AppleiTunes", NDPI_PROTOCOL_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { "aaplimg.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, - { ".apple.com", "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".icloud.com", "AppleiCloud", NDPI_PROTOCOL_APPLE_ICLOUD, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - - { ".cnn.c", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".cnn.net", "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - - { ".dropbox.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - { ".dropboxstatic.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - { ".dropbox-dns.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - { "log.getdropbox.com", "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - - { ".ebay.", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, /* or FUN */ - { ".ebay.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".ebaystatic.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".ebaydesc.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".ebayrtm.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".ebaystratus.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".ebayimg.com", "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - - { "facebook.com", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "fbstatic-a.akamaihd.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".fbcdn.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "fbcdn-", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".facebook.net", "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - - { ".speedtest.net", "Ookla", NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_SAFE }, - - { "drive-thirdparty.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "docs.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".docs.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "drive.", "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - - { "android.clients.google.com", "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, - { "ggpht.com", "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { "amazon.", NULL, NULL, "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "amazon.com", NULL, "amazon\\.com$", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "images-amazon.com", NULL, "images-amazon\\.com$", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "amazonaws.com", NULL, "amazonaws\\.com$", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_UNSAFE }, + { "amazon-adsystem.com", NULL, "amazon-adsystem\\.com$", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".cloudfront.net", NULL, "\\.cloudfront\\.net$", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + + { ".push.apple.com", NULL, NULL, "ApplePush", NDPI_PROTOCOL_APPLE_PUSH, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_SAFE }, + { ".apple-dns.net", NULL, NULL, "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".mzstatic.com", NULL, NULL, "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".aaplimg.com", NULL, NULL, "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "iosapps.itunes.apple.com", NULL, NULL, "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, /* iOS */ + { "osxapps.itunes.apple.com", NULL, NULL, "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, /* MacOS */ + { "buy.itunes.apple.com", NULL, NULL, "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { "su.itunes.apple.com", NULL, NULL, "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { "se.itunes.apple.com", NULL, NULL, "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { "myapp.itunes.apple.com", NULL, NULL, "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { "swscan.apple.com", NULL, NULL, "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { "itunes-apple.com", NULL, NULL, "AppleStore", NDPI_PROTOCOL_APPLESTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { "itunes.apple.com", NULL, NULL, "AppleiTunes", NDPI_PROTOCOL_APPLE_ITUNES, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "aaplimg.com", NULL, NULL, "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { ".apple.com", NULL, NULL, "Apple", NDPI_PROTOCOL_APPLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".icloud.com", NULL, NULL, "AppleiCloud", NDPI_PROTOCOL_APPLE_ICLOUD, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + + { ".cnn.c", NULL, NULL, "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".cnn.net", NULL, NULL, "CNN", NDPI_PROTOCOL_CNN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + + { ".dropbox.com", NULL, NULL, "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { ".dropboxstatic.com", NULL, NULL, "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { ".dropbox-dns.com", NULL, NULL, "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { "log.getdropbox.com", NULL, NULL, "DropBox", NDPI_PROTOCOL_DROPBOX, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + + { ".ebay.", NULL, NULL, "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, /* or FUN */ + { ".ebay.com", NULL, NULL, "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".ebaystatic.com", NULL, NULL, "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".ebaydesc.com", NULL, NULL, "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".ebayrtm.com", NULL, NULL, "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".ebaystratus.com", NULL, NULL, "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".ebayimg.com", NULL, NULL, "eBay", NDPI_PROTOCOL_EBAY, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + + { "facebook.com", NULL, NULL, "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "fbstatic-a.akamaihd.net", NULL, NULL, "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".fbcdn.net", NULL, NULL, "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "fbcdn-", NULL, NULL, "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".facebook.net", NULL, NULL, "Facebook", NDPI_PROTOCOL_FACEBOOK, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + + { ".speedtest.net", NULL, NULL, "Ookla", NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_SAFE }, + + { "drive-thirdparty.", NULL, NULL, "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "docs.", NULL, NULL, "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".docs.", NULL, NULL, "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "drive.", NULL, NULL, "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + + { "android.clients.google.com", NULL, NULL, "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { "ggpht.com", NULL, NULL, "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, /* See https://better.fyi/trackers/ @@ -8049,261 +8049,261 @@ ndpi_protocol_match host_match[] = { */ /* Google Advertisements */ - { ".googlesyndication.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, - { "googleads.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, - { ".doubleclick.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, - { "googleadservices.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, - { ".2mdn.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, - { ".dmtry.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, - { "google-analytics.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, + { ".googlesyndication.com", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, + { "googleads.", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, + { ".doubleclick.net", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, + { "googleadservices.", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, + { ".2mdn.net", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, + { ".dmtry.com", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, + { "google-analytics.", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_TRACKER_ADS }, /* Google Services */ - { "googleapis.com", "GoogleServices", NDPI_PROTOCOL_GOOGLE_SERVICES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".googletagservices.com", "GoogleServices", NDPI_PROTOCOL_GOOGLE_SERVICES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "mtalk.google.com", "GoogleServices", NDPI_PROTOCOL_GOOGLE_SERVICES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "googleapis.com", NULL, NULL, "GoogleServices", NDPI_PROTOCOL_GOOGLE_SERVICES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".googletagservices.com", NULL, NULL, "GoogleServices", NDPI_PROTOCOL_GOOGLE_SERVICES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "mtalk.google.com", NULL, NULL, "GoogleServices", NDPI_PROTOCOL_GOOGLE_SERVICES, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "plus.google.com", "GooglePlus", NDPI_PROTOCOL_GOOGLE_PLUS, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "plus.url.google.com", "GooglePlus", NDPI_PROTOCOL_GOOGLE_PLUS, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".google.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".gstatic.com", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "plus.google.com", NULL, NULL, "GooglePlus", NDPI_PROTOCOL_GOOGLE_PLUS, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "plus.url.google.com", NULL, NULL, "GooglePlus", NDPI_PROTOCOL_GOOGLE_PLUS, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "google.", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".google.", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".gstatic.com", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, /* http://check.googlezip.net/connect [check browser connectivity] */ - { ".googlezip.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".googlezip.net", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { "googleusercontent.", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "googleusercontent.", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "1e100.net", "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "1e100.net", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "maps.google.", "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { "maps.gstatic.com", "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "maps.google.", NULL, NULL, "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "maps.gstatic.com", NULL, NULL, "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".gmail.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_MAIL, NDPI_PROTOCOL_ACCEPTABLE }, - { "mail.google.", "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_MAIL, NDPI_PROTOCOL_ACCEPTABLE }, + { ".gmail.", NULL, NULL, "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_MAIL, NDPI_PROTOCOL_ACCEPTABLE }, + { "mail.google.", NULL, NULL, "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_MAIL, NDPI_PROTOCOL_ACCEPTABLE }, - { "mail.outlook.com", "Hotmail", NDPI_PROTOCOL_HOTMAIL, NDPI_PROTOCOL_CATEGORY_MAIL, NDPI_PROTOCOL_ACCEPTABLE }, + { "mail.outlook.com", NULL, NULL, "Hotmail", NDPI_PROTOCOL_HOTMAIL, NDPI_PROTOCOL_CATEGORY_MAIL, NDPI_PROTOCOL_ACCEPTABLE }, - { ".last.fm", "LastFM", NDPI_PROTOCOL_LASTFM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".last.fm", NULL, NULL, "LastFM", NDPI_PROTOCOL_LASTFM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { "msn.com", "MSN", NDPI_PROTOCOL_MSN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, /* News site */ + { "msn.com", NULL, NULL, "MSN", NDPI_PROTOCOL_MSN, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, /* News site */ - { "netflix.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { "nflxext.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { "nflximg.com", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { "nflximg.net", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { "nflxvideo.net", "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "netflix.com", NULL, NULL, "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "nflxext.com", NULL, NULL, "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "nflximg.com", NULL, NULL, "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "nflximg.net", NULL, NULL, "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "nflxvideo.net", NULL, NULL, "NetFlix", NDPI_PROTOCOL_NETFLIX, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".skype.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".skypeassets.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".skypedata.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".skypeecs-", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".skypeforbusiness.", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".lync.com", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { "e7768.b.akamaiedge.net", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { "e4593.dspg.akamaiedge.net","Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { "e4593.g.akamaiedge.net", "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".skype.", NULL, NULL, "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".skypeassets.", NULL, NULL, "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".skypedata.", NULL, NULL, "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".skypeecs-", NULL, NULL, "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".skypeforbusiness.", NULL, NULL, "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".lync.com", NULL, NULL, "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { "e7768.b.akamaiedge.net", NULL, NULL, "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { "e4593.dspg.akamaiedge.net", NULL, NULL,"Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { "e4593.g.akamaiedge.net", NULL, NULL, "Skype", NDPI_PROTOCOL_SKYPE, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".tuenti.com", "Tuenti", NDPI_PROTOCOL_TUENTI, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".tuenti.com", NULL, NULL, "Tuenti", NDPI_PROTOCOL_TUENTI, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { ".twttr.com", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "twitter.", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "twimg.com", "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".twttr.com", NULL, NULL, "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "twitter.", NULL, NULL, "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "twimg.com", NULL, NULL, "Twitter", NDPI_PROTOCOL_TWITTER, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".viber.com", "Viber", NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - { ".cdn.viber.com", "Viber", NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { ".viber.com", NULL, NULL, "Viber", NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { ".cdn.viber.com", NULL, NULL, "Viber", NDPI_PROTOCOL_VIBER, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - { "wikipedia.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { "wikimedia.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { "mediawiki.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { "wikimediafoundation.", "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "wikipedia.", NULL, NULL, "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "wikimedia.", NULL, NULL, "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "mediawiki.", NULL, NULL, "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "wikimediafoundation.", NULL, NULL, "Wikipedia", NDPI_PROTOCOL_WIKIPEDIA, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".whatsapp.", "WhatsApp", NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { ".whatsapp.", NULL, NULL, "WhatsApp", NDPI_PROTOCOL_WHATSAPP, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - { ".yahoo.", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".yimg.com", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { "yahooapis.", "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".yahoo.", NULL, NULL, "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".yimg.com", NULL, NULL, "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "yahooapis.", NULL, NULL, "Yahoo", NDPI_PROTOCOL_YAHOO, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "upload.youtube.com", "YouTubeUpload", NDPI_PROTOCOL_YOUTUBE_UPLOAD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "upload.video.google.com", "YouTubeUpload", NDPI_PROTOCOL_YOUTUBE_UPLOAD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "youtube.", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "youtu.be.", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "yt3.ggpht.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".googlevideo.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".ytimg.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "youtube-nocookie.", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "ggpht.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "googleusercontent.com", "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "upload.youtube.com", NULL, NULL, "YouTubeUpload", NDPI_PROTOCOL_YOUTUBE_UPLOAD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "upload.video.google.com", NULL, NULL, "YouTubeUpload", NDPI_PROTOCOL_YOUTUBE_UPLOAD, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "youtube.", NULL, NULL, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "youtu.be.", NULL, NULL, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "yt3.ggpht.com", NULL, NULL, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".googlevideo.com", NULL, NULL, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".ytimg.com", NULL, NULL, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "youtube-nocookie.", NULL, NULL, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "ggpht.com", NULL, NULL, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "googleusercontent.com", NULL, NULL, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".vevo.com", "Vevo", NDPI_PROTOCOL_VEVO, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".vevo.com", NULL, NULL, "Vevo", NDPI_PROTOCOL_VEVO, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".spotify.", "Spotify", NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "audio-fa.scdn.co", "Spotify", NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".spotify.", NULL, NULL, "Spotify", NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "audio-fa.scdn.co", NULL, NULL, "Spotify", NDPI_PROTOCOL_SPOTIFY, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".pandora.com", "Pandora", NDPI_PROTOCOL_PANDORA, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".pandora.com", NULL, NULL, "Pandora", NDPI_PROTOCOL_PANDORA, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".torproject.org", "Tor", NDPI_PROTOCOL_TOR, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, + { ".torproject.org", NULL, NULL, "Tor", NDPI_PROTOCOL_TOR, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, - { ".kakao.com", "KakaoTalk", NDPI_PROTOCOL_KAKAOTALK, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + { ".kakao.com", NULL, NULL, "KakaoTalk", NDPI_PROTOCOL_KAKAOTALK, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - { "ttvnw.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "static-cdn.jtvnw.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "www-cdn.jtvnw.net", "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "ttvnw.net", NULL, NULL, "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "static-cdn.jtvnw.net", NULL, NULL, "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "www-cdn.jtvnw.net", NULL, NULL, "Twitch", NDPI_PROTOCOL_TWITCH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "quickplay.com", "QuickPlay", NDPI_PROTOCOL_QUICKPLAY, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "quickplay.com", NULL, NULL, "QuickPlay", NDPI_PROTOCOL_QUICKPLAY, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".qq.com", "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".gtimg.com", "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".qq.com", NULL, NULL, "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".gtimg.com", NULL, NULL, "QQ", NDPI_PROTOCOL_QQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".weibo.com", "Sina(Weibo)", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".sinaimg.cn", "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".sinajs.cn", "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".sina.cn", "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".sina.com.cn", "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".weibo.com", NULL, NULL, "Sina(Weibo)", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".sinaimg.cn", NULL, NULL, "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".sinajs.cn", NULL, NULL, "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".sina.cn", NULL, NULL, "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".sina.com.cn", NULL, NULL, "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, /* https://support.cipafilter.com/index.php?/Knowledgebase/Article/View/117/0/snapchat---how-to-block */ - { "feelinsonice.appspot.com", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { "feelinsonice-hrd.appspot.com", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { "feelinsonice.com", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".snapchat.", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".snapads.", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { "feelinsonice.appspot.com", NULL, NULL, "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { "feelinsonice-hrd.appspot.com", NULL, NULL, "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { "feelinsonice.com", NULL, NULL, "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".snapchat.", NULL, NULL, "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".snapads.", NULL, NULL, "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, /* Detected "instagram.c10r.facebook.com". Omitted "*amazonaws.com" and "*facebook.com" CDNs e.g. "ig-telegraph-shv-04-frc3.facebook.com" */ - { ".cdninstagram.com", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "instagram.", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".instagram.", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "igcdn-photos-", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "instagramimages-", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "instagramstatic-", "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - - { ".waze.com", "Waze", NDPI_PROTOCOL_WAZE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - - { ".deezer.com", "Deezer", NDPI_PROTOCOL_DEEZER, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - - { ".microsoft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { "i-msdn.sec.s-msft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, NDPI_PROTOCOL_ACCEPTABLE }, - { "i2-msdn.sec.s-msft.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, NDPI_PROTOCOL_ACCEPTABLE }, - { ".webtrends.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".msecnd.net", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "bing.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".visualstudio.com", "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_SAFE }, - - { "bn1301.storage.live.com", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE,NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - { "*.gateway.messenger.live.com", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - { "skyapi.live.net", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - { "d.docs.live.net", "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, - - { "update.microsoft.com", "WindowsUpdate", NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, - { ".windowsupdate.com", "WindowsUpdate", NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, - - { "worldofwarcraft.com", "WorldOfWarcraft", NDPI_PROTOCOL_WORLDOFWARCRAFT, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - - { ".anchorfree.", "HotspotShield", NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, - { "hotspotshield.com", "HotspotShield", NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, - { ".northghost.com", "HotspotShield", NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, - - { ".webex.com", "Webex", NDPI_PROTOCOL_WEBEX, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, - - { ".ocsdomain.com", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "ocs.fr", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".ocs.fr", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".labgency.ws", "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - - { ".iflix.com", "IFLIX", NDPI_PROTOCOL_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".app.iflixcorp.com", "IFLIX", NDPI_PROTOCOL_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".images.iflixassets.com", "IFLIX", NDPI_PROTOCOL_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - - { "crl.microsoft.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "evsecure-ocsp.verisign.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "evsecure-aia.verisign.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "evsecure-crl.verisign.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".omniroot.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".microsoftonline.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".office365.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".office.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".msocsp.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".msocdn.com", "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".cdninstagram.com", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "instagram.", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".instagram.", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "igcdn-photos-", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "instagramimages-", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { "instagramstatic-", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + + { ".waze.com", NULL, NULL, "Waze", NDPI_PROTOCOL_WAZE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + + { ".deezer.com", NULL, NULL, "Deezer", NDPI_PROTOCOL_DEEZER, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + + { ".microsoft.com", NULL, NULL, "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "i-msdn.sec.s-msft.com", NULL, NULL, "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, NDPI_PROTOCOL_ACCEPTABLE }, + { "i2-msdn.sec.s-msft.com", NULL, NULL, "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_SYSTEM_OS, NDPI_PROTOCOL_ACCEPTABLE }, + { ".webtrends.com", NULL, NULL, "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".msecnd.net", NULL, NULL, "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "bing.com", NULL, NULL, "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".visualstudio.com", NULL, NULL, "Microsoft", NDPI_PROTOCOL_MICROSOFT, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_SAFE }, + + { "bn1301.storage.live.com", NULL, NULL, "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE,NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { "*.gateway.messenger.live.com", NULL, NULL, "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { "skyapi.live.net", NULL, NULL, "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { "d.docs.live.net", NULL, NULL, "MS_OneDrive", NDPI_PROTOCOL_MS_ONE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + + { "update.microsoft.com", NULL, NULL, "WindowsUpdate", NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + { ".windowsupdate.com", NULL, NULL, "WindowsUpdate", NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, + + { "worldofwarcraft.com", NULL, NULL, "WorldOfWarcraft", NDPI_PROTOCOL_WORLDOFWARCRAFT, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + + { ".anchorfree.", NULL, NULL, "HotspotShield", NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, + { "hotspotshield.com", NULL, NULL, "HotspotShield", NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, + { ".northghost.com", NULL, NULL, "HotspotShield", NDPI_PROTOCOL_HOTSPOT_SHIELD, NDPI_PROTOCOL_CATEGORY_VPN, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, + + { ".webex.com", NULL, NULL, "Webex", NDPI_PROTOCOL_WEBEX, NDPI_PROTOCOL_CATEGORY_VOIP, NDPI_PROTOCOL_ACCEPTABLE }, + + { ".ocsdomain.com", NULL, NULL, "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "ocs.fr", NULL, NULL, "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".ocs.fr", NULL, NULL, "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".labgency.ws", NULL, NULL, "OCS", NDPI_PROTOCOL_OCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + + { ".iflix.com", NULL, NULL, "IFLIX", NDPI_PROTOCOL_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".app.iflixcorp.com", NULL, NULL, "IFLIX", NDPI_PROTOCOL_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".images.iflixassets.com", NULL, NULL, "IFLIX", NDPI_PROTOCOL_IFLIX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + + { "crl.microsoft.com", NULL, NULL, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "evsecure-ocsp.verisign.com", NULL, NULL, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "evsecure-aia.verisign.com", NULL, NULL, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "evsecure-crl.verisign.com", NULL, NULL, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".omniroot.com", NULL, NULL, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".microsoftonline.com", NULL, NULL, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".office365.com", NULL, NULL, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".office.com", NULL, NULL, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".msocsp.com", NULL, NULL, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".msocdn.com", NULL, NULL, "Office365", NDPI_PROTOCOL_OFFICE_365, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, /* http://www.urlquery.net/report.php?id=1453233646161 */ - { "lifedom.top", "Cloudflare", NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "coby.ns.cloudflare.com", "Cloudflare", NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "amanda.ns.cloudflare.com", "Cloudflare", NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "lifedom.top", NULL, NULL, "Cloudflare", NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "coby.ns.cloudflare.com", NULL, NULL, "Cloudflare", NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { "amanda.ns.cloudflare.com", NULL, NULL, "Cloudflare", NDPI_PROTOCOL_CLOUDFLARE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "d295hzzivaok4k.cloudfront.net","OpenDNS", NDPI_PROTOCOL_OPENDNS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { ".opendns.com", "OpenDNS", NDPI_PROTOCOL_OPENDNS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, + { "d295hzzivaok4k.cloudfront.net", NULL, NULL,"OpenDNS", NDPI_PROTOCOL_OPENDNS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, + { ".opendns.com", NULL, NULL, "OpenDNS", NDPI_PROTOCOL_OPENDNS, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, /* https://get.slack.help/hc/en-us/articles/205138367-Troubleshooting-Slack-connection-issues */ - { "slack.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".slack-msgs.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "slack-files.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "slack-imgs.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".slack-edge.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".slack-core.com", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "slack-redir.net", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "slack.com", NULL, NULL, "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".slack-msgs.com", NULL, NULL, "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "slack-files.com", NULL, NULL, "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "slack-imgs.com", NULL, NULL, "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".slack-edge.com", NULL, NULL, "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".slack-core.com", NULL, NULL, "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "slack-redir.net", NULL, NULL, "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, /* Detected "slack-assets2.s3-us-west-2.amazonaws.com.". Omitted "*amazonaws.com" CDN, but no generic pattern to use on first part */ - { "slack-assets2.s3-", "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "slack-assets2.s3-", NULL, NULL, "Slack", NDPI_PROTOCOL_SLACK, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "github.com", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".github.com", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "github.io", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".github.io", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "githubusercontent.com", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".githubusercontent.com", "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "github.com", NULL, NULL, "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".github.com", NULL, NULL, "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "github.io", NULL, NULL, "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".github.io", NULL, NULL, "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "githubusercontent.com", NULL, NULL, "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { ".githubusercontent.com", NULL, NULL, "Github", NDPI_PROTOCOL_GITHUB, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".iqiyi.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".qiyi.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".71.am", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".qiyipic.com", "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".iqiyi.com", NULL, NULL, "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".qiyi.com", NULL, NULL, "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".71.am", NULL, NULL, "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".qiyipic.com", NULL, NULL, "iQIYI", NDPI_PROTOCOL_IQIYI, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".ppstream.com", "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".pps.tv", "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".ppstream.com", NULL, NULL, "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".pps.tv", NULL, NULL, "PPStream", NDPI_PROTOCOL_PPSTREAM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".1kxun.", "1kxun", NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { "tcad.wedolook.com", "1kxun", NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".1kxun.", NULL, NULL, "1kxun", NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "tcad.wedolook.com", NULL, NULL, "1kxun", NDPI_PROTOCOL_1KXUN, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".steampowered.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { "steamcommunity.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".steamcontent.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".steamstatic.com", "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { "steamcommunity-a.akamaihd.net","Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".steampowered.com", NULL, NULL, "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { "steamcommunity.com", NULL, NULL, "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".steamcontent.com", NULL, NULL, "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".steamstatic.com", NULL, NULL, "Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { "steamcommunity-a.akamaihd.net", NULL, NULL,"Steam", NDPI_PROTOCOL_STEAM, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".wechat.com", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".wechat.org", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".wechatapp.com", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".we.chat", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".wx.", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".weixin.", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".mmsns.qpic.cn", "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".wechat.com", NULL, NULL, "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".wechat.org", NULL, NULL, "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".wechatapp.com", NULL, NULL, "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".we.chat", NULL, NULL, "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".wx.", NULL, NULL, "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".weixin.", NULL, NULL, "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".mmsns.qpic.cn", NULL, NULL, "WeChat", NDPI_PROTOCOL_WECHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { "dnscrypt.org", "DNScrypt", NDPI_PROTOCOL_DNSCRYPT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, + { "dnscrypt.org", NULL, NULL, "DNScrypt", NDPI_PROTOCOL_DNSCRYPT, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_ACCEPTABLE }, - { "torrent.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE }, - { "torrents.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE }, - { "torrentz.", "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE }, + { "torrent.", NULL, NULL, "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE }, + { "torrents.", NULL, NULL, "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE }, + { "torrentz.", NULL, NULL, "BitTorrent", NDPI_PROTOCOL_BITTORRENT, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_UNSAFE }, - { ".nintendo.net", "Nintendo", NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".nintendo.com", "Nintendo", NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".playstation.net", "Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".playstation.com", "Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".sonyentertainmentnetwork.com","Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".nintendo.net", NULL, NULL, "Nintendo", NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".nintendo.com", NULL, NULL, "Nintendo", NDPI_PROTOCOL_NINTENDO, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".playstation.net", NULL, NULL, "Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".playstation.com", NULL, NULL, "Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, + { ".sonyentertainmentnetwork.com", NULL, NULL,"Playstation", NDPI_PROTOCOL_PLAYSTATION, NDPI_PROTOCOL_CATEGORY_GAME, NDPI_PROTOCOL_FUN }, - { ".pastebin.com", "Pastebin", NDPI_PROTOCOL_PASTEBIN, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, + { ".pastebin.com", NULL, NULL, "Pastebin", NDPI_PROTOCOL_PASTEBIN, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_POTENTIALLY_DANGEROUS }, - { ".linkedin.com", "LinkedIn", NDPI_PROTOCOL_LINKEDIN, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".licdn.com", "LinkedIn", NDPI_PROTOCOL_LINKEDIN, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".linkedin.com", NULL, NULL, "LinkedIn", NDPI_PROTOCOL_LINKEDIN, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, + { ".licdn.com", NULL, NULL, "LinkedIn", NDPI_PROTOCOL_LINKEDIN, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { ".sndcdn.com", "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { ".soundcloud.com", "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { "getrockerbox.com", "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".sndcdn.com", NULL, NULL, "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".soundcloud.com", NULL, NULL, "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "getrockerbox.com", NULL, NULL, "SoundCloud", NDPI_PROTOCOL_SOUNDCLOUD, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, - { "web.telegram.org", "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - { "tdesktop.com", "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - { "tupdate.com", "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { "web.telegram.org", NULL, NULL, "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { "tdesktop.com", NULL, NULL, "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { "tupdate.com", NULL, NULL, "Telegram", NDPI_PROTOCOL_TELEGRAM, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - { ".icq.", "ICQ", NDPI_PROTOCOL_ICQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - { "icq.", "ICQ", NDPI_PROTOCOL_ICQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { ".icq.", NULL, NULL, "ICQ", NDPI_PROTOCOL_ICQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, + { "icq.", NULL, NULL, "ICQ", NDPI_PROTOCOL_ICQ, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_ACCEPTABLE }, - { NULL, 0 } + { NULL, NULL, NULL, 0 } }; @@ -8311,57 +8311,57 @@ ndpi_protocol_match host_match[] = { Mime-type content match match */ ndpi_protocol_match content_match[] = { - { "audio/mpeg", NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "audio/x-mpeg", NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "audio/mpeg3", NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "audio/mp4a", NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/mpeg", NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/nsv", NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "misc/ultravox", NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "audio/ogg", NULL, NDPI_CONTENT_OGG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/ogg", NULL, NDPI_CONTENT_OGG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/ogg", NULL, NDPI_CONTENT_OGG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { ".adobe.", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/flv", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/x-flv", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/x-fcs", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/x-shockwave-flash",NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE }, - { "video/flash", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/flv", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "flv-application/octet-stream", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/futuresplash", NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/quicktime", NULL, NDPI_CONTENT_QUICKTIME, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/mp4", NULL, NDPI_CONTENT_QUICKTIME, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/x-m4v", NULL, NDPI_CONTENT_QUICKTIME, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "audio/x-pn-realaudio", NULL, NDPI_CONTENT_REALMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/vnd.rn-realmedia", NULL, NDPI_CONTENT_REALMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/x-ms-", NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "asf", NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "asx", NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/x-msvideo", NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "audio/x-wav", NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/vnd.ms.wms-hdr.asfv1", NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "NSPlayer/", NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/x-mms-framed", NULL, NDPI_CONTENT_MMS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "Xbox Live Client/", NULL, NDPI_PROTOCOL_XBOX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "Windows-Update-Agent", NULL, NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE }, - { "audio/webm", NULL, NDPI_CONTENT_WEBM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "video/webm", NULL, NDPI_CONTENT_WEBM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/x-rtsp-tunnelled", NULL, NDPI_PROTOCOL_RTSP, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/vnd.apple.mpegurl",NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "application/x-tar", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, - { "application/octet-stream", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, - { "application/mac-binary", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, - { "/x-bzip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, - { "/x-gzip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, - { "/x-zip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, - { "/zip", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, - { "binhex", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, - { "/base64", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, - { "application/gnutar", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, - { "application/x-compressed", NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, - - { NULL, 0 } + { "audio/mpeg", NULL, NULL, NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "audio/x-mpeg", NULL, NULL, NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "audio/mpeg3", NULL, NULL, NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "audio/mp4a", NULL, NULL, NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/mpeg", NULL, NULL, NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/nsv", NULL, NULL, NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "misc/ultravox", NULL, NULL, NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "audio/ogg", NULL, NULL, NULL, NDPI_CONTENT_OGG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/ogg", NULL, NULL, NULL, NDPI_CONTENT_OGG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/ogg", NULL, NULL, NULL, NDPI_CONTENT_OGG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { ".adobe.", NULL, NULL, NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/flv", NULL, NULL, NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/x-flv", NULL, NULL, NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/x-fcs", NULL, NULL, NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/x-shockwave-flash",NULL, NULL, NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE }, + { "video/flash", NULL, NULL, NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/flv", NULL, NULL, NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "flv-application/octet-stream", NULL, NULL, NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/futuresplash", NULL, NULL, NULL, NDPI_CONTENT_FLASH, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/quicktime", NULL, NULL, NULL, NDPI_CONTENT_QUICKTIME, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/mp4", NULL, NULL, NULL, NDPI_CONTENT_QUICKTIME, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/x-m4v", NULL, NULL, NULL, NDPI_CONTENT_QUICKTIME, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "audio/x-pn-realaudio", NULL, NULL, NULL, NDPI_CONTENT_REALMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/vnd.rn-realmedia", NULL, NULL, NULL, NDPI_CONTENT_REALMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/x-ms-", NULL, NULL, NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "asf", NULL, NULL, NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "asx", NULL, NULL, NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/x-msvideo", NULL, NULL, NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "audio/x-wav", NULL, NULL, NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/vnd.ms.wms-hdr.asfv1", NULL, NULL, NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "NSPlayer/", NULL, NULL, NULL, NDPI_CONTENT_WINDOWSMEDIA, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/x-mms-framed", NULL, NULL, NULL, NDPI_CONTENT_MMS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "Xbox Live Client/", NULL, NULL, NULL, NDPI_PROTOCOL_XBOX, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "Windows-Update-Agent", NULL, NULL, NULL, NDPI_PROTOCOL_WINDOWS_UPDATE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE }, + { "audio/webm", NULL, NULL, NULL, NDPI_CONTENT_WEBM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "video/webm", NULL, NULL, NULL, NDPI_CONTENT_WEBM, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/x-rtsp-tunnelled", NULL, NULL, NULL, NDPI_PROTOCOL_RTSP, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/vnd.apple.mpegurl",NULL, NULL, NULL, NDPI_CONTENT_MPEG, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, + { "application/x-tar", NULL, NULL, NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "application/octet-stream", NULL, NULL, NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "application/mac-binary", NULL, NULL, NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "/x-bzip", NULL, NULL, NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "/x-gzip", NULL, NULL, NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "/x-zip", NULL, NULL, NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "/zip", NULL, NULL, NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "binhex", NULL, NULL, NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "/base64", NULL, NULL, NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "application/gnutar", NULL, NULL, NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + { "application/x-compressed", NULL, NULL, NULL, NDPI_PROTOCOL_HTTP_DOWNLOAD, NDPI_PROTOCOL_CATEGORY_DOWNLOAD_FT, NDPI_PROTOCOL_ACCEPTABLE }, + + { NULL, NULL, NULL, 0 } }; /* ****************************************************** */ diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index e3a646c97..843a7ba1a 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -24,11 +24,12 @@ #include #include #include "ahocorasick.h" +#include "libcache.h" #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_UNKNOWN #include "ndpi_api.h" -#include "../../config.h" +#include "ndpi_config.h" #include #ifndef WIN32 @@ -39,6 +40,17 @@ #include "third_party/include/ndpi_patricia.h" #include "third_party/src/ndpi_patricia.c" +#ifdef HAVE_HYPERSCAN +#include +#endif + +#ifdef HAVE_HYPERSCAN +struct hs { + hs_database_t *database; + hs_scratch_t *scratch; +}; +#endif + static int _ndpi_debug_callbacks = 0; /* implementation of the punycode check function */ @@ -734,47 +746,61 @@ void ndpi_init_protocol_match(struct ndpi_detection_module_struct *ndpi_mod, #ifdef HAVE_HYPERSCAN static int init_hyperscan(struct ndpi_detection_module_struct *ndpi_mod) { - // TODO populate from ndpi_content_match.c.inc - // The regexes - static const char* expressions[] = { - "\\.facebook\\.com$", - "\\.youtube\\.com$", - "\\.youtube\\.it$", - "^video\\..*\\.google\\.com$", - "wikipedia\\.org$", - }; - // The protocol ID to associate to each regex - static unsigned int ids[] = { - NDPI_PROTOCOL_FACEBOOK, - NDPI_PROTOCOL_YOUTUBE, - NDPI_PROTOCOL_YOUTUBE, - NDPI_PROTOCOL_GOOGLE, - NDPI_PROTOCOL_WIKIPEDIA, - }; - #define NUM_EXPRESSIONS 5 // must match the above structures length - + u_int num_patterns = 0, i; + const char **expressions; + unsigned int *ids; hs_compile_error_t *compile_err; + struct hs *hs = (struct hs*)ndpi_mod->hyperscan; + + ndpi_mod->hyperscan = (void*)malloc(sizeof(struct hs)); + if(!ndpi_mod->hyperscan) return(-1); + + for(i=0; host_match[i].string_to_match != NULL; i++) { + if(host_match[i].pattern_to_match) + num_patterns++; + } + + expressions = (const char**)malloc(sizeof(char*)*num_patterns); + if(!expressions) return(-1); + + ids = (unsigned int*)malloc(sizeof(unsigned int)*num_patterns); + if(!ids) { + free(expressions); + return(-1); + } + for(i=0, num_patterns=0; host_match[i].string_to_match != NULL; i++) { + if(host_match[i].pattern_to_match) { + expressions[num_patterns] = host_match[i].pattern_to_match; + ids[num_patterns] = host_match[i].protocol_id; + num_patterns++; + } + } + if(hs_compile_multi(expressions, NULL, ids, - NUM_EXPRESSIONS, HS_MODE_BLOCK, NULL, - &ndpi_mod->hs_database, &compile_err) != HS_SUCCESS) { + num_patterns, HS_MODE_BLOCK, NULL, + &hs->database, &compile_err) != HS_SUCCESS) { NDPI_LOG_ERR(ndpi_mod, "Unable to initialize hyperscan database\n"); hs_free_compile_error(compile_err); return -1; } - - if(hs_alloc_scratch(ndpi_mod->hs_database, &ndpi_mod->hs_scratch) != HS_SUCCESS) { + + if(hs_alloc_scratch(hs->database, &hs->scratch) != HS_SUCCESS) { NDPI_LOG_ERR(ndpi_mod, "Unable to allocate hyperscan scratch space\n"); - hs_free_database(ndpi_mod->hs_database); + hs_free_database(hs->database); return -1; } - + return 0; } static void destroy_hyperscan(struct ndpi_detection_module_struct *ndpi_mod) { - hs_free_scratch(ndpi_mod->hs_scratch); - hs_free_database(ndpi_mod->hs_database); + if(ndpi_mod->hyperscan) { + struct hs *hs = (struct hs*)ndpi_mod->hyperscan; + + hs_free_scratch(hs->scratch); + hs_free_database(hs->database); + } } #endif @@ -2093,7 +2119,7 @@ void ndpi_exit_detection_module(struct ndpi_detection_module_struct *ndpi_struct #ifdef NDPI_PROTOCOL_TINC if(ndpi_struct->tinc_cache) - cache_free(ndpi_struct->tinc_cache); + cache_free((cache_t)(ndpi_struct->tinc_cache)); #endif if(ndpi_struct->protocols_ptree) @@ -5042,9 +5068,11 @@ static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_str u_int16_t master_protocol_id, u_int8_t is_host_match) { int rv = NDPI_PROTOCOL_UNKNOWN; - - if(hs_scan(ndpi_struct->hs_database, string_to_match, string_to_match_len, 0, ndpi_struct->hs_scratch, - hyperscanEventHandler, &rv) != HS_SUCCESS) + struct hs *hs = (struct hs*)ndpi_struct->hyperscan; + + if(hs_scan(hs->database, string_to_match, + string_to_match_len, 0, hs->scratch, + hyperscanEventHandler, &rv) != HS_SUCCESS) NDPI_LOG_ERR(ndpi_struct, "[NDPI] Hyperscan match returned error\n"); return rv; diff --git a/src/lib/protocols/rx.c b/src/lib/protocols/rx.c index c61f0a9ad..6eb9bf149 100644 --- a/src/lib/protocols/rx.c +++ b/src/lib/protocols/rx.c @@ -62,7 +62,7 @@ struct ndpi_rx_header { #define PARAM_2 10 #define PARAM_3 11 #define PARAMS_4 12 -#define VERSION 13 +#define VERS 13 /* Flags values */ #define EMPTY 0 @@ -110,7 +110,7 @@ void ndpi_check_rx(struct ndpi_detection_module_struct *ndpi_struct, **/ /* TYPE field */ - if((header->type < DATA) || (header->type > VERSION)) { + if((header->type < DATA) || (header->type > VERS)) { NDPI_EXCLUDE_PROTO(ndpi_struct, flow); return; } @@ -156,7 +156,7 @@ void ndpi_check_rx(struct ndpi_detection_module_struct *ndpi_struct, goto security; case PARAM_3: goto security; - case VERSION: + case VERS: goto security; default: NDPI_EXCLUDE_PROTO(ndpi_struct, flow); diff --git a/src/lib/protocols/tinc.c b/src/lib/protocols/tinc.c index adb547a48..19bfa34aa 100644 --- a/src/lib/protocols/tinc.c +++ b/src/lib/protocols/tinc.c @@ -25,6 +25,7 @@ #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_TINC #include "ndpi_api.h" +#include "libcache.h" static void ndpi_check_tinc(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) -- cgit v1.2.3 From 57fb117571560280226818d51411c1df2cab836c Mon Sep 17 00:00:00 2001 From: Vitaly Lavrov Date: Fri, 26 Jan 2018 13:03:17 +0300 Subject: Fix buffer overflow in function ndpi_debug_printf() --- src/lib/ndpi_main.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 843a7ba1a..cfcef8c0b 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -1950,13 +1950,13 @@ void ndpi_debug_printf(unsigned int proto, struct ndpi_detection_module_struct * { #ifdef NDPI_ENABLE_DEBUG_MESSAGES va_list args; -#define MAX_STR_LEN 120 +#define MAX_STR_LEN 250 char str[MAX_STR_LEN]; if(ndpi_str != NULL && log_level > NDPI_LOG_ERROR && proto > 0 && proto < NDPI_MAX_SUPPORTED_PROTOCOLS && !NDPI_ISSET(&ndpi_str->debug_bitmask,proto)) return; va_start(args, format); - vsprintf(str, format, args); + vsnprintf(str,sizeof(str)-1, format, args); va_end(args); if (ndpi_str != NULL) { -- cgit v1.2.3 From ee7a30385ba2ba030c1afb4d4f4cee7abef70329 Mon Sep 17 00:00:00 2001 From: Luca Date: Fri, 26 Jan 2018 19:45:41 +0100 Subject: Added minor hardening code in STUN --- src/lib/protocols/stun.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) (limited to 'src') diff --git a/src/lib/protocols/stun.c b/src/lib/protocols/stun.c index eef6e024e..bb4780aab 100644 --- a/src/lib/protocols/stun.c +++ b/src/lib/protocols/stun.c @@ -90,7 +90,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * https://en.wikipedia.org/wiki/Skype_for_Business */ - while(offset < payload_length) { + while((offset+2) < payload_length) { u_int16_t attribute = ntohs(*((u_int16_t*)&payload[offset])); u_int16_t len = ntohs(*((u_int16_t*)&payload[offset+2])); u_int16_t x = (len + 4) % 4; @@ -107,6 +107,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * case 0x8054: /* Candidate Identifier */ if((len == 4) + && ((offset+7) < payload_length) && (payload[offset+5] == 0x00) && (payload[offset+6] == 0x00) && (payload[offset+7] == 0x00)) { @@ -118,6 +119,7 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * case 0x8070: /* Implementation Version */ if((len == 4) + && ((offset+7) < payload_length) && (payload[offset+4] == 0x00) && (payload[offset+5] == 0x00) && (payload[offset+6] == 0x00) @@ -239,7 +241,6 @@ static ndpi_int_stun_t ndpi_int_check_stun(struct ndpi_detection_module_struct * } #endif - if((flow->num_stun_udp_pkts > 0) && (msg_type <= 0x00FF)) { *is_whatsapp = 1; return NDPI_IS_STUN; /* This is WhatsApp Voice */ @@ -269,11 +270,12 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n NDPI_LOG_DBG(ndpi_struct, "search stun\n"); + if(packet->payload == NULL) return; + if(packet->tcp) { /* STUN may be encapsulated in TCP packets */ - if(packet->payload_packet_len >= 2 + 20 && - ntohs(get_u_int16_t(packet->payload, 0)) + 2 == packet->payload_packet_len) { - + if((packet->payload_packet_len >= 22) + && ((ntohs(get_u_int16_t(packet->payload, 0)) + 2) == packet->payload_packet_len)) { /* TODO there could be several STUN packets in a single TCP packet so maybe the detection could be * improved by checking only the STUN packet of given length */ @@ -283,10 +285,11 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n NDPI_LOG_INFO(ndpi_struct, "found Skype\n"); ndpi_int_stun_add_connection(ndpi_struct, NDPI_PROTOCOL_SKYPE, flow); } else { - NDPI_LOG_INFO(ndpi_struct, "found UDP stun\n"); + NDPI_LOG_INFO(ndpi_struct, "found UDP stun\n"); /* Ummmmm we're in the TCP branch. This code looks bad */ ndpi_int_stun_add_connection(ndpi_struct, is_whatsapp ? NDPI_PROTOCOL_WHATSAPP_VOICE : NDPI_PROTOCOL_STUN, flow); } + return; } } @@ -306,9 +309,8 @@ void ndpi_search_stun(struct ndpi_detection_module_struct *ndpi_struct, struct n return; } - if(flow->num_stun_udp_pkts >= MAX_NUM_STUN_PKTS) { - NDPI_EXCLUDE_PROTO(ndpi_struct, flow); - } + if(flow->num_stun_udp_pkts >= MAX_NUM_STUN_PKTS) + NDPI_EXCLUDE_PROTO(ndpi_struct, flow); if(flow->packet_counter > 0) { /* This might be a RTP stream: let's make sure we check it */ -- cgit v1.2.3 From da588f6a30e4c4ce6497fca3939284123017780f Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Fri, 26 Jan 2018 23:40:23 +0100 Subject: Improved hyperscan support --- src/lib/ndpi_content_match.c.inc | 8 ++++---- src/lib/ndpi_main.c | 17 +++++++++++++---- 2 files changed, 17 insertions(+), 8 deletions(-) (limited to 'src') diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 435a5dde4..aa5a990ea 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8162,11 +8162,11 @@ ndpi_protocol_match host_match[] = { { ".sina.com.cn", NULL, NULL, "Sina", NDPI_PROTOCOL_SINA, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, /* https://support.cipafilter.com/index.php?/Knowledgebase/Article/View/117/0/snapchat---how-to-block */ - { "feelinsonice.appspot.com", NULL, NULL, "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { "feelinsonice.appspot.com", NULL, "\\.appspot\\.com$", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, { "feelinsonice-hrd.appspot.com", NULL, NULL, "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { "feelinsonice.com", NULL, NULL, "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".snapchat.", NULL, NULL, "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, - { ".snapads.", NULL, NULL, "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { "feelinsonice.com", NULL, "\\.feelsonice\\.com$", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".snapchat.", NULL, "\\.snapchat\\.com$", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, + { ".snapads.", NULL, "\\.snapads\\.com$", "Snapchat", NDPI_PROTOCOL_SNAPCHAT, NDPI_PROTOCOL_CATEGORY_CHAT, NDPI_PROTOCOL_FUN }, /* Detected "instagram.c10r.facebook.com". Omitted "*amazonaws.com" and "*facebook.com" CDNs e.g. "ig-telegraph-shv-04-frc3.facebook.com" */ { ".cdninstagram.com", NULL, NULL, "Instagram", NDPI_PROTOCOL_INSTAGRAM, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index cfcef8c0b..8d65a50cf 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -750,20 +750,23 @@ static int init_hyperscan(struct ndpi_detection_module_struct *ndpi_mod) { const char **expressions; unsigned int *ids; hs_compile_error_t *compile_err; - struct hs *hs = (struct hs*)ndpi_mod->hyperscan; + struct hs *hs; ndpi_mod->hyperscan = (void*)malloc(sizeof(struct hs)); if(!ndpi_mod->hyperscan) return(-1); + hs = (struct hs*)ndpi_mod->hyperscan; for(i=0; host_match[i].string_to_match != NULL; i++) { - if(host_match[i].pattern_to_match) + if(host_match[i].pattern_to_match) { + /* printf("[DEBUG] %s\n", host_match[i].pattern_to_match); */ num_patterns++; + } } - expressions = (const char**)malloc(sizeof(char*)*num_patterns); + expressions = (const char**)calloc(sizeof(char*), num_patterns+1); if(!expressions) return(-1); - ids = (unsigned int*)malloc(sizeof(unsigned int)*num_patterns); + ids = (unsigned int*)calloc(sizeof(unsigned int), num_patterns+1); if(!ids) { free(expressions); return(-1); @@ -794,6 +797,8 @@ static int init_hyperscan(struct ndpi_detection_module_struct *ndpi_mod) { return 0; } +/* ******************************************************************** */ + static void destroy_hyperscan(struct ndpi_detection_module_struct *ndpi_mod) { if(ndpi_mod->hyperscan) { struct hs *hs = (struct hs*)ndpi_mod->hyperscan; @@ -805,6 +810,8 @@ static void destroy_hyperscan(struct ndpi_detection_module_struct *ndpi_mod) { #endif +/* ******************************************************************** */ + static void init_string_based_protocols(struct ndpi_detection_module_struct *ndpi_mod) { int i; @@ -5056,6 +5063,8 @@ static int ndpi_automa_match_string_subprotocol(struct ndpi_detection_module_str #else +/* ******************************************************************** */ + static int hyperscanEventHandler(unsigned int id, unsigned long long from, unsigned long long to, unsigned int flags, void *ctx) { *((int *)ctx) = (int)id; -- cgit v1.2.3 From f8c6e9d7143173abb7e191b90f70325e11616a54 Mon Sep 17 00:00:00 2001 From: Simone Mainardi Date: Wed, 31 Jan 2018 17:15:55 +0100 Subject: Fixes possible out-of-bounds due to malformed DHCP packets --- src/lib/protocols/dhcp.c | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) (limited to 'src') diff --git a/src/lib/protocols/dhcp.c b/src/lib/protocols/dhcp.c index 673b85b85..02ce00f25 100644 --- a/src/lib/protocols/dhcp.c +++ b/src/lib/protocols/dhcp.c @@ -72,19 +72,24 @@ void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct, stru if(packet->udp) { dhcp_packet_t *dhcp = (dhcp_packet_t*)packet->payload; - if((packet->payload_packet_len >= 244) + if((packet->payload_packet_len >= 244 /* 244 is the offset of options[0] in dhcp_packet_t */) && (packet->udp->source == htons(67) || packet->udp->source == htons(68)) && (packet->udp->dest == htons(67) || packet->udp->dest == htons(68)) && (dhcp->magic == htonl(DHCP_OPTION_MAGIC_NUMBER))) { - int i = 0, foundValidMsgType = 0; + u_int i = 0, foundValidMsgType = 0; - while(i < DHCP_VEND_LEN) { + u_int dhcp_options_size = ndpi_min(DHCP_VEND_LEN /* maximum size of options in dhcp_packet_t */, + packet->payload_packet_len - 244); + + while(i + 1 /* for the len */ < dhcp_options_size) { u_int8_t id = dhcp->options[i]; if(id == 0xFF) break; else { - u_int8_t len = dhcp->options[i+1]; + /* Prevent malformed packets to cause out-of-bounds accesses */ + u_int8_t len = ndpi_min(dhcp->options[i+1] /* len as found in the packet */, + dhcp_options_size - (i+2) /* 1 for the type and 1 for the value */); if(len == 0) break; @@ -99,12 +104,14 @@ void ndpi_search_dhcp_udp(struct ndpi_detection_module_struct *ndpi_struct, stru } else if(id == 55 /* Parameter Request List / Fingerprint */) { u_int idx, offset = 0; - for(idx=0; idxprotos.dhcp.fingerprint) - 2; idx++) { snprintf((char*)&flow->protos.dhcp.fingerprint[offset], - sizeof(flow->protos.dhcp.fingerprint)-offset-1, - "%02X", dhcp->options[i+2+idx] & 0xFF); + sizeof(flow->protos.dhcp.fingerprint) - offset, + "%02X", dhcp->options[i+2+idx] & 0xFF); offset += 2; } + flow->protos.dhcp.fingerprint[sizeof(flow->protos.dhcp.fingerprint) - 1] = '\0'; + } else if(id == 60 /* Class Identifier */) { char *name = (char*)&dhcp->options[i+2]; int j = 0; -- cgit v1.2.3 From 3b5d8177f70da5eeaec308512860f2fd09f67bc3 Mon Sep 17 00:00:00 2001 From: Campus Date: Sat, 3 Feb 2018 17:06:28 +0100 Subject: fix wrong conversion dec to hex --- src/lib/ndpi_content_match.c.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index aa5a990ea..6ff6220f6 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -216,7 +216,7 @@ static ndpi_network host_protocol_list[] = { { 0x344D0000 /* 52.77.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, { 0x344E0000 /* 52.78.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, { 0x344F0000 /* 52.79.0.0/16 */, 16, NDPI_PROTOCOL_AMAZON }, - { 0x3452BB00 /* 52.82.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, + { 0x34520000 /* 52.82.0.0/14 */, 14, NDPI_PROTOCOL_AMAZON }, { 0x34580000 /* 52.88.0.0/13 */, 13, NDPI_PROTOCOL_AMAZON }, { 0x345A0000 /* 52.90.0.0/15 */, 15, NDPI_PROTOCOL_AMAZON }, { 0x345F0000 /* 52.95.0.0/21 */, 21, NDPI_PROTOCOL_AMAZON }, -- cgit v1.2.3 From c3f5307a3d343edef27fb294de24121f09ae167a Mon Sep 17 00:00:00 2001 From: Vitaly Lavrov Date: Tue, 6 Feb 2018 13:59:42 +0300 Subject: Update libcache Using ndpi_calloc(), ndpi_free() in libcache. Fixing warnings about mixing declaration and code. --- src/lib/third_party/include/libcache.h | 6 +++ src/lib/third_party/src/libcache.c | 73 +++++++++++++++++++--------------- 2 files changed, 46 insertions(+), 33 deletions(-) (limited to 'src') diff --git a/src/lib/third_party/include/libcache.h b/src/lib/third_party/include/libcache.h index 53632616e..7f84b89ad 100644 --- a/src/lib/third_party/include/libcache.h +++ b/src/lib/third_party/include/libcache.h @@ -29,6 +29,10 @@ SOFTWARE. #include +typedef struct cache_entry *cache_entry; + +typedef struct cache_entry_map *cache_entry_map; + /** * @brief Codes representing the result of some functions * @@ -99,5 +103,7 @@ cache_result cache_remove(cache_t cache, void *item, uint32_t item_size); */ void cache_free(cache_t cache); +cache_entry cache_entry_new(void); +cache_entry_map cache_entry_map_new(void); #endif diff --git a/src/lib/third_party/src/libcache.c b/src/lib/third_party/src/libcache.c index af53c9813..4479ff54d 100644 --- a/src/lib/third_party/src/libcache.c +++ b/src/lib/third_party/src/libcache.c @@ -30,6 +30,7 @@ SOFTWARE. #include #include "libcache.h" +#include "ndpi_api.h" // https://en.wikipedia.org/wiki/Jenkins_hash_function @@ -49,10 +50,6 @@ uint32_t jenkins_one_at_a_time_hash(const uint8_t* key, size_t length) { } -typedef struct cache_entry *cache_entry; - -typedef struct cache_entry_map *cache_entry_map; - struct cache { uint32_t size; uint32_t max_size; @@ -91,19 +88,20 @@ void cache_touch_entry(cache_t cache, cache_entry entry) { } -cache_entry cache_entry_new() { - return (cache_entry) calloc(sizeof(struct cache_entry), 1); +cache_entry cache_entry_new(void) { + return (cache_entry) ndpi_calloc(sizeof(struct cache_entry), 1); } -cache_entry_map cache_entry_map_new() { - return (cache_entry_map) calloc(sizeof(struct cache_entry_map), 1); +cache_entry_map cache_entry_map_new(void) { + return (cache_entry_map) ndpi_calloc(sizeof(struct cache_entry_map), 1); } cache_t cache_new(uint32_t cache_max_size) { + cache_t cache; if(!cache_max_size) { return NULL; } - cache_t cache = (cache_t) calloc(sizeof(struct cache), 1); + cache = (cache_t) ndpi_calloc(sizeof(struct cache), 1); if(!cache) { return NULL; } @@ -111,10 +109,10 @@ cache_t cache_new(uint32_t cache_max_size) { cache->size = 0; cache->max_size = cache_max_size; - cache->map = (cache_entry_map *) calloc(sizeof(cache_entry_map ), cache->max_size); + cache->map = (cache_entry_map *) ndpi_calloc(sizeof(cache_entry_map ), cache->max_size); if(!cache->map) { - free(cache); + ndpi_free(cache); return NULL; } @@ -122,11 +120,15 @@ cache_t cache_new(uint32_t cache_max_size) { } cache_result cache_add(cache_t cache, void *item, uint32_t item_size) { + uint32_t hash; + cache_entry entry; + cache_entry_map map_entry; + if(!cache || !item || !item_size) { return CACHE_INVALID_INPUT; } - uint32_t hash = HASH_FUNCTION(item, item_size) % cache->max_size; + hash = HASH_FUNCTION(item, item_size) % cache->max_size; if((cache->map)[hash]) { cache_entry_map hash_entry_map = cache->map[hash]; @@ -146,20 +148,19 @@ cache_result cache_add(cache_t cache, void *item, uint32_t item_size) { } } - - cache_entry entry = cache_entry_new(); + entry = cache_entry_new(); if(!entry) { return CACHE_MALLOC_ERROR; } - cache_entry_map map_entry = cache_entry_map_new(); + map_entry = cache_entry_map_new(); if(!map_entry) { - free(entry); + ndpi_free(entry); return CACHE_MALLOC_ERROR; } - entry->item = malloc(item_size); + entry->item = ndpi_malloc(item_size); memcpy(entry->item, item, item_size); entry->item_size = item_size; @@ -203,9 +204,9 @@ cache_result cache_add(cache_t cache, void *item, uint32_t item_size) { tail->prev->next = NULL; cache->tail = tail->prev; - free(tail->item); - free(tail); - free(hash_entry_map); + ndpi_free(tail->item); + ndpi_free(tail); + ndpi_free(hash_entry_map); } } @@ -213,11 +214,13 @@ cache_result cache_add(cache_t cache, void *item, uint32_t item_size) { } cache_result cache_contains(cache_t cache, void *item, uint32_t item_size) { + uint32_t hash; + if(!cache || !item || !item_size) { return CACHE_INVALID_INPUT; } - uint32_t hash = HASH_FUNCTION(item, item_size) % cache->max_size; + hash = HASH_FUNCTION(item, item_size) % cache->max_size; if(cache->map[hash]) { cache_entry_map hash_entry_map = cache->map[hash]; @@ -237,11 +240,13 @@ cache_result cache_contains(cache_t cache, void *item, uint32_t item_size) { } cache_result cache_remove(cache_t cache, void *item, uint32_t item_size) { + uint32_t hash; + if(!cache || !item || !item_size) { return CACHE_INVALID_INPUT; } - uint32_t hash = HASH_FUNCTION(item, item_size) % cache->max_size; + hash = HASH_FUNCTION(item, item_size) % cache->max_size; if(cache->map[hash]) { cache_entry_map hash_entry_map_prev = NULL; @@ -256,14 +261,16 @@ cache_result cache_remove(cache_t cache, void *item, uint32_t item_size) { hash_entry_map = hash_entry_map->next; } - if(hash_entry_map) { + if(hash_entry_map) { + cache_entry entry; + if(hash_entry_map_prev) { hash_entry_map_prev->next = hash_entry_map->next; } else { cache->map[hash] = hash_entry_map->next; } - cache_entry entry = hash_entry_map->entry; + entry = hash_entry_map->entry; if(entry->prev) { entry->prev->next = entry->next; @@ -276,9 +283,9 @@ cache_result cache_remove(cache_t cache, void *item, uint32_t item_size) { cache->tail = entry->prev; } - free(entry->item); - free(entry); - free(hash_entry_map); + ndpi_free(entry->item); + ndpi_free(entry); + ndpi_free(hash_entry_map); (cache->size)--; return CACHE_NO_ERROR; @@ -289,25 +296,25 @@ cache_result cache_remove(cache_t cache, void *item, uint32_t item_size) { } void cache_free(cache_t cache) { + int i; if(!cache) { return; } - int i; for(i = 0; i < cache->max_size; i++) { cache_entry_map prev = NULL; cache_entry_map curr = cache->map[i]; while(curr) { prev = curr; curr = curr->next; - free(prev->entry->item); - free(prev->entry); - free(prev); + ndpi_free(prev->entry->item); + ndpi_free(prev->entry); + ndpi_free(prev); } } - free(cache->map); - free(cache); + ndpi_free(cache->map); + ndpi_free(cache); return; } -- cgit v1.2.3 From 0624afd422b7fbdd2b481a299ac9bf62fa9ec706 Mon Sep 17 00:00:00 2001 From: Vitaly Lavrov Date: Wed, 7 Feb 2018 16:05:51 +0300 Subject: Added option --enable-debug-messages. The configurator option "--enable-debug-messages" is added to enable debug information output (define NDPI_ENABLE_DEBUG_MESSAGES=1). Mandatory inclusion of the file ndpi_config.h in all the compiled files. --- configure.seed | 4 ++++ src/include/ndpi_main.h | 1 + src/lib/protocols/checkmk.c | 8 ++++++-- src/lib/protocols/non_tcp_udp.c | 4 +++- src/lib/protocols/openft.c | 2 +- 5 files changed, 15 insertions(+), 4 deletions(-) mode change 100755 => 100644 src/lib/protocols/checkmk.c (limited to 'src') diff --git a/configure.seed b/configure.seed index b6c53cf43..a8ef98f71 100644 --- a/configure.seed +++ b/configure.seed @@ -109,6 +109,10 @@ AS_IF([test "x$enable_json_c" != "xno"], [ ]) ]) +AC_ARG_ENABLE([debug-messages], + AS_HELP_STRING([--enable-debug-messages], [Define NDPI_ENABLE_DEBUG_MESSAGES=1]), [ + AC_DEFINE(NDPI_ENABLE_DEBUG_MESSAGES, 1, [Enable ndpi_debug_messages]) ]) + AC_CHECK_LIB(pthread, pthread_setaffinity_np, AC_DEFINE_UNQUOTED(HAVE_PTHREAD_SETAFFINITY_NP, 1, [libc has pthread_setaffinity_np])) AC_CONFIG_FILES([Makefile src/lib/Makefile example/Makefile tests/Makefile libndpi.pc src/include/ndpi_define.h]) diff --git a/src/include/ndpi_main.h b/src/include/ndpi_main.h index 79eeab8f1..2440060df 100644 --- a/src/include/ndpi_main.h +++ b/src/include/ndpi_main.h @@ -24,6 +24,7 @@ #ifndef __NDPI_MAIN_H__ #define __NDPI_MAIN_H__ +#include "ndpi_config.h" #include "ndpi_includes.h" #include "ndpi_define.h" #include "ndpi_protocol_ids.h" diff --git a/src/lib/protocols/checkmk.c b/src/lib/protocols/checkmk.c old mode 100755 new mode 100644 index 50a92c8d5..81ac543b6 --- a/src/lib/protocols/checkmk.c +++ b/src/lib/protocols/checkmk.c @@ -21,11 +21,15 @@ * * */ - -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #ifdef NDPI_PROTOCOL_CHECKMK +#define NDPI_CURRENT_PROTO NDPI_PROTOCOL_CHECKMK + +#include "ndpi_api.h" + + static void ndpi_int_checkmk_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) { diff --git a/src/lib/protocols/non_tcp_udp.c b/src/lib/protocols/non_tcp_udp.c index fa3163e74..a2e0d81f5 100644 --- a/src/lib/protocols/non_tcp_udp.c +++ b/src/lib/protocols/non_tcp_udp.c @@ -23,10 +23,12 @@ */ -#include "ndpi_protocols.h" +#include "ndpi_protocol_ids.h" #if defined(NDPI_PROTOCOL_IP_IPSEC) || defined(NDPI_PROTOCOL_IP_GRE) || defined(NDPI_PROTOCOL_IP_ICMP) || defined(NDPI_PROTOCOL_IP_IGMP) || defined(NDPI_PROTOCOL_IP_EGP) || defined(NDPI_PROTOCOL_IP_SCTP) || defined(NDPI_PROTOCOL_IP_OSPF) || defined(NDPI_PROTOCOL_IP_IP_IN_IP) +#include "ndpi_api.h" + #define set_protocol_and_bmask(nprot) \ { \ if (NDPI_COMPARE_PROTOCOL_TO_BITMASK(ndpi_struct->detection_bitmask,nprot) != 0) \ diff --git a/src/lib/protocols/openft.c b/src/lib/protocols/openft.c index 4a86a067f..d0b50c8a2 100644 --- a/src/lib/protocols/openft.c +++ b/src/lib/protocols/openft.c @@ -28,7 +28,7 @@ #define NDPI_CURRENT_PROTO NDPI_PROTOCOL_OPENFT -#include "ndpi_protocols.h" +#include "ndpi_api.h" static void ndpi_int_openft_add_connection(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) -- cgit v1.2.3 From 344392868bdea23f07c5800ef7c4ac9f7b05706c Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Fri, 9 Feb 2018 18:24:35 +0100 Subject: Added 179 to the default BGP port list --- src/lib/ndpi_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 8d65a50cf..86d0723e5 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -954,7 +954,7 @@ static void ndpi_init_protocol_defaults(struct ndpi_detection_module_struct *ndp ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_BGP, no_master, no_master, "BGP", NDPI_PROTOCOL_CATEGORY_NETWORK, - ndpi_build_default_ports(ports_a, 2605, 0, 0, 0, 0) /* TCP */, + ndpi_build_default_ports(ports_a, 179, 2605, 0, 0, 0) /* TCP */, ndpi_build_default_ports(ports_b, 0, 0, 0, 0, 0) /* UDP */); ndpi_set_proto_defaults(ndpi_mod, NDPI_PROTOCOL_ACCEPTABLE, NDPI_PROTOCOL_SNMP, no_master, -- cgit v1.2.3 From 12368ba2d5d769cb98b3a3ca43cf9a43eab2c338 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sun, 11 Feb 2018 19:36:13 +0100 Subject: Implemented supporto for GoogleDocs and AmazonVideo Fixed various bugs in detecting Google Drive Improved Spotify support --- src/include/ndpi_protocol_ids.h | 4 +++- src/lib/ndpi_content_match.c.inc | 20 +++++++++++++------- 2 files changed, 16 insertions(+), 8 deletions(-) (limited to 'src') diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index acc510d49..39c798161 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -277,9 +277,11 @@ #define NDPI_PROTOCOL_DIAMETER 237 #define NDPI_PROTOCOL_APPLE_PUSH 238 #define NDPI_PROTOCOL_GOOGLE_SERVICES 239 +#define NDPI_PROTOCOL_AMAZON_VIDEO 240 +#define NDPI_PROTOCOL_GOOGLE_DOCS 231 /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ -#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_GOOGLE_SERVICES +#define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_GOOGLE_DOCS #define NDPI_MAX_SUPPORTED_PROTOCOLS (NDPI_LAST_IMPLEMENTED_PROTOCOL + 1) #define NDPI_MAX_NUM_CUSTOM_PROTOCOLS (NDPI_NUM_BITS-NDPI_LAST_IMPLEMENTED_PROTOCOL) diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 6ff6220f6..3f04451df 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -802,6 +802,7 @@ static ndpi_network host_protocol_list[] = { { 0x5B6C1400 /* 91.108.20.0/22 */, 22, NDPI_PROTOCOL_TELEGRAM }, { 0x5B6C3800 /* 91.108.56.0/22 */, 22, NDPI_PROTOCOL_TELEGRAM }, { 0x959AA000 /* 149.154.160.0/20 */, 20, NDPI_PROTOCOL_TELEGRAM }, + { 0xA93F4940 /* 169.63.73.64/26 */, 26, NDPI_PROTOCOL_TELEGRAM }, /* BitTorrent @@ -7973,6 +7974,9 @@ static ndpi_network host_protocol_list[] = { */ ndpi_protocol_match host_match[] = { + { "s3.ll.dash.row.aiv-cdn.net", NULL, "s3\\.ll\\.dash\\.row\\.aiv-cdn\\.net", "AmazonVideo", NDPI_PROTOCOL_AMAZON_VIDEO, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { "d25xi40x97liuc.cloudfront.net", NULL, "d25xi40x97liuc\\.cloudfront\\.net", "AmazonVideo", NDPI_PROTOCOL_AMAZON_VIDEO, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, + { ".aiv-delivery.net", NULL, "\\.aiv-delivery\\.net", "AmazonVideo", NDPI_PROTOCOL_AMAZON_VIDEO, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, { "amazon.", NULL, NULL, "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { "amazon.com", NULL, "amazon\\.com$", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { "images-amazon.com", NULL, "images-amazon\\.com$", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, @@ -8021,10 +8025,10 @@ ndpi_protocol_match host_match[] = { { ".speedtest.net", NULL, NULL, "Ookla", NDPI_PROTOCOL_OOKLA, NDPI_PROTOCOL_CATEGORY_NETWORK, NDPI_PROTOCOL_SAFE }, - { "drive-thirdparty.", NULL, NULL, "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "docs.", NULL, NULL, "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { ".docs.", NULL, NULL, "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, - { "drive.", NULL, NULL, "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, + { "docs.googleusercontent.com", NULL, NULL, "GoogleDocs", NDPI_PROTOCOL_GOOGLE_DOCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE }, + + { "drive-thirdparty.googleusercontent.com", NULL, NULL, "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_COLLABORATIVE, NDPI_PROTOCOL_ACCEPTABLE }, + { "drive.google.com", NULL, NULL, "GoogleDrive", NDPI_PROTOCOL_GOOGLE_DRIVE, NDPI_PROTOCOL_CATEGORY_CLOUD, NDPI_PROTOCOL_ACCEPTABLE }, { "android.clients.google.com", NULL, NULL, "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, { "ggpht.com", NULL, NULL, "PlayStore", NDPI_PROTOCOL_PLAYSTORE, NDPI_PROTOCOL_CATEGORY_SW_UPDATE, NDPI_PROTOCOL_SAFE }, @@ -8071,8 +8075,11 @@ ndpi_protocol_match host_match[] = { /* http://check.googlezip.net/connect [check browser connectivity] */ { ".googlezip.net", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { "googleusercontent.", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - + { "docs.googleusercontent.com", NULL, NULL, "GoogleDocs", NDPI_PROTOCOL_GOOGLE_DOCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE }, + { "docs.google.com", NULL, NULL, "GoogleDocs", NDPI_PROTOCOL_GOOGLE_DOCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE }, + + + { "googleusercontent.com", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "1e100.net", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "maps.google.", NULL, NULL, "GoogleMaps", NDPI_PROTOCOL_GOOGLE_MAPS, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, @@ -8132,7 +8139,6 @@ ndpi_protocol_match host_match[] = { { ".ytimg.com", NULL, NULL, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "youtube-nocookie.", NULL, NULL, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { "ggpht.com", NULL, NULL, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, - { "googleusercontent.com", NULL, NULL, "YouTube", NDPI_PROTOCOL_YOUTUBE, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, { ".vevo.com", NULL, NULL, "Vevo", NDPI_PROTOCOL_VEVO, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_FUN }, -- cgit v1.2.3 From 52a2c0589e70af753a09962eb4169a2cdaffad8e Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Sun, 11 Feb 2018 21:11:36 +0100 Subject: Updadate last protocol id Updated tests with new protocols --- src/include/ndpi_protocol_ids.h | 2 +- src/lib/ndpi_content_match.c.inc | 10 +++++----- tests/result/http_ipv6.pcap.out | 8 ++++---- tests/result/mpeg.pcap.out | 2 +- tests/result/wechat.pcap.out | 12 ++++++------ 5 files changed, 17 insertions(+), 17 deletions(-) (limited to 'src') diff --git a/src/include/ndpi_protocol_ids.h b/src/include/ndpi_protocol_ids.h index 39c798161..c8871509b 100644 --- a/src/include/ndpi_protocol_ids.h +++ b/src/include/ndpi_protocol_ids.h @@ -278,7 +278,7 @@ #define NDPI_PROTOCOL_APPLE_PUSH 238 #define NDPI_PROTOCOL_GOOGLE_SERVICES 239 #define NDPI_PROTOCOL_AMAZON_VIDEO 240 -#define NDPI_PROTOCOL_GOOGLE_DOCS 231 +#define NDPI_PROTOCOL_GOOGLE_DOCS 241 /* UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE */ #define NDPI_LAST_IMPLEMENTED_PROTOCOL NDPI_PROTOCOL_GOOGLE_DOCS diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index 3f04451df..ba44bcd0f 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -8068,17 +8068,13 @@ ndpi_protocol_match host_match[] = { { "plus.google.com", NULL, NULL, "GooglePlus", NDPI_PROTOCOL_GOOGLE_PLUS, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, { "plus.url.google.com", NULL, NULL, "GooglePlus", NDPI_PROTOCOL_GOOGLE_PLUS, NDPI_PROTOCOL_CATEGORY_SOCIAL_NETWORK, NDPI_PROTOCOL_FUN }, - { "google.", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".google.", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, - { ".gstatic.com", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, /* http://check.googlezip.net/connect [check browser connectivity] */ { ".googlezip.net", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { "docs.googleusercontent.com", NULL, NULL, "GoogleDocs", NDPI_PROTOCOL_GOOGLE_DOCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE }, { "docs.google.com", NULL, NULL, "GoogleDocs", NDPI_PROTOCOL_GOOGLE_DOCS, NDPI_PROTOCOL_CATEGORY_MEDIA, NDPI_PROTOCOL_ACCEPTABLE }, - - + { "googleusercontent.com", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "1e100.net", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, @@ -8088,6 +8084,10 @@ ndpi_protocol_match host_match[] = { { ".gmail.", NULL, NULL, "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_MAIL, NDPI_PROTOCOL_ACCEPTABLE }, { "mail.google.", NULL, NULL, "GMail", NDPI_PROTOCOL_GMAIL, NDPI_PROTOCOL_CATEGORY_MAIL, NDPI_PROTOCOL_ACCEPTABLE }, + { "google.", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".google.", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { ".gstatic.com", NULL, NULL, "Google", NDPI_PROTOCOL_GOOGLE, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, + { "mail.outlook.com", NULL, NULL, "Hotmail", NDPI_PROTOCOL_HOTMAIL, NDPI_PROTOCOL_CATEGORY_MAIL, NDPI_PROTOCOL_ACCEPTABLE }, { ".last.fm", NULL, NULL, "LastFM", NDPI_PROTOCOL_LASTFM, NDPI_PROTOCOL_CATEGORY_STREAMING, NDPI_PROTOCOL_FUN }, diff --git a/tests/result/http_ipv6.pcap.out b/tests/result/http_ipv6.pcap.out index 37f5ce787..c80f76023 100644 --- a/tests/result/http_ipv6.pcap.out +++ b/tests/result/http_ipv6.pcap.out @@ -5,10 +5,10 @@ QUIC 3 502 1 ntop 80 36401 4 1 UDP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:45931 <-> [2a00:1450:4001:803::1017]:443 [proto: 188.126/QUIC.Google][33 pkts/7741 bytes <-> 29 pkts/8236 bytes][Host: www.google.it] - 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37506 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.241/SSL.ntop][14 pkts/3969 bytes <-> 12 pkts/11648 bytes][client: www.ntop.org] - 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37486 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.241/SSL.ntop][11 pkts/1292 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] - 4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37494 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.241/SSL.ntop][10 pkts/1206 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] - 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37488 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.241/SSL.ntop][10 pkts/1206 bytes <-> 7 pkts/5636 bytes][client: www.ntop.org] + 2 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37506 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.243/SSL.ntop][14 pkts/3969 bytes <-> 12 pkts/11648 bytes][client: www.ntop.org] + 3 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37486 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.243/SSL.ntop][11 pkts/1292 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] + 4 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37494 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.243/SSL.ntop][10 pkts/1206 bytes <-> 8 pkts/5722 bytes][client: www.ntop.org] + 5 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:37488 <-> [2a03:b0c0:3:d0::70:1001]:443 [proto: 91.243/SSL.ntop][10 pkts/1206 bytes <-> 7 pkts/5636 bytes][client: www.ntop.org] 6 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53132 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/SSL.Facebook][7 pkts/960 bytes <-> 5 pkts/4227 bytes][client: s-static.ak.facebook.com][server: *.ak.fbcdn.net] 7 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:53134 <-> [2a02:26f0:ad:197::236]:443 [proto: 91.119/SSL.Facebook][6 pkts/874 bytes <-> 4 pkts/4141 bytes][client: s-static.ak.facebook.com][server: *.ak.fbcdn.net] 8 TCP [2a00:d40:1:3:7aac:c0ff:fea7:d4c]:41776 <-> [2a00:1450:4001:803::1017]:443 [proto: 91/SSL][7 pkts/860 bytes <-> 7 pkts/1353 bytes] diff --git a/tests/result/mpeg.pcap.out b/tests/result/mpeg.pcap.out index 1f5020ab6..c69256aec 100644 --- a/tests/result/mpeg.pcap.out +++ b/tests/result/mpeg.pcap.out @@ -1,3 +1,3 @@ ntop 19 10643 1 - 1 TCP 192.168.80.160:55804 <-> 46.101.157.119:80 [proto: 7.241/HTTP.ntop][9 pkts/754 bytes <-> 10 pkts/9889 bytes][Host: luca.ntop.org] + 1 TCP 192.168.80.160:55804 <-> 46.101.157.119:80 [proto: 7.243/HTTP.ntop][9 pkts/754 bytes <-> 10 pkts/9889 bytes][Host: luca.ntop.org] diff --git a/tests/result/wechat.pcap.out b/tests/result/wechat.pcap.out index 8735cc83b..02d754bc5 100644 --- a/tests/result/wechat.pcap.out +++ b/tests/result/wechat.pcap.out @@ -9,10 +9,10 @@ QQ 26 9402 2 IGMP 24 1280 4 SSL 21 1209 3 ICMPV6 3 218 2 -YouTube 36 9047 2 -Google 92 20878 15 +Google 113 24811 15 LLMNR 12 944 6 WeChat 1251 606425 49 +GoogleDocs 15 5114 2 1 TCP 203.205.151.162:443 <-> 192.168.1.103:54058 [proto: 91.197/SSL.WeChat][88 pkts/15114 bytes <-> 91 pkts/61842 bytes] 2 TCP 192.168.1.103:54101 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][46 pkts/12575 bytes <-> 40 pkts/53424 bytes][client: web.wechat.com][server: web.wechat.com] @@ -35,9 +35,9 @@ WeChat 1251 606425 49 19 TCP 192.168.1.103:54111 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][14 pkts/4626 bytes <-> 12 pkts/5135 bytes][client: web.wechat.com][server: web.wechat.com] 20 TCP 192.168.1.103:58042 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][12 pkts/4516 bytes <-> 10 pkts/5004 bytes][client: web.wechat.com][server: web.wechat.com] 21 TCP 192.168.1.103:43850 <-> 203.205.158.34:443 [proto: 91.48/SSL.QQ][12 pkts/2005 bytes <-> 12 pkts/6787 bytes][client: res.wx.qq.com][server: wx.qq.com] - 22 TCP 192.168.1.103:38657 <-> 172.217.22.14:443 [proto: 91.124/SSL.YouTube][17 pkts/2413 bytes <-> 17 pkts/6268 bytes][client: safebrowsing.googleusercontent.com][server: *.googleusercontent.com] + 22 TCP 192.168.1.103:38657 <-> 172.217.22.14:443 [proto: 91.126/SSL.Google][17 pkts/2413 bytes <-> 17 pkts/6268 bytes][client: safebrowsing.googleusercontent.com][server: *.googleusercontent.com] 23 UDP 192.168.1.103:51507 <-> 172.217.23.67:443 [proto: 188.126/QUIC.Google][7 pkts/3507 bytes <-> 6 pkts/3329 bytes][Host: ssl.gstatic.com] - 24 UDP 192.168.1.103:57591 <-> 216.58.198.46:443 [proto: 188.126/QUIC.Google][6 pkts/2687 bytes <-> 7 pkts/2125 bytes][Host: docs.google.com] + 24 UDP 192.168.1.103:57591 <-> 216.58.198.46:443 [proto: 188.241/QUIC.GoogleDocs][6 pkts/2687 bytes <-> 7 pkts/2125 bytes][Host: docs.google.com] 25 TCP 192.168.1.103:54120 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 8 pkts/3711 bytes][client: web.wechat.com][server: web.wechat.com] 26 TCP 192.168.1.103:58041 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 8 pkts/3711 bytes][client: web.wechat.com][server: web.wechat.com] 27 TCP 192.168.1.103:54118 <-> 203.205.151.162:443 [proto: 91.197/SSL.WeChat][10 pkts/1032 bytes <-> 8 pkts/3703 bytes][client: web.wechat.com][server: web.wechat.com] @@ -78,12 +78,12 @@ WeChat 1251 606425 49 62 UDP 192.168.1.103:60356 <-> 192.168.1.254:53 [proto: 5.197/DNS.WeChat][1 pkts/74 bytes <-> 1 pkts/391 bytes][Host: web.wechat.com] 63 TCP 192.168.1.103:49787 <-> 216.58.205.142:443 [proto: 91.126/SSL.Google][3 pkts/198 bytes <-> 3 pkts/198 bytes] 64 TCP 192.168.1.103:58226 -> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][6 pkts/396 bytes -> 0 pkts/0 bytes] - 65 UDP 192.168.1.103:53734 <-> 192.168.1.254:53 [proto: 5.124/DNS.YouTube][1 pkts/94 bytes <-> 1 pkts/272 bytes][Host: safebrowsing.googleusercontent.com] + 65 UDP 192.168.1.103:53734 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/94 bytes <-> 1 pkts/272 bytes][Host: safebrowsing.googleusercontent.com] 66 TCP 192.168.1.103:58043 <-> 203.205.147.171:443 [proto: 91.197/SSL.WeChat][3 pkts/206 bytes <-> 2 pkts/148 bytes] 67 UDP 0.0.0.0:68 -> 255.255.255.255:67 [proto: 18/DHCP][1 pkts/342 bytes -> 0 pkts/0 bytes][Host: iphonedimonica] 68 UDP 192.168.1.103:46078 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes <-> 1 pkts/234 bytes][Host: ssl.gstatic.com] 69 UDP 192.168.1.103:60562 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes <-> 1 pkts/234 bytes][Host: ssl.gstatic.com] - 70 UDP 192.168.1.103:55862 <-> 192.168.1.254:53 [proto: 5.126/DNS.Google][1 pkts/75 bytes <-> 1 pkts/227 bytes][Host: docs.google.com] + 70 UDP 192.168.1.103:55862 <-> 192.168.1.254:53 [proto: 5.241/DNS.GoogleDocs][1 pkts/75 bytes <-> 1 pkts/227 bytes][Host: docs.google.com] 71 IGMP 192.168.1.103:0 -> 224.0.0.22:0 [proto: 82/IGMP][4 pkts/216 bytes -> 0 pkts/0 bytes] 72 TCP 192.168.1.103:40741 <-> 203.205.151.211:443 [proto: 91/SSL][2 pkts/108 bytes <-> 2 pkts/108 bytes] 73 IGMP 192.168.1.254:0 -> 224.0.0.1:0 [proto: 82/IGMP][4 pkts/200 bytes -> 0 pkts/0 bytes] -- cgit v1.2.3 From 01949c47dacafa0a0fbff6de4d95b66d628cd02d Mon Sep 17 00:00:00 2001 From: Luca Date: Mon, 12 Feb 2018 11:08:37 +0100 Subject: Fixed typo --- src/lib/ndpi_content_match.c.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/lib/ndpi_content_match.c.inc b/src/lib/ndpi_content_match.c.inc index ba44bcd0f..fee3967d8 100644 --- a/src/lib/ndpi_content_match.c.inc +++ b/src/lib/ndpi_content_match.c.inc @@ -7980,7 +7980,7 @@ ndpi_protocol_match host_match[] = { { "amazon.", NULL, NULL, "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { "amazon.com", NULL, "amazon\\.com$", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_SAFE }, { "images-amazon.com", NULL, "images-amazon\\.com$", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, - { "amazonaws.com", NULL, "amazonaws\\.com$", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_UNSAFE }, + { "amazonaws.com", NULL, "amazonaws\\.com$", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { "amazon-adsystem.com", NULL, "amazon-adsystem\\.com$", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, { ".cloudfront.net", NULL, "\\.cloudfront\\.net$", "Amazon", NDPI_PROTOCOL_AMAZON, NDPI_PROTOCOL_CATEGORY_WEB, NDPI_PROTOCOL_ACCEPTABLE }, -- cgit v1.2.3 From df54e8b926dcb4ebb3f4bae49197c2d5988464ee Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 12 Feb 2018 21:44:48 +0100 Subject: Improved numeric to protocol conversion --- src/lib/ndpi_main.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 86d0723e5..9840d8715 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -4718,9 +4718,13 @@ char* ndpi_protocol2name(struct ndpi_detection_module_struct *ndpi_mod, ndpi_protocol proto, char *buf, u_int buf_len) { if((proto.master_protocol != NDPI_PROTOCOL_UNKNOWN) && (proto.master_protocol != proto.app_protocol)) { - snprintf(buf, buf_len, "%s.%s", - ndpi_get_proto_name(ndpi_mod, proto.master_protocol), - ndpi_get_proto_name(ndpi_mod, proto.app_protocol)); + if(proto.app_protocol != NDPI_PROTOCOL_UNKNOWN) + snprintf(buf, buf_len, "%s.%s", + ndpi_get_proto_name(ndpi_mod, proto.master_protocol), + ndpi_get_proto_name(ndpi_mod, proto.app_protocol)); + else + snprintf(buf, buf_len, "%s", + ndpi_get_proto_name(ndpi_mod, proto.master_protocol)); } else snprintf(buf, buf_len, "%s", ndpi_get_proto_name(ndpi_mod, proto.app_protocol)); -- cgit v1.2.3 From 06bb9a9c57cc1c6fa4d6a5f88cdeeb40d73a0866 Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 21 Feb 2018 07:43:59 +0100 Subject: Remove too strict check for RTP --- src/lib/protocols/rtp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/lib/protocols/rtp.c b/src/lib/protocols/rtp.c index a61e732d2..c6fc29ead 100644 --- a/src/lib/protocols/rtp.c +++ b/src/lib/protocols/rtp.c @@ -122,7 +122,7 @@ void ndpi_search_rtp(struct ndpi_detection_module_struct *ndpi_struct, struct nd /* printf("*** %s(pkt=%d)\n", __FUNCTION__, flow->packet_counter); */ if((packet->udp != NULL) - && (ntohs(packet->udp->source) > 1023) + /* && (ntohs(packet->udp->source) > 1023) */ && (ntohs(packet->udp->dest) > 1023)) ndpi_rtp_search(ndpi_struct, flow, packet->payload, packet->payload_packet_len); } -- cgit v1.2.3 From 6a9fc935ebd783d987b51f062d89ba20d0e4297e Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Wed, 21 Feb 2018 08:18:37 +0100 Subject: Added fix for invalid RTP/Skype detection Added change in config.h generated by nDPI to avoid name clashes (the GNU autotools are really outdated) --- autogen.sh | 2 +- src/lib/protocols/rtp.c | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) (limited to 'src') diff --git a/autogen.sh b/autogen.sh index efe97ab8a..13bb2d801 100755 --- a/autogen.sh +++ b/autogen.sh @@ -41,7 +41,7 @@ cat configure.seed | sed \ > configure.ac autoreconf -ivf -cat configure | sed "s/#define PACKAGE_/#define NDPI_PACKAGE_/g" > configure.tmp +cat configure | sed "s/#define PACKAGE/#define NDPI_PACKAGE/g" | sed "s/#define VERSION/#define NDPI_VERSION/g" > configure.tmp cat configure.tmp > configure ./configure $* diff --git a/src/lib/protocols/rtp.c b/src/lib/protocols/rtp.c index c6fc29ead..2f19acf46 100644 --- a/src/lib/protocols/rtp.c +++ b/src/lib/protocols/rtp.c @@ -82,7 +82,6 @@ static void ndpi_rtp_search(struct ndpi_detection_module_struct *ndpi_struct, return; //struct ndpi_packet_struct *packet = &flow->packet; u_int8_t payloadType, payload_type = payload[1] & 0x7F; - u_int32_t *ssid = (u_int32_t*)&payload[8]; /* Check whether this is an RTP flow */ if((payload_len >= 12) @@ -92,7 +91,6 @@ static void ndpi_rtp_search(struct ndpi_detection_module_struct *ndpi_struct, || ((payload_type >= 96) && (payload_type <= 127)) /* http://www.iana.org/assignments/rtp-parameters/rtp-parameters.xhtml */ ) - && (*ssid != 0) ) { NDPI_LOG_INFO(ndpi_struct, "Found RTP\n"); ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_RTP, NDPI_PROTOCOL_UNKNOWN); -- cgit v1.2.3